1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: computebackendservices.compute.cnrm.cloud.google.com
13spec:
14 group: compute.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: ComputeBackendService
19 plural: computebackendservices
20 shortNames:
21 - gcpcomputebackendservice
22 - gcpcomputebackendservices
23 singular: computebackendservice
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 affinityCookieTtlSec:
62 description: |-
63 Lifetime of cookies in seconds if session_affinity is
64 GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts
65 only until the end of the browser session (or equivalent). The
66 maximum allowed value for TTL is one day.
67
68 When the load balancing scheme is INTERNAL, this field is not used.
69 type: integer
70 backend:
71 description: The set of backends that serve this BackendService.
72 items:
73 properties:
74 balancingMode:
75 description: |-
76 Specifies the balancing mode for this backend.
77
78 For global HTTP(S) or TCP/SSL load balancing, the default is
79 UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))
80 and CONNECTION (for TCP/SSL).
81
82 See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)
83 for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"].
84 type: string
85 capacityScaler:
86 description: |-
87 A multiplier applied to the group's maximum servicing capacity
88 (based on UTILIZATION, RATE or CONNECTION).
89
90 Default value is 1, which means the group will serve up to 100%
91 of its configured capacity (depending on balancingMode). A
92 setting of 0 means the group is completely drained, offering
93 0% of its available Capacity. Valid range is [0.0,1.0].
94 type: number
95 description:
96 description: |-
97 An optional description of this resource.
98 Provide this property when you create the resource.
99 type: string
100 failover:
101 description: |-
102 This field designates whether this is a failover backend. More
103 than one failover backend can be configured for a given RegionBackendService.
104 type: boolean
105 group:
106 description: |-
107 Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup
108 resource. In case of instance group this defines the list of
109 instances that serve traffic. Member virtual machine instances from
110 each instance group must live in the same zone as the instance
111 group itself. No two backends in a backend service are allowed to
112 use same Instance Group resource.
113
114 For Network Endpoint Groups this defines list of endpoints. All
115 endpoints of Network Endpoint Group must be hosted on instances
116 located in the same zone as the Network Endpoint Group.
117
118 Backend services cannot mix Instance Group and Network Endpoint
119 Group backends.
120
121 When the 'load_balancing_scheme' is INTERNAL, only instance groups
122 are supported.
123 oneOf:
124 - required:
125 - instanceGroupRef
126 - required:
127 - networkEndpointGroupRef
128 properties:
129 instanceGroupRef:
130 oneOf:
131 - not:
132 required:
133 - external
134 required:
135 - name
136 - not:
137 anyOf:
138 - required:
139 - name
140 - required:
141 - namespace
142 required:
143 - external
144 properties:
145 external:
146 description: 'Allowed value: The `selfLink` field of
147 a `ComputeInstanceGroup` resource.'
148 type: string
149 name:
150 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
151 type: string
152 namespace:
153 description: 'Namespace of the referent. More info:
154 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
155 type: string
156 type: object
157 networkEndpointGroupRef:
158 oneOf:
159 - not:
160 required:
161 - external
162 required:
163 - name
164 - not:
165 anyOf:
166 - required:
167 - name
168 - required:
169 - namespace
170 required:
171 - external
172 properties:
173 external:
174 description: 'Allowed value: The `selfLink` field of
175 a `ComputeNetworkEndpointGroup` resource.'
176 type: string
177 name:
178 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
179 type: string
180 namespace:
181 description: 'Namespace of the referent. More info:
182 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
183 type: string
184 type: object
185 type: object
186 maxConnections:
187 description: |-
188 The max number of simultaneous connections for the group. Can
189 be used with either CONNECTION or UTILIZATION balancing modes.
190
191 For CONNECTION mode, either maxConnections or one
192 of maxConnectionsPerInstance or maxConnectionsPerEndpoint,
193 as appropriate for group type, must be set.
