1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: computerouternats.compute.cnrm.cloud.google.com
8spec:
9 group: compute.cnrm.cloud.google.com
10 names:
11 kind: ComputeRouterNAT
12 listKind: ComputeRouterNATList
13 plural: computerouternats
14 singular: computerouternat
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: ComputeRouterNAT is the Schema for the compute API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 drainNatIps:
42 items:
43 properties:
44 external:
45 description: The external name of the referenced resource
46 type: string
47 kind:
48 description: Kind of the referent.
49 type: string
50 name:
51 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
52 type: string
53 namespace:
54 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
55 type: string
56 type: object
57 type: array
58 enableDynamicPortAllocation:
59 description: |-
60 Enable Dynamic Port Allocation.
61 If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.
62 If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
63 If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.
64 If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
65
66
67 Mutually exclusive with enableEndpointIndependentMapping.
68 type: boolean
69 enableEndpointIndependentMapping:
70 description: |-
71 Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information
72 see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).
73 type: boolean
74 icmpIdleTimeoutSec:
75 description: Timeout (in seconds) for ICMP connections. Defaults to
76 30s if not set.
77 type: integer
78 logConfig:
79 description: Configuration for logging on NAT.
80 properties:
81 enable:
82 description: Indicates whether or not to export logs.
83 type: boolean
84 filter:
85 description: 'Specifies the desired filtering of logs on this
86 NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].'
87 type: string
88 required:
89 - enable
90 - filter
91 type: object
92 maxPortsPerVm:
93 description: |-
94 Maximum number of ports allocated to a VM from this NAT.
95 This field can only be set when enableDynamicPortAllocation is enabled.
96 type: integer
97 minPortsPerVm:
98 description: Minimum number of ports allocated to a VM from this NAT.
99 type: integer
100 natIpAllocateOption:
101 description: |-
102 How external IPs should be allocated for this NAT. Valid values are
103 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud
104 Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"].
105 type: string
106 natIps:
107 items:
108 properties:
109 external:
110 description: The external name of the referenced resource
111 type: string
112 kind:
113 description: Kind of the referent.
114 type: string
115 name:
116 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
117 type: string
118 namespace:
119 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
120 type: string
121 type: object
122 type: array
123 region:
124 description: Immutable. Region where the router and NAT reside.
125 type: string
126 resourceID:
127 description: Immutable. Optional. The name of the resource. Used for
128 creation and acquisition. When unset, the value of `metadata.name`
129 is used as the default.
130 type: string
131 routerRef:
132 description: The Cloud Router in which this NAT will be configured.
133 properties:
134 external:
135 description: The external name of the referenced resource
136 type: string
137 kind:
138 description: Kind of the referent.
139 type: string
140 name:
141 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
142 type: string
143 namespace:
144 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
145 type: string
146 type: object
147 rules:
148 description: A list of rules associated with this NAT.
149 items:
150 properties:
151 action:
152 description: The action to be enforced for traffic that matches
153 this rule.
154 properties:
155 sourceNatActiveIpsRefs:
156 items:
157 properties:
158 external:
159 description: The external name of the referenced resource
160 type: string
161 kind:
162 description: Kind of the referent.
163 type: string
164 name:
165 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
166 type: string
167 namespace:
168 description: 'Namespace of the referent. More info:
169 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
170 type: string
171 type: object
172 type: array
173 sourceNatDrainIpsRefs:
174 items:
175 properties:
176 external:
177 description: The external name of the referenced resource
178 type: string
179 kind:
180 description: Kind of the referent.
181 type: string
182 name:
183 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
184 type: string
185 namespace:
186 description: 'Namespace of the referent. More info:
187 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
188 type: string
189 type: object
190 type: array
191 type: object
192 description:
193 description: An optional description of this rule.
194 type: string
195 match:
196 description: |-
197 CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.
198 If it evaluates to true, the corresponding action is enforced.
199
200
201 The following examples are valid match expressions for public NAT:
202
203
204 "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')"
205
206
207 "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'"
208
209
210 The following example is a valid match expression for private NAT:
211
212
213 "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'".
214 type: string
215 ruleNumber:
216 description: |-
217 An integer uniquely identifying a rule in the list.
218 The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
219 type: integer
220 required:
221 - match
222 - ruleNumber
223 type: object
224 type: array
225 sourceSubnetworkIpRangesToNat:
226 description: |-
227 How NAT should be configured per Subnetwork.
228 If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the
229 IP ranges in every Subnetwork are allowed to Nat.
230 If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP
231 ranges in every Subnetwork are allowed to Nat.
232 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat
233 (specified in the field subnetwork below). Note that if this field
234 contains ALL_SUBNETWORKS_ALL_IP_RANGES or
235 ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
236 other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"].
237 type: string
238 subnetwork:
239 description: |-
240 One or more subnetwork NAT configurations. Only used if
241 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'.
242 items:
243 properties:
244 secondaryIpRangeNames:
245 description: |-
246 List of the secondary ranges of the subnetwork that are allowed
247 to use NAT. This can be populated only if
248 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in
249 sourceIpRangesToNat.
250 items:
251 type: string
252 type: array
253 sourceIpRangesToNat:
254 description: |-
255 List of options for which source IPs in the subnetwork
256 should have NAT enabled. Supported values include:
257 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',
258 'PRIMARY_IP_RANGE'.
259 items:
260 type: string
261 type: array
262 subnetworkRef:
263 description: The subnetwork to NAT.
264 properties:
265 external:
266 description: The external name of the referenced resource
267 type: string
268 kind:
269 description: Kind of the referent.
270 type: string
271 name:
272 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
273 type: string
274 namespace:
275 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
276 type: string
277 type: object
278 required:
279 - sourceIpRangesToNat
280 - subnetworkRef
281 type: object
282 type: array
283 tcpEstablishedIdleTimeoutSec:
284 description: |-
285 Timeout (in seconds) for TCP established connections.
286 Defaults to 1200s if not set.
287 type: integer
288 tcpTimeWaitTimeoutSec:
289 description: |-
290 Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
291 Defaults to 120s if not set.
292 type: integer
293 tcpTransitoryIdleTimeoutSec:
294 description: |-
295 Timeout (in seconds) for TCP transitory connections.
296 Defaults to 30s if not set.
297 type: integer
298 udpIdleTimeoutSec:
299 description: Timeout (in seconds) for UDP connections. Defaults to
300 30s if not set.
301 type: integer
302 required:
303 - natIpAllocateOption
304 - region
305 - routerRef
306 - sourceSubnetworkIpRangesToNat
307 type: object
308 status:
309 properties:
310 conditions:
311 description: |-
312 Conditions represent the latest available observations of the
313 ComputeRouterNAT's current state.
314 items:
315 properties:
316 lastTransitionTime:
317 description: Last time the condition transitioned from one status
318 to another.
319 type: string
320 message:
321 description: Human-readable message indicating details about
322 last transition.
323 type: string
324 reason:
325 description: |-
326 Unique, one-word, CamelCase reason for the condition's last
327 transition.
328 type: string
329 status:
330 description: Status is the status of the condition. Can be True,
331 False, Unknown.
332 type: string
333 type:
334 description: Type is the type of the condition.
335 type: string
336 type: object
337 type: array
338 observedGeneration:
339 description: ObservedGeneration is the generation of the resource
340 that was most recently observed by the Config Connector controller.
341 If this is equal to metadata.generation, then that means that the
342 current reported status reflects the most recent desired state of
343 the resource.
344 type: integer
345 type: object
346 type: object
347 served: true
348 storage: true
View as plain text