--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) name: computerouternats.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: kind: ComputeRouterNAT listKind: ComputeRouterNATList plural: computerouternats singular: computerouternat scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: ComputeRouterNAT is the Schema for the compute API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: drainNatIps: items: properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array enableDynamicPortAllocation: description: |- Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping. type: boolean enableEndpointIndependentMapping: description: |- Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). type: boolean icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. type: integer logConfig: description: Configuration for logging on NAT. properties: enable: description: Indicates whether or not to export logs. type: boolean filter: description: 'Specifies the desired filtering of logs on this NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' type: string required: - enable - filter type: object maxPortsPerVm: description: |- Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled. type: integer minPortsPerVm: description: Minimum number of ports allocated to a VM from this NAT. type: integer natIpAllocateOption: description: |- How external IPs should be allocated for this NAT. Valid values are 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. type: string natIps: items: properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array region: description: Immutable. Region where the router and NAT reside. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerRef: description: The Cloud Router in which this NAT will be configured. properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rules: description: A list of rules associated with this NAT. items: properties: action: description: The action to be enforced for traffic that matches this rule. properties: sourceNatActiveIpsRefs: items: properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sourceNatDrainIpsRefs: items: properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object description: description: An optional description of this rule. type: string match: description: |- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". type: string ruleNumber: description: |- An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. type: integer required: - match - ruleNumber type: object type: array sourceSubnetworkIpRangesToNat: description: |- How NAT should be configured per Subnetwork. If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the IP ranges in every Subnetwork are allowed to Nat. If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP ranges in every Subnetwork are allowed to Nat. 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. type: string subnetwork: description: |- One or more subnetwork NAT configurations. Only used if 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. items: properties: secondaryIpRangeNames: description: |- List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in sourceIpRangesToNat. items: type: string type: array sourceIpRangesToNat: description: |- List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', 'PRIMARY_IP_RANGE'. items: type: string type: array subnetworkRef: description: The subnetwork to NAT. properties: external: description: The external name of the referenced resource type: string kind: description: Kind of the referent. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - sourceIpRangesToNat - subnetworkRef type: object type: array tcpEstablishedIdleTimeoutSec: description: |- Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. type: integer tcpTimeWaitTimeoutSec: description: |- Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set. type: integer tcpTransitoryIdleTimeoutSec: description: |- Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. type: integer udpIdleTimeoutSec: description: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. type: integer required: - natIpAllocateOption - region - routerRef - sourceSubnetworkIpRangesToNat type: object status: properties: conditions: description: |- Conditions represent the latest available observations of the ComputeRouterNAT's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: |- Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true