194 type: integer
195 maxConnectionsPerEndpoint:
196 description: |-
197 The max number of simultaneous connections that a single backend
198 network endpoint can handle. This is used to calculate the
199 capacity of the group. Can be used in either CONNECTION or
200 UTILIZATION balancing modes.
201
202 For CONNECTION mode, either
203 maxConnections or maxConnectionsPerEndpoint must be set.
204 type: integer
205 maxConnectionsPerInstance:
206 description: |-
207 The max number of simultaneous connections that a single
208 backend instance can handle. This is used to calculate the
209 capacity of the group. Can be used in either CONNECTION or
210 UTILIZATION balancing modes.
211
212 For CONNECTION mode, either maxConnections or
213 maxConnectionsPerInstance must be set.
214 type: integer
215 maxRate:
216 description: |-
217 The max requests per second (RPS) of the group.
218
219 Can be used with either RATE or UTILIZATION balancing modes,
220 but required if RATE mode. For RATE mode, either maxRate or one
221 of maxRatePerInstance or maxRatePerEndpoint, as appropriate for
222 group type, must be set.
223 type: integer
224 maxRatePerEndpoint:
225 description: |-
226 The max requests per second (RPS) that a single backend network
227 endpoint can handle. This is used to calculate the capacity of
228 the group. Can be used in either balancing mode. For RATE mode,
229 either maxRate or maxRatePerEndpoint must be set.
230 type: number
231 maxRatePerInstance:
232 description: |-
233 The max requests per second (RPS) that a single backend
234 instance can handle. This is used to calculate the capacity of
235 the group. Can be used in either balancing mode. For RATE mode,
236 either maxRate or maxRatePerInstance must be set.
237 type: number
238 maxUtilization:
239 description: |-
240 Used when balancingMode is UTILIZATION. This ratio defines the
241 CPU utilization target for the group. Valid range is [0.0, 1.0].
242 type: number
243 required:
244 - group
245 type: object
246 type: array
247 cdnPolicy:
248 description: Cloud CDN configuration for this BackendService.
249 properties:
250 bypassCacheOnRequestHeaders:
251 description: |-
252 Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.
253 The cache is bypassed for all cdnPolicy.cacheMode settings.
254 items:
255 properties:
256 headerName:
257 description: The header field name to match on when bypassing
258 cache. Values are case-insensitive.
259 type: string
260 required:
261 - headerName
262 type: object
263 type: array
264 cacheKeyPolicy:
265 description: The CacheKeyPolicy for this CdnPolicy.
266 properties:
267 includeHost:
268 description: If true requests to different hosts will be cached
269 separately.
270 type: boolean
271 includeHttpHeaders:
272 description: |-
273 Allows HTTP request headers (by name) to be used in the
274 cache key.
275 items:
276 type: string
277 type: array
278 includeNamedCookies:
279 description: Names of cookies to include in cache keys.
280 items:
281 type: string
282 type: array
283 includeProtocol:
284 description: If true, http and https requests will be cached
285 separately.
286 type: boolean
287 includeQueryString:
288 description: |-
289 If true, include query string parameters in the cache key
290 according to query_string_whitelist and
291 query_string_blacklist. If neither is set, the entire query
292 string will be included.
293
294 If false, the query string will be excluded from the cache
295 key entirely.
296 type: boolean
297 queryStringBlacklist:
298 description: |-
299 Names of query string parameters to exclude in cache keys.
300
301 All other parameters will be included. Either specify
302 query_string_whitelist or query_string_blacklist, not both.
303 '&' and '=' will be percent encoded and not treated as
304 delimiters.
305 items:
306 type: string
307 type: array
308 queryStringWhitelist:
309 description: |-
310 Names of query string parameters to include in cache keys.
311
312 All other parameters will be excluded. Either specify
313 query_string_whitelist or query_string_blacklist, not both.
314 '&' and '=' will be percent encoded and not treated as
315 delimiters.
316 items:
317 type: string
318 type: array
319 type: object
320 cacheMode:
321 description: |-
322 Specifies the cache setting for all responses from this backend.
323 The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"].
324 type: string
325 clientTtl:
326 description: Specifies the maximum allowed TTL for cached content
327 served by this origin.
