1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: computebackendservices.compute.cnrm.cloud.google.com
8spec:
9 group: compute.cnrm.cloud.google.com
10 names:
11 kind: ComputeBackendService
12 listKind: ComputeBackendServiceList
13 plural: computebackendservices
14 singular: computebackendservice
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: ComputeBackendService is the Schema for the compute API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 affinityCookieTtlSec:
42 description: |-
43 Lifetime of cookies in seconds if session_affinity is
44 GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts
45 only until the end of the browser session (or equivalent). The
46 maximum allowed value for TTL is one day.
47
48
49 When the load balancing scheme is INTERNAL, this field is not used.
50 type: integer
51 backend:
52 description: The set of backends that serve this BackendService.
53 items:
54 properties:
55 balancingMode:
56 description: |-
57 Specifies the balancing mode for this backend.
58
59
60 For global HTTP(S) or TCP/SSL load balancing, the default is
61 UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))
62 and CONNECTION (for TCP/SSL).
63
64
65 See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)
66 for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"].
67 type: string
68 capacityScaler:
69 description: |-
70 A multiplier applied to the group's maximum servicing capacity
71 (based on UTILIZATION, RATE or CONNECTION).
72
73
74 Default value is 1, which means the group will serve up to 100%
75 of its configured capacity (depending on balancingMode). A
76 setting of 0 means the group is completely drained, offering
77 0% of its available Capacity. Valid range is [0.0,1.0].
78 type: number
79 description:
80 description: |-
81 An optional description of this resource.
82 Provide this property when you create the resource.
83 type: string
84 failover:
85 description: |-
86 This field designates whether this is a failover backend. More
87 than one failover backend can be configured for a given RegionBackendService.
88 type: boolean
89 group:
90 description: |-
91 Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup
92 resource. In case of instance group this defines the list of
93 instances that serve traffic. Member virtual machine instances from
94 each instance group must live in the same zone as the instance
95 group itself. No two backends in a backend service are allowed to
96 use same Instance Group resource.
97
98
99 For Network Endpoint Groups this defines list of endpoints. All
100 endpoints of Network Endpoint Group must be hosted on instances
101 located in the same zone as the Network Endpoint Group.
102
103
104 Backend services cannot mix Instance Group and Network Endpoint
105 Group backends.
106
107
108 When the 'load_balancing_scheme' is INTERNAL, only instance groups
109 are supported.
110 properties:
111 instanceGroupRef:
112 properties:
113 external:
114 description: The external name of the referenced resource
115 type: string
116 kind:
117 description: Kind of the referent.
118 type: string
119 name:
120 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
121 type: string
122 namespace:
123 description: 'Namespace of the referent. More info:
124 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
125 type: string
126 type: object
127 networkEndpointGroupRef:
128 properties:
129 external:
130 description: The external name of the referenced resource
131 type: string
132 kind:
133 description: Kind of the referent.
134 type: string
135 name:
136 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
137 type: string
138 namespace:
139 description: 'Namespace of the referent. More info:
140 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
141 type: string
142 type: object
143 type: object
144 maxConnections:
145 description: |-
146 The max number of simultaneous connections for the group. Can
147 be used with either CONNECTION or UTILIZATION balancing modes.
148
149
150 For CONNECTION mode, either maxConnections or one
151 of maxConnectionsPerInstance or maxConnectionsPerEndpoint,
152 as appropriate for group type, must be set.
153 type: integer
154 maxConnectionsPerEndpoint:
155 description: |-
156 The max number of simultaneous connections that a single backend
157 network endpoint can handle. This is used to calculate the
158 capacity of the group. Can be used in either CONNECTION or
159 UTILIZATION balancing modes.
160
161
162 For CONNECTION mode, either
163 maxConnections or maxConnectionsPerEndpoint must be set.
164 type: integer
165 maxConnectionsPerInstance:
166 description: |-
167 The max number of simultaneous connections that a single
168 backend instance can handle. This is used to calculate the
169 capacity of the group. Can be used in either CONNECTION or
170 UTILIZATION balancing modes.
171
172
173 For CONNECTION mode, either maxConnections or
174 maxConnectionsPerInstance must be set.