328 type: integer
329 defaultTtl:
330 description: |-
331 Specifies the default TTL for cached content served by this origin for responses
332 that do not have an existing valid TTL (max-age or s-max-age).
333 type: integer
334 maxTtl:
335 description: Specifies the maximum allowed TTL for cached content
336 served by this origin.
337 type: integer
338 negativeCaching:
339 description: Negative caching allows per-status code TTLs to be
340 set, in order to apply fine-grained caching for common errors
341 or redirects.
342 type: boolean
343 negativeCachingPolicy:
344 description: |-
345 Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.
346 Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.
347 items:
348 properties:
349 code:
350 description: |-
351 The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501
352 can be specified as values, and you cannot specify a status code more than once.
353 type: integer
354 ttl:
355 description: |-
356 The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s
357 (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
358 type: integer
359 type: object
360 type: array
361 serveWhileStale:
362 description: Serve existing content from the cache (if available)
363 when revalidating content with the origin, or when an error
364 is encountered when refreshing the cache.
365 type: integer
366 signedUrlCacheMaxAgeSec:
367 description: |-
368 Maximum number of seconds the response to a signed URL request
369 will be considered fresh, defaults to 1hr (3600s). After this
370 time period, the response will be revalidated before
371 being served.
372
373 When serving responses to signed URL requests, Cloud CDN will
374 internally behave as though all responses from this backend had a
375 "Cache-Control: public, max-age=[TTL]" header, regardless of any
376 existing Cache-Control header. The actual headers served in
377 responses will not be altered.
378 type: integer
379 type: object
380 circuitBreakers:
381 description: |-
382 Settings controlling the volume of connections to a backend service. This field
383 is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
384 properties:
385 connectTimeout:
386 description: The timeout for new network connections to hosts.
387 properties:
388 nanos:
389 description: |-
390 Span of time that's a fraction of a second at nanosecond
391 resolution. Durations less than one second are represented
392 with a 0 seconds field and a positive nanos field. Must
393 be from 0 to 999,999,999 inclusive.
394 type: integer
395 seconds:
396 description: |-
397 Span of time at a resolution of a second.
398 Must be from 0 to 315,576,000,000 inclusive.
399 type: integer
400 required:
401 - seconds
402 type: object
403 maxConnections:
404 description: |-
405 The maximum number of connections to the backend cluster.
406 Defaults to 1024.
407 type: integer
408 maxPendingRequests:
409 description: |-
410 The maximum number of pending requests to the backend cluster.
411 Defaults to 1024.
412 type: integer
413 maxRequests:
414 description: |-
415 The maximum number of parallel requests to the backend cluster.
416 Defaults to 1024.
417 type: integer
418 maxRequestsPerConnection:
419 description: |-
420 Maximum requests for a single backend connection. This parameter
421 is respected by both the HTTP/1.1 and HTTP/2 implementations. If
422 not specified, there is no limit. Setting this parameter to 1
423 will effectively disable keep alive.
424 type: integer
425 maxRetries:
426 description: |-
427 The maximum number of parallel retries to the backend cluster.
428 Defaults to 3.
429 type: integer
430 type: object
431 compressionMode:
432 description: 'Compress text responses using Brotli or gzip compression,
433 based on the client''s Accept-Encoding header. Possible values:
434 ["AUTOMATIC", "DISABLED"].'
435 type: string
436 connectionDrainingTimeoutSec:
437 description: |-
438 Time for which instance will be drained (not accept new
439 connections, but still work to finish started).
440 type: integer
441 connectionTrackingPolicy:
442 description: |-
443 Connection Tracking configuration for this BackendService.
444 This is available only for Layer 4 Internal Load Balancing and
445 Network Load Balancing.
446 properties:
447 connectionPersistenceOnUnhealthyBackends:
448 description: |-
449 Specifies connection persistence when backends are unhealthy.
450
451 If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on
452 unhealthy backends only for connection-oriented protocols (TCP and SCTP)
453 and only if the Tracking Mode is PER_CONNECTION (default tracking mode)
454 or the Session Affinity is configured for 5-tuple. They do not persist
455 for UDP.