175 type: integer
176 maxRate:
177 description: |-
178 The max requests per second (RPS) of the group.
179
180
181 Can be used with either RATE or UTILIZATION balancing modes,
182 but required if RATE mode. For RATE mode, either maxRate or one
183 of maxRatePerInstance or maxRatePerEndpoint, as appropriate for
184 group type, must be set.
185 type: integer
186 maxRatePerEndpoint:
187 description: |-
188 The max requests per second (RPS) that a single backend network
189 endpoint can handle. This is used to calculate the capacity of
190 the group. Can be used in either balancing mode. For RATE mode,
191 either maxRate or maxRatePerEndpoint must be set.
192 type: number
193 maxRatePerInstance:
194 description: |-
195 The max requests per second (RPS) that a single backend
196 instance can handle. This is used to calculate the capacity of
197 the group. Can be used in either balancing mode. For RATE mode,
198 either maxRate or maxRatePerInstance must be set.
199 type: number
200 maxUtilization:
201 description: |-
202 Used when balancingMode is UTILIZATION. This ratio defines the
203 CPU utilization target for the group. Valid range is [0.0, 1.0].
204 type: number
205 required:
206 - group
207 type: object
208 type: array
209 cdnPolicy:
210 description: Cloud CDN configuration for this BackendService.
211 properties:
212 bypassCacheOnRequestHeaders:
213 description: |-
214 Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.
215 The cache is bypassed for all cdnPolicy.cacheMode settings.
216 items:
217 properties:
218 headerName:
219 description: The header field name to match on when bypassing
220 cache. Values are case-insensitive.
221 type: string
222 required:
223 - headerName
224 type: object
225 type: array
226 cacheKeyPolicy:
227 description: The CacheKeyPolicy for this CdnPolicy.
228 properties:
229 includeHost:
230 description: If true requests to different hosts will be cached
231 separately.
232 type: boolean
233 includeHttpHeaders:
234 description: |-
235 Allows HTTP request headers (by name) to be used in the
236 cache key.
237 items:
238 type: string
239 type: array
240 includeNamedCookies:
241 description: Names of cookies to include in cache keys.
242 items:
243 type: string
244 type: array
245 includeProtocol:
246 description: If true, http and https requests will be cached
247 separately.
248 type: boolean
249 includeQueryString:
250 description: |-
251 If true, include query string parameters in the cache key
252 according to query_string_whitelist and
253 query_string_blacklist. If neither is set, the entire query
254 string will be included.
255
256
257 If false, the query string will be excluded from the cache
258 key entirely.
259 type: boolean
260 queryStringBlacklist:
261 description: |-
262 Names of query string parameters to exclude in cache keys.
263
264
265 All other parameters will be included. Either specify
266 query_string_whitelist or query_string_blacklist, not both.
267 '&' and '=' will be percent encoded and not treated as
268 delimiters.
269 items:
270 type: string
271 type: array
272 queryStringWhitelist:
273 description: |-
274 Names of query string parameters to include in cache keys.
275
276
277 All other parameters will be excluded. Either specify
278 query_string_whitelist or query_string_blacklist, not both.
279 '&' and '=' will be percent encoded and not treated as
280 delimiters.
281 items:
282 type: string
283 type: array
284 type: object
285 cacheMode:
286 description: |-
287 Specifies the cache setting for all responses from this backend.
288 The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"].
289 type: string
290 clientTtl:
291 description: Specifies the maximum allowed TTL for cached content
292 served by this origin.
293 type: integer
294 defaultTtl:
295 description: |-
296 Specifies the default TTL for cached content served by this origin for responses
297 that do not have an existing valid TTL (max-age or s-max-age).
298 type: integer
299 maxTtl:
300 description: Specifies the maximum allowed TTL for cached content
301 served by this origin.
302 type: integer
303 negativeCaching:
304 description: Negative caching allows per-status code TTLs to be
305 set, in order to apply fine-grained caching for common errors
306 or redirects.
307 type: boolean
308 negativeCachingPolicy:
309 description: |-
310 Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.
311 Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.