456
457 If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing
458 connections on the unhealthy backend are never persisted on the unhealthy
459 backend. They are always diverted to newly selected healthy backends
460 (unless all backends are unhealthy).
461
462 If set to 'ALWAYS_PERSIST', existing connections always persist on
463 unhealthy backends regardless of protocol and session affinity. It is
464 generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"].
465 type: string
466 idleTimeoutSec:
467 description: |-
468 Specifies how long to keep a Connection Tracking entry while there is
469 no matching traffic (in seconds).
470
471 For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours.
472
473 For NLB the minimum(default) is 60 seconds and the maximum is 16 hours.
474 type: integer
475 trackingMode:
476 description: |-
477 Specifies the key used for connection tracking. There are two options:
478 'PER_CONNECTION': The Connection Tracking is performed as per the
479 Connection Key (default Hash Method) for the specific protocol.
480
481 'PER_SESSION': The Connection Tracking is performed as per the
482 configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"].
483 type: string
484 type: object
485 consistentHash:
486 description: |-
487 Consistent Hash-based load balancing can be used to provide soft session
488 affinity based on HTTP headers, cookies or other properties. This load balancing
489 policy is applicable only for HTTP connections. The affinity to a particular
490 destination host will be lost when one or more hosts are added/removed from the
491 destination service. This field specifies parameters that control consistent
492 hashing. This field only applies if the load_balancing_scheme is set to
493 INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is
494 set to MAGLEV or RING_HASH.
495 properties:
496 httpCookie:
497 description: |-
498 Hash is based on HTTP Cookie. This field describes a HTTP cookie
499 that will be used as the hash key for the consistent hash load
500 balancer. If the cookie is not present, it will be generated.
501 This field is applicable if the sessionAffinity is set to HTTP_COOKIE.
502 properties:
503 name:
504 description: Name of the cookie.
505 type: string
506 path:
507 description: Path to set for the cookie.
508 type: string
509 ttl:
510 description: Lifetime of the cookie.
511 properties:
512 nanos:
513 description: |-
514 Span of time that's a fraction of a second at nanosecond
515 resolution. Durations less than one second are represented
516 with a 0 seconds field and a positive nanos field. Must
517 be from 0 to 999,999,999 inclusive.
518 type: integer
519 seconds:
520 description: |-
521 Span of time at a resolution of a second.
522 Must be from 0 to 315,576,000,000 inclusive.
523 type: integer
524 required:
525 - seconds
526 type: object
527 type: object
528 httpHeaderName:
529 description: |-
530 The hash based on the value of the specified header field.
531 This field is applicable if the sessionAffinity is set to HEADER_FIELD.
532 type: string
533 minimumRingSize:
534 description: |-
535 The minimum number of virtual nodes to use for the hash ring.
536 Larger ring sizes result in more granular load
537 distributions. If the number of hosts in the load balancing pool
538 is larger than the ring size, each host will be assigned a single
539 virtual node.
540 Defaults to 1024.
541 type: integer
542 type: object
543 customRequestHeaders:
544 description: |-
545 Headers that the HTTP/S load balancer should add to proxied
546 requests.
547 items:
548 type: string
549 type: array
550 customResponseHeaders:
551 description: |-
552 Headers that the HTTP/S load balancer should add to proxied
553 responses.
554 items:
555 type: string
556 type: array
557 description:
558 description: An optional description of this resource.
559 type: string
560 edgeSecurityPolicyRef:
561 description: |-
562 The resource URL for the edge security policy associated with this
563 backend service.
564 oneOf:
565 - not:
566 required:
567 - external
568 required:
569 - name
570 - not:
571 anyOf:
572 - required:
573 - name
574 - required:
575 - namespace
576 required:
577 - external
578 properties:
579 external:
580 description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy`
581 resource.'
582 type: string
583 name:
584 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
585 type: string
586 namespace:
587 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
588 type: string
589 type: object
590 enableCdn:
591 description: If true, enable Cloud CDN for this BackendService.
592 type: boolean
593 failoverPolicy:
594 description: Policy for failovers.