312 items:
313 properties:
314 code:
315 description: |-
316 The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501
317 can be specified as values, and you cannot specify a status code more than once.
318 type: integer
319 ttl:
320 description: |-
321 The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s
322 (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
323 type: integer
324 type: object
325 type: array
326 serveWhileStale:
327 description: Serve existing content from the cache (if available)
328 when revalidating content with the origin, or when an error
329 is encountered when refreshing the cache.
330 type: integer
331 signedUrlCacheMaxAgeSec:
332 description: |-
333 Maximum number of seconds the response to a signed URL request
334 will be considered fresh, defaults to 1hr (3600s). After this
335 time period, the response will be revalidated before
336 being served.
337
338
339 When serving responses to signed URL requests, Cloud CDN will
340 internally behave as though all responses from this backend had a
341 "Cache-Control: public, max-age=[TTL]" header, regardless of any
342 existing Cache-Control header. The actual headers served in
343 responses will not be altered.
344 type: integer
345 type: object
346 circuitBreakers:
347 description: |-
348 Settings controlling the volume of connections to a backend service. This field
349 is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
350 properties:
351 connectTimeout:
352 description: The timeout for new network connections to hosts.
353 properties:
354 nanos:
355 description: |-
356 Span of time that's a fraction of a second at nanosecond
357 resolution. Durations less than one second are represented
358 with a 0 seconds field and a positive nanos field. Must
359 be from 0 to 999,999,999 inclusive.
360 type: integer
361 seconds:
362 description: |-
363 Span of time at a resolution of a second.
364 Must be from 0 to 315,576,000,000 inclusive.
365 type: integer
366 required:
367 - seconds
368 type: object
369 maxConnections:
370 description: |-
371 The maximum number of connections to the backend cluster.
372 Defaults to 1024.
373 type: integer
374 maxPendingRequests:
375 description: |-
376 The maximum number of pending requests to the backend cluster.
377 Defaults to 1024.
378 type: integer
379 maxRequests:
380 description: |-
381 The maximum number of parallel requests to the backend cluster.
382 Defaults to 1024.
383 type: integer
384 maxRequestsPerConnection:
385 description: |-
386 Maximum requests for a single backend connection. This parameter
387 is respected by both the HTTP/1.1 and HTTP/2 implementations. If
388 not specified, there is no limit. Setting this parameter to 1
389 will effectively disable keep alive.
390 type: integer
391 maxRetries:
392 description: |-
393 The maximum number of parallel retries to the backend cluster.
394 Defaults to 3.
395 type: integer
396 type: object
397 compressionMode:
398 description: 'Compress text responses using Brotli or gzip compression,
399 based on the client''s Accept-Encoding header. Possible values:
400 ["AUTOMATIC", "DISABLED"].'
401 type: string
402 connectionDrainingTimeoutSec:
403 description: |-
404 Time for which instance will be drained (not accept new
405 connections, but still work to finish started).
406 type: integer
407 connectionTrackingPolicy:
408 description: |-
409 Connection Tracking configuration for this BackendService.
410 This is available only for Layer 4 Internal Load Balancing and
411 Network Load Balancing.
412 properties:
413 connectionPersistenceOnUnhealthyBackends:
414 description: |-
415 Specifies connection persistence when backends are unhealthy.
416
417
418 If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on
419 unhealthy backends only for connection-oriented protocols (TCP and SCTP)
420 and only if the Tracking Mode is PER_CONNECTION (default tracking mode)
421 or the Session Affinity is configured for 5-tuple. They do not persist
422 for UDP.
423
424
425 If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing
426 connections on the unhealthy backend are never persisted on the unhealthy
427 backend. They are always diverted to newly selected healthy backends
428 (unless all backends are unhealthy).
429
430
431 If set to 'ALWAYS_PERSIST', existing connections always persist on
432 unhealthy backends regardless of protocol and session affinity. It is
433 generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"].
434 type: string
435 idleTimeoutSec:
436 description: |-
437 Specifies how long to keep a Connection Tracking entry while there is
438 no matching traffic (in seconds).