595 properties:
596 disableConnectionDrainOnFailover:
597 description: |-
598 On failover or failback, this field indicates whether connection drain
599 will be honored. Setting this to true has the following effect: connections
600 to the old active pool are not drained. Connections to the new active pool
601 use the timeout of 10 min (currently fixed). Setting to false has the
602 following effect: both old and new connections will have a drain timeout
603 of 10 min.
604 This can be set to true only if the protocol is TCP.
605 The default is false.
606 type: boolean
607 dropTrafficIfUnhealthy:
608 description: |-
609 This option is used only when no healthy VMs are detected in the primary
610 and backup instance groups. When set to true, traffic is dropped. When
611 set to false, new connections are sent across all VMs in the primary group.
612 The default is false.
613 type: boolean
614 failoverRatio:
615 description: |-
616 The value of the field must be in [0, 1]. If the ratio of the healthy
617 VMs in the primary backend is at or below this number, traffic arriving
618 at the load-balanced IP will be directed to the failover backend.
619 In case where 'failoverRatio' is not set or all the VMs in the backup
620 backend are unhealthy, the traffic will be directed back to the primary
621 backend in the "force" mode, where traffic will be spread to the healthy
622 VMs with the best effort, or to all VMs when no VM is healthy.
623 This field is only used with l4 load balancing.
624 type: number
625 type: object
626 healthChecks:
627 items:
628 description: |-
629 The health check resources for health checking this
630 ComputeBackendService. Currently at most one health check can be
631 specified, and a health check is required.
632 oneOf:
633 - required:
634 - healthCheckRef
635 - required:
636 - httpHealthCheckRef
637 properties:
638 healthCheckRef:
639 oneOf:
640 - not:
641 required:
642 - external
643 required:
644 - name
645 - not:
646 anyOf:
647 - required:
648 - name
649 - required:
650 - namespace
651 required:
652 - external
653 properties:
654 external:
655 description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck`
656 resource.'
657 type: string
658 name:
659 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
660 type: string
661 namespace:
662 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
663 type: string
664 type: object
665 httpHealthCheckRef:
666 oneOf:
667 - not:
668 required:
669 - external
670 required:
671 - name
672 - not:
673 anyOf:
674 - required:
675 - name
676 - required:
677 - namespace
678 required:
679 - external
680 properties:
681 external:
682 description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck`
683 resource.'
684 type: string
685 name:
686 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
687 type: string
688 namespace:
689 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
690 type: string
691 type: object
692 type: object
693 type: array
694 iap:
695 description: Settings for enabling Cloud Identity Aware Proxy.
696 oneOf:
697 - required:
698 - oauth2ClientId
699 - required:
700 - oauth2ClientIdRef
701 properties:
702 oauth2ClientId:
703 description: DEPRECATED. Although this field is still available,
704 there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef`
705 instead.
706 type: string
707 oauth2ClientIdRef:
708 description: OAuth2 Client ID for IAP.
709 oneOf:
710 - not:
711 required:
712 - external
713 required:
714 - name
715 - not:
716 anyOf:
717 - required:
718 - name
719 - required:
720 - namespace
721 required:
722 - external
723 properties:
724 external:
725 description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient`
726 resource.'
727 type: string
728 name:
729 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
730 type: string
731 namespace:
732 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
733 type: string
734 type: object
735 oauth2ClientSecret:
736 description: OAuth2 Client Secret for IAP.
737 oneOf:
738 - not:
739 required:
740 - valueFrom
741 required:
742 - value
743 - not:
744 required:
745 - value
746 required:
747 - valueFrom
748 properties:
749 value:
750 description: Value of the field. Cannot be used if 'valueFrom'
751 is specified.
752 type: string
753 valueFrom:
754 description: Source for the field's value. Cannot be used
755 if 'value' is specified.
756 properties:
757 secretKeyRef:
758 description: Reference to a value with the given key in
759 the given Secret in the resource's namespace.
760 properties:
761 key:
762 description: Key that identifies the value to be extracted.