439
440
441 For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours.
442
443
444 For NLB the minimum(default) is 60 seconds and the maximum is 16 hours.
445 type: integer
446 trackingMode:
447 description: |-
448 Specifies the key used for connection tracking. There are two options:
449 'PER_CONNECTION': The Connection Tracking is performed as per the
450 Connection Key (default Hash Method) for the specific protocol.
451
452
453 'PER_SESSION': The Connection Tracking is performed as per the
454 configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"].
455 type: string
456 type: object
457 consistentHash:
458 description: |-
459 Consistent Hash-based load balancing can be used to provide soft session
460 affinity based on HTTP headers, cookies or other properties. This load balancing
461 policy is applicable only for HTTP connections. The affinity to a particular
462 destination host will be lost when one or more hosts are added/removed from the
463 destination service. This field specifies parameters that control consistent
464 hashing. This field only applies if the load_balancing_scheme is set to
465 INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is
466 set to MAGLEV or RING_HASH.
467 properties:
468 httpCookie:
469 description: |-
470 Hash is based on HTTP Cookie. This field describes a HTTP cookie
471 that will be used as the hash key for the consistent hash load
472 balancer. If the cookie is not present, it will be generated.
473 This field is applicable if the sessionAffinity is set to HTTP_COOKIE.
474 properties:
475 name:
476 description: Name of the cookie.
477 type: string
478 path:
479 description: Path to set for the cookie.
480 type: string
481 ttl:
482 description: Lifetime of the cookie.
483 properties:
484 nanos:
485 description: |-
486 Span of time that's a fraction of a second at nanosecond
487 resolution. Durations less than one second are represented
488 with a 0 seconds field and a positive nanos field. Must
489 be from 0 to 999,999,999 inclusive.
490 type: integer
491 seconds:
492 description: |-
493 Span of time at a resolution of a second.
494 Must be from 0 to 315,576,000,000 inclusive.
495 type: integer
496 required:
497 - seconds
498 type: object
499 type: object
500 httpHeaderName:
501 description: |-
502 The hash based on the value of the specified header field.
503 This field is applicable if the sessionAffinity is set to HEADER_FIELD.
504 type: string
505 minimumRingSize:
506 description: |-
507 The minimum number of virtual nodes to use for the hash ring.
508 Larger ring sizes result in more granular load
509 distributions. If the number of hosts in the load balancing pool
510 is larger than the ring size, each host will be assigned a single
511 virtual node.
512 Defaults to 1024.
513 type: integer
514 type: object
515 customRequestHeaders:
516 description: |-
517 Headers that the HTTP/S load balancer should add to proxied
518 requests.
519 items:
520 type: string
521 type: array
522 customResponseHeaders:
523 description: |-
524 Headers that the HTTP/S load balancer should add to proxied
525 responses.
526 items:
527 type: string
528 type: array
529 description:
530 description: An optional description of this resource.
531 type: string
532 edgeSecurityPolicyRef:
533 description: |-
534 The resource URL for the edge security policy associated with this
535 backend service.
536 properties:
537 external:
538 description: The external name of the referenced resource
539 type: string
540 kind:
541 description: Kind of the referent.
542 type: string
543 name:
544 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
545 type: string
546 namespace:
547 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
548 type: string
549 type: object
550 enableCdn:
551 description: If true, enable Cloud CDN for this BackendService.
552 type: boolean
553 failoverPolicy:
554 description: Policy for failovers.
555 properties:
556 disableConnectionDrainOnFailover:
557 description: |-
558 On failover or failback, this field indicates whether connection drain
559 will be honored. Setting this to true has the following effect: connections
560 to the old active pool are not drained. Connections to the new active pool
561 use the timeout of 10 min (currently fixed). Setting to false has the
562 following effect: both old and new connections will have a drain timeout
563 of 10 min.
564 This can be set to true only if the protocol is TCP.
565 The default is false.
566 type: boolean
567 dropTrafficIfUnhealthy:
568 description: |-
569 This option is used only when no healthy VMs are detected in the primary
570 and backup instance groups. When set to true, traffic is dropped. When
571 set to false, new connections are sent across all VMs in the primary group.
572 The default is false.
573 type: boolean
574 failoverRatio:
575 description: |-
576 The value of the field must be in [0, 1]. If the ratio of the healthy
577 VMs in the primary backend is at or below this number, traffic arriving
578 at the load-balanced IP will be directed to the failover backend.
579 In case where 'failoverRatio' is not set or all the VMs in the backup
580 backend are unhealthy, the traffic will be directed back to the primary
581 backend in the "force" mode, where traffic will be spread to the healthy
582 VMs with the best effort, or to all VMs when no VM is healthy.
583 This field is only used with l4 load balancing.
584 type: number
585 type: object
586 healthChecks:
587 items:
588 properties:
589 healthCheckRef:
590 properties:
591 external:
592 description: The external name of the referenced resource
593 type: string
594 kind:
595 description: Kind of the referent.
596 type: string
597 name:
598 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
599 type: string
600 namespace:
601 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
602 type: string
603 type: object
604 httpHealthCheckRef:
605 properties:
606 external:
607 description: The external name of the referenced resource
608 type: string
609 kind:
610 description: Kind of the referent.
611 type: string
612 name:
613 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
614 type: string
615 namespace:
616 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
617 type: string
618 type: object
619 type: object
620 type: array
621 iap:
622 description: Settings for enabling Cloud Identity Aware Proxy.
623 properties:
624 oauth2ClientId:
625 description: DEPRECATED. Although this field is still available,
626 there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef`
627 instead.
628 type: string
629 oauth2ClientIdRef:
630 description: OAuth2 Client ID for IAP.
631 properties:
632 external:
633 description: The external name of the referenced resource
634 type: string
635 kind:
636 description: Kind of the referent.
637 type: string
638 name:
639 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
640 type: string
641 namespace:
642 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
643 type: string
644 type: object
645 oauth2ClientSecret:
646 description: OAuth2 Client Secret for IAP.
647 properties:
648 value:
649 description: Value of the field. Cannot be used if 'valueFrom'
650 is specified.
651 type: string
652 valueFrom:
653 description: Source for the field's value. Cannot be used
654 if 'value' is specified.
655 properties:
656 secretKeyRef:
657 description: Reference to a value with the given key in
658 the given Secret in the resource's namespace.
659 properties:
660 external:
661 description: The external name of the referenced resource
662 type: string
663 kind:
664 description: Kind of the referent.
665 type: string
666 name:
667 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
668 type: string
669 namespace:
670 description: 'Namespace of the referent. More info:
671 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
672 type: string
673 type: object
674 type: object
675 type: object
676 oauth2ClientSecretSha256:
677 description: OAuth2 Client Secret SHA-256 for IAP.
678 type: string
679 type: object
680 loadBalancingScheme:
681 description: |-
682 Immutable. Indicates whether the backend service will be used with internal or
683 external load balancing. A backend service created for one type of
684 load balancing cannot be used with the other. For more information, refer to
685 [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"].
686 type: string
687 localityLbPolicies:
688 description: |-
689 A list of locality load balancing policies to be used in order of
690 preference. Either the policy or the customPolicy field should be set.
691 Overrides any value set in the localityLbPolicy field.
692
693
694 localityLbPolicies is only supported when the BackendService is referenced
695 by a URL Map that is referenced by a target gRPC proxy that has the
696 validateForProxyless field set to true.
697 items:
698 properties:
699 customPolicy:
700 description: |-
701 The configuration for a custom policy implemented by the user and
702 deployed with the client.
703 properties:
704 data:
705 description: |-
706 An optional, arbitrary JSON object with configuration data, understood
707 by a locally installed custom policy implementation.
708 type: string
709 name:
710 description: |-
711 Identifies the custom policy.
712
713
714 The value should match the type the custom implementation is registered
715 with on the gRPC clients. It should follow protocol buffer
716 message naming conventions and include the full path (e.g.
717 myorg.CustomLbPolicy). The maximum length is 256 characters.
718
719
720 Note that specifying the same custom policy more than once for a
721 backend is not a valid configuration and will be rejected.