763 type: string
764 name:
765 description: Name of the Secret to extract a value
766 from.
767 type: string
768 required:
769 - key
770 - name
771 type: object
772 type: object
773 type: object
774 oauth2ClientSecretSha256:
775 description: OAuth2 Client Secret SHA-256 for IAP.
776 type: string
777 type: object
778 loadBalancingScheme:
779 description: |-
780 Immutable. Indicates whether the backend service will be used with internal or
781 external load balancing. A backend service created for one type of
782 load balancing cannot be used with the other. For more information, refer to
783 [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"].
784 type: string
785 localityLbPolicies:
786 description: |-
787 A list of locality load balancing policies to be used in order of
788 preference. Either the policy or the customPolicy field should be set.
789 Overrides any value set in the localityLbPolicy field.
790
791 localityLbPolicies is only supported when the BackendService is referenced
792 by a URL Map that is referenced by a target gRPC proxy that has the
793 validateForProxyless field set to true.
794 items:
795 properties:
796 customPolicy:
797 description: |-
798 The configuration for a custom policy implemented by the user and
799 deployed with the client.
800 properties:
801 data:
802 description: |-
803 An optional, arbitrary JSON object with configuration data, understood
804 by a locally installed custom policy implementation.
805 type: string
806 name:
807 description: |-
808 Identifies the custom policy.
809
810 The value should match the type the custom implementation is registered
811 with on the gRPC clients. It should follow protocol buffer
812 message naming conventions and include the full path (e.g.
813 myorg.CustomLbPolicy). The maximum length is 256 characters.
814
815 Note that specifying the same custom policy more than once for a
816 backend is not a valid configuration and will be rejected.
817 type: string
818 required:
819 - name
820 type: object
821 policy:
822 description: The configuration for a built-in load balancing
823 policy.
824 properties:
825 name:
826 description: |-
827 The name of a locality load balancer policy to be used. The value
828 should be one of the predefined ones as supported by localityLbPolicy,
829 although at the moment only ROUND_ROBIN is supported.
830
831 This field should only be populated when the customPolicy field is not
832 used.
833
834 Note that specifying the same policy more than once for a backend is
835 not a valid configuration and will be rejected.
836
837 The possible values are:
838
839 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
840 is selected in round robin order.
841
842 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
843 hosts and picks the host which has fewer active requests.
844
845 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
846 hashing to backends. The algorithm has the property that the
847 addition/removal of a host from a set of N hosts only affects
848 1/N of the requests.
849
850 * 'RANDOM': The load balancer selects a random healthy host.
851
852 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
853 connection metadata, i.e., connections are opened
854 to the same address as the destination address of
855 the incoming connection before the connection
856 was redirected to the load balancer.
857
858 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
859 Maglev is not as stable as ring hash but has faster table lookup
860 build times and host selection times. For more information about
861 Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"].
862 type: string
863 required:
864 - name
865 type: object
866 type: object
867 type: array
868 localityLbPolicy:
869 description: |-
870 The load balancing algorithm used within the scope of the locality.
871 The possible values are:
872
873 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
874 is selected in round robin order.
875
876 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
877 hosts and picks the host which has fewer active requests.
878
879 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
880 hashing to backends. The algorithm has the property that the
881 addition/removal of a host from a set of N hosts only affects
882 1/N of the requests.
883
884 * 'RANDOM': The load balancer selects a random healthy host.
885
886 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
887 connection metadata, i.e., connections are opened
888 to the same address as the destination address of
889 the incoming connection before the connection
890 was redirected to the load balancer.
891
892 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
893 Maglev is not as stable as ring hash but has faster table lookup
894 build times and host selection times. For more information about
895 Maglev, refer to https://ai.google/research/pubs/pub44824
896
897 * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check
898 reported weights. If set, the Backend Service must
899 configure a non legacy HTTP-based Health Check, and
900 health check replies are expected to contain
901 non-standard HTTP response header field
902 X-Load-Balancing-Endpoint-Weight to specify the
903 per-instance weights. If set, Load Balancing is weight
904 based on the per-instance weights reported in the last
905 processed health check replies, as long as every
906 instance either reported a valid weight or had
907 UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains
908 equal-weight.