722 type: string
723 required:
724 - name
725 type: object
726 policy:
727 description: The configuration for a built-in load balancing
728 policy.
729 properties:
730 name:
731 description: |-
732 The name of a locality load balancer policy to be used. The value
733 should be one of the predefined ones as supported by localityLbPolicy,
734 although at the moment only ROUND_ROBIN is supported.
735
736
737 This field should only be populated when the customPolicy field is not
738 used.
739
740
741 Note that specifying the same policy more than once for a backend is
742 not a valid configuration and will be rejected.
743
744
745 The possible values are:
746
747
748 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
749 is selected in round robin order.
750
751
752 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
753 hosts and picks the host which has fewer active requests.
754
755
756 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
757 hashing to backends. The algorithm has the property that the
758 addition/removal of a host from a set of N hosts only affects
759 1/N of the requests.
760
761
762 * 'RANDOM': The load balancer selects a random healthy host.
763
764
765 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
766 connection metadata, i.e., connections are opened
767 to the same address as the destination address of
768 the incoming connection before the connection
769 was redirected to the load balancer.
770
771
772 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
773 Maglev is not as stable as ring hash but has faster table lookup
774 build times and host selection times. For more information about
775 Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"].
776 type: string
777 required:
778 - name
779 type: object
780 type: object
781 type: array
782 localityLbPolicy:
783 description: |-
784 The load balancing algorithm used within the scope of the locality.
785 The possible values are:
786
787
788 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
789 is selected in round robin order.
790
791
792 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
793 hosts and picks the host which has fewer active requests.
794
795
796 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
797 hashing to backends. The algorithm has the property that the
798 addition/removal of a host from a set of N hosts only affects
799 1/N of the requests.
800
801
802 * 'RANDOM': The load balancer selects a random healthy host.
803
804
805 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
806 connection metadata, i.e., connections are opened
807 to the same address as the destination address of
808 the incoming connection before the connection
809 was redirected to the load balancer.
810
811
812 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
813 Maglev is not as stable as ring hash but has faster table lookup
814 build times and host selection times. For more information about
815 Maglev, refer to https://ai.google/research/pubs/pub44824
816
817
818 * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check
819 reported weights. If set, the Backend Service must
820 configure a non legacy HTTP-based Health Check, and
821 health check replies are expected to contain
822 non-standard HTTP response header field
823 X-Load-Balancing-Endpoint-Weight to specify the
824 per-instance weights. If set, Load Balancing is weight
825 based on the per-instance weights reported in the last
826 processed health check replies, as long as every
827 instance either reported a valid weight or had
828 UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains
829 equal-weight.
830
831
832 This field is applicable to either:
833
834
835 * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,
836 and loadBalancingScheme set to INTERNAL_MANAGED.
837 * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
838 * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
839 Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
840 Network Load Balancing. The default is MAGLEV.
841
842
843 If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,
844 or RING_HASH, session affinity settings will not take effect.
845
846
847 Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
848 by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
849 field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"].
850 type: string
851 location:
852 description: 'Location represents the geographical location of the
853 ComputeBackendService. Specify a region name or "global" for global
854 resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
855 type: string
856 logConfig:
857 description: |-
858 This field denotes the logging options for the load balancer traffic served by this backend service.
859 If logging is enabled, logs will be exported to Stackdriver.
860 properties:
861 enable:
862 description: Whether to enable logging for the load balancer traffic
863 served by this backend service.
864 type: boolean
865 sampleRate:
866 description: |-
867 This field can only be specified if logging is enabled for this backend service. The value of
868 the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer
869 where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.
870 The default value is 1.0.
871 type: number
872 type: object
873 networkRef:
874 description: |-
875 The network to which this backend service belongs. This field can
876 only be specified when the load balancing scheme is set to
877 INTERNAL.
878 properties:
879 external:
880 description: The external name of the referenced resource
881 type: string
882 kind:
883 description: Kind of the referent.
884 type: string
885 name:
886 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
887 type: string
888 namespace:
889 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
890 type: string
891 type: object
892 outlierDetection:
893 description: |-
894 Settings controlling eviction of unhealthy hosts from the load balancing pool.
895 This field is applicable only when the load_balancing_scheme is set
896 to INTERNAL_SELF_MANAGED.
897 properties:
898 baseEjectionTime:
899 description: |-
900 The base time that a host is ejected for. The real time is equal to the base
901 time multiplied by the number of times the host has been ejected. Defaults to
902 30000ms or 30s.
903 properties:
904 nanos:
905 description: |-
906 Span of time that's a fraction of a second at nanosecond resolution. Durations
907 less than one second are represented with a 0 'seconds' field and a positive
908 'nanos' field. Must be from 0 to 999,999,999 inclusive.
909 type: integer
910 seconds:
911 description: |-
912 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
913 inclusive.
914 type: integer
915 required:
916 - seconds
917 type: object
918 consecutiveErrors:
919 description: |-
920 Number of errors before a host is ejected from the connection pool. When the
921 backend host is accessed over HTTP, a 5xx return code qualifies as an error.
922 Defaults to 5.
923 type: integer
924 consecutiveGatewayFailure:
925 description: |-
926 The number of consecutive gateway failures (502, 503, 504 status or connection
927 errors that are mapped to one of those status codes) before a consecutive
928 gateway failure ejection occurs. Defaults to 5.
929 type: integer
930 enforcingConsecutiveErrors:
931 description: |-
932 The percentage chance that a host will be actually ejected when an outlier
933 status is detected through consecutive 5xx. This setting can be used to disable
934 ejection or to ramp it up slowly. Defaults to 100.
935 type: integer
936 enforcingConsecutiveGatewayFailure:
937 description: |-
938 The percentage chance that a host will be actually ejected when an outlier
939 status is detected through consecutive gateway failures. This setting can be
940 used to disable ejection or to ramp it up slowly. Defaults to 0.
941 type: integer
942 enforcingSuccessRate:
943 description: |-
944 The percentage chance that a host will be actually ejected when an outlier
945 status is detected through success rate statistics. This setting can be used to
946 disable ejection or to ramp it up slowly. Defaults to 100.
947 type: integer
948 interval:
949 description: |-
950 Time interval between ejection sweep analysis. This can result in both new
951 ejections as well as hosts being returned to service. Defaults to 10 seconds.
952 properties:
953 nanos:
954 description: |-
955 Span of time that's a fraction of a second at nanosecond resolution. Durations
956 less than one second are represented with a 0 'seconds' field and a positive
957 'nanos' field. Must be from 0 to 999,999,999 inclusive.
958 type: integer
959 seconds:
960 description: |-
961 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
962 inclusive.
963 type: integer
964 required:
965 - seconds
966 type: object
967 maxEjectionPercent:
968 description: |-
969 Maximum percentage of hosts in the load balancing pool for the backend service
970 that can be ejected. Defaults to 10%.
971 type: integer
972 successRateMinimumHosts:
973 description: |-
974 The number of hosts in a cluster that must have enough request volume to detect
975 success rate outliers. If the number of hosts is less than this setting, outlier
976 detection via success rate statistics is not performed for any host in the
977 cluster. Defaults to 5.
978 type: integer
979 successRateRequestVolume:
980 description: |-
981 The minimum number of total requests that must be collected in one interval (as
982 defined by the interval duration above) to include this host in success rate
983 based outlier detection. If the volume is lower than this setting, outlier
984 detection via success rate statistics is not performed for that host. Defaults
985 to 100.
986 type: integer
987 successRateStdevFactor:
988 description: |-
989 This factor is used to determine the ejection threshold for success rate outlier
990 ejection. The ejection threshold is the difference between the mean success
991 rate, and the product of this factor and the standard deviation of the mean
992 success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided
993 by a thousand to get a double. That is, if the desired factor is 1.9, the
994 runtime value should be 1900. Defaults to 1900.
995 type: integer
996 type: object
997 portName:
998 description: |-
999 Name of backend port. The same name should appear in the instance
1000 groups referenced by this service. Required when the load balancing
1001 scheme is EXTERNAL.
1002 type: string
1003 protocol:
1004 description: |-
1005 The protocol this BackendService uses to communicate with backends.
1006 The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer
1007 types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"].