909
910
911 This field is applicable to either:
912
913 * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,
914 and loadBalancingScheme set to INTERNAL_MANAGED.
915 * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
916 * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
917 Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
918 Network Load Balancing. The default is MAGLEV.
919
920
921 If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,
922 or RING_HASH, session affinity settings will not take effect.
923
924 Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
925 by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
926 field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"].
927 type: string
928 location:
929 description: 'Location represents the geographical location of the
930 ComputeBackendService. Specify a region name or "global" for global
931 resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
932 type: string
933 logConfig:
934 description: |-
935 This field denotes the logging options for the load balancer traffic served by this backend service.
936 If logging is enabled, logs will be exported to Stackdriver.
937 properties:
938 enable:
939 description: Whether to enable logging for the load balancer traffic
940 served by this backend service.
941 type: boolean
942 sampleRate:
943 description: |-
944 This field can only be specified if logging is enabled for this backend service. The value of
945 the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer
946 where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.
947 The default value is 1.0.
948 type: number
949 type: object
950 networkRef:
951 description: |-
952 The network to which this backend service belongs. This field can
953 only be specified when the load balancing scheme is set to
954 INTERNAL.
955 oneOf:
956 - not:
957 required:
958 - external
959 required:
960 - name
961 - not:
962 anyOf:
963 - required:
964 - name
965 - required:
966 - namespace
967 required:
968 - external
969 properties:
970 external:
971 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
972 resource.'
973 type: string
974 name:
975 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
976 type: string
977 namespace:
978 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
979 type: string
980 type: object
981 outlierDetection:
982 description: |-
983 Settings controlling eviction of unhealthy hosts from the load balancing pool.
984 This field is applicable only when the load_balancing_scheme is set
985 to INTERNAL_SELF_MANAGED.
986 properties:
987 baseEjectionTime:
988 description: |-
989 The base time that a host is ejected for. The real time is equal to the base
990 time multiplied by the number of times the host has been ejected. Defaults to
991 30000ms or 30s.
992 properties:
993 nanos:
994 description: |-
995 Span of time that's a fraction of a second at nanosecond resolution. Durations
996 less than one second are represented with a 0 'seconds' field and a positive
997 'nanos' field. Must be from 0 to 999,999,999 inclusive.
998 type: integer
999 seconds:
1000 description: |-
1001 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
1002 inclusive.
1003 type: integer
1004 required:
1005 - seconds
1006 type: object
1007 consecutiveErrors:
1008 description: |-
1009 Number of errors before a host is ejected from the connection pool. When the
1010 backend host is accessed over HTTP, a 5xx return code qualifies as an error.
1011 Defaults to 5.
1012 type: integer
1013 consecutiveGatewayFailure:
1014 description: |-
1015 The number of consecutive gateway failures (502, 503, 504 status or connection
1016 errors that are mapped to one of those status codes) before a consecutive
1017 gateway failure ejection occurs. Defaults to 5.
1018 type: integer
1019 enforcingConsecutiveErrors:
1020 description: |-
1021 The percentage chance that a host will be actually ejected when an outlier
1022 status is detected through consecutive 5xx. This setting can be used to disable
1023 ejection or to ramp it up slowly. Defaults to 100.
1024 type: integer
1025 enforcingConsecutiveGatewayFailure:
1026 description: |-
1027 The percentage chance that a host will be actually ejected when an outlier
1028 status is detected through consecutive gateway failures. This setting can be
1029 used to disable ejection or to ramp it up slowly. Defaults to 0.
1030 type: integer
1031 enforcingSuccessRate:
1032 description: |-
1033 The percentage chance that a host will be actually ejected when an outlier
1034 status is detected through success rate statistics. This setting can be used to
1035 disable ejection or to ramp it up slowly. Defaults to 100.
1036 type: integer
1037 interval:
1038 description: |-
1039 Time interval between ejection sweep analysis. This can result in both new
1040 ejections as well as hosts being returned to service. Defaults to 10 seconds.