1008 type: string
1009 resourceID:
1010 description: Immutable. Optional. The name of the resource. Used for
1011 creation and acquisition. When unset, the value of `metadata.name`
1012 is used as the default.
1013 type: string
1014 securityPolicyRef:
1015 description: The security policy associated with this backend service.
1016 properties:
1017 external:
1018 description: The external name of the referenced resource
1019 type: string
1020 kind:
1021 description: Kind of the referent.
1022 type: string
1023 name:
1024 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1025 type: string
1026 namespace:
1027 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1028 type: string
1029 type: object
1030 securitySettings:
1031 description: |-
1032 The security settings that apply to this backend service. This field is applicable to either
1033 a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and
1034 load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the
1035 load_balancing_scheme set to INTERNAL_SELF_MANAGED.
1036 properties:
1037 clientTLSPolicyRef:
1038 description: |-
1039 ClientTlsPolicy is a resource that specifies how a client should
1040 authenticate connections to backends of a service. This resource itself
1041 does not affect configuration unless it is attached to a backend
1042 service resource.
1043 properties:
1044 external:
1045 description: The external name of the referenced resource
1046 type: string
1047 kind:
1048 description: Kind of the referent.
1049 type: string
1050 name:
1051 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1052 type: string
1053 namespace:
1054 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1055 type: string
1056 type: object
1057 subjectAltNames:
1058 description: |-
1059 A list of alternate names to verify the subject identity in the certificate.
1060 If specified, the client will verify that the server certificate's subject
1061 alt name matches one of the specified values.
1062 items:
1063 type: string
1064 type: array
1065 required:
1066 - clientTLSPolicyRef
1067 - subjectAltNames
1068 type: object
1069 sessionAffinity:
1070 description: |-
1071 Type of session affinity to use. The default is NONE. Session affinity is
1072 not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"].
1073 type: string
1074 subsetting:
1075 description: Subsetting configuration for this BackendService. Currently
1076 this is applicable only for Internal TCP/UDP load balancing and
1077 Internal HTTP(S) load balancing.
1078 properties:
1079 policy:
1080 description: 'The algorithm used for subsetting. Possible values:
1081 ["CONSISTENT_HASH_SUBSETTING"].'
1082 type: string
1083 required:
1084 - policy
1085 type: object
1086 timeoutSec:
1087 description: |-
1088 How many seconds to wait for the backend before considering it a
1089 failed request. Default is 30 seconds. Valid range is [1, 86400].
1090 type: integer
1091 required:
1092 - location
1093 type: object
1094 status:
1095 properties:
1096 conditions:
1097 description: |-
1098 Conditions represent the latest available observations of the
1099 ComputeBackendService's current state.
1100 items:
1101 properties:
1102 lastTransitionTime:
1103 description: Last time the condition transitioned from one status
1104 to another.
1105 type: string
1106 message:
1107 description: Human-readable message indicating details about
1108 last transition.
1109 type: string
1110 reason:
1111 description: |-
1112 Unique, one-word, CamelCase reason for the condition's last
1113 transition.
1114 type: string
1115 status:
1116 description: Status is the status of the condition. Can be True,
1117 False, Unknown.
1118 type: string
1119 type:
1120 description: Type is the type of the condition.
1121 type: string
1122 type: object
1123 type: array
1124 creationTimestamp:
1125 description: Creation timestamp in RFC3339 text format.
1126 type: string
1127 fingerprint:
1128 description: |-
1129 Fingerprint of this resource. A hash of the contents stored in this
1130 object. This field is used in optimistic locking.
1131 type: string
1132 generatedId:
1133 description: The unique identifier for the resource. This identifier
1134 is defined by the server.
1135 type: integer
1136 observedGeneration:
1137 description: ObservedGeneration is the generation of the resource
1138 that was most recently observed by the Config Connector controller.
1139 If this is equal to metadata.generation, then that means that the
1140 current reported status reflects the most recent desired state of
1141 the resource.
1142 type: integer
1143 selfLink:
1144 type: string
1145 type: object
1146 type: object
1147 served: true
1148 storage: true
View as plain text