1041 properties:
1042 nanos:
1043 description: |-
1044 Span of time that's a fraction of a second at nanosecond resolution. Durations
1045 less than one second are represented with a 0 'seconds' field and a positive
1046 'nanos' field. Must be from 0 to 999,999,999 inclusive.
1047 type: integer
1048 seconds:
1049 description: |-
1050 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
1051 inclusive.
1052 type: integer
1053 required:
1054 - seconds
1055 type: object
1056 maxEjectionPercent:
1057 description: |-
1058 Maximum percentage of hosts in the load balancing pool for the backend service
1059 that can be ejected. Defaults to 10%.
1060 type: integer
1061 successRateMinimumHosts:
1062 description: |-
1063 The number of hosts in a cluster that must have enough request volume to detect
1064 success rate outliers. If the number of hosts is less than this setting, outlier
1065 detection via success rate statistics is not performed for any host in the
1066 cluster. Defaults to 5.
1067 type: integer
1068 successRateRequestVolume:
1069 description: |-
1070 The minimum number of total requests that must be collected in one interval (as
1071 defined by the interval duration above) to include this host in success rate
1072 based outlier detection. If the volume is lower than this setting, outlier
1073 detection via success rate statistics is not performed for that host. Defaults
1074 to 100.
1075 type: integer
1076 successRateStdevFactor:
1077 description: |-
1078 This factor is used to determine the ejection threshold for success rate outlier
1079 ejection. The ejection threshold is the difference between the mean success
1080 rate, and the product of this factor and the standard deviation of the mean
1081 success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided
1082 by a thousand to get a double. That is, if the desired factor is 1.9, the
1083 runtime value should be 1900. Defaults to 1900.
1084 type: integer
1085 type: object
1086 portName:
1087 description: |-
1088 Name of backend port. The same name should appear in the instance
1089 groups referenced by this service. Required when the load balancing
1090 scheme is EXTERNAL.
1091 type: string
1092 protocol:
1093 description: |-
1094 The protocol this BackendService uses to communicate with backends.
1095 The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer
1096 types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"].
1097 type: string
1098 resourceID:
1099 description: Immutable. Optional. The name of the resource. Used for
1100 creation and acquisition. When unset, the value of `metadata.name`
1101 is used as the default.
1102 type: string
1103 securityPolicyRef:
1104 description: The security policy associated with this backend service.
1105 oneOf:
1106 - not:
1107 required:
1108 - external
1109 required:
1110 - name
1111 - not:
1112 anyOf:
1113 - required:
1114 - name
1115 - required:
1116 - namespace
1117 required:
1118 - external
1119 properties:
1120 external:
1121 description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy`
1122 resource.'
1123 type: string
1124 name:
1125 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1126 type: string
1127 namespace:
1128 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1129 type: string
1130 type: object
1131 securitySettings:
1132 description: |-
1133 The security settings that apply to this backend service. This field is applicable to either
1134 a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and
1135 load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the
1136 load_balancing_scheme set to INTERNAL_SELF_MANAGED.
1137 properties:
1138 clientTLSPolicyRef:
1139 description: |-
1140 ClientTlsPolicy is a resource that specifies how a client should
1141 authenticate connections to backends of a service. This resource itself
1142 does not affect configuration unless it is attached to a backend
1143 service resource.
1144 oneOf:
1145 - not:
1146 required:
1147 - external
1148 required:
1149 - name
1150 - not:
1151 anyOf:
1152 - required:
1153 - name
1154 - required:
1155 - namespace
1156 required:
1157 - external
1158 properties:
1159 external:
1160 description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy`
1161 resource.'
1162 type: string
1163 name:
1164 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1165 type: string
1166 namespace:
1167 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1168 type: string
1169 type: object
1170 subjectAltNames:
1171 description: |-
1172 A list of alternate names to verify the subject identity in the certificate.
1173 If specified, the client will verify that the server certificate's subject
1174 alt name matches one of the specified values.
1175 items:
1176 type: string
1177 type: array
1178 required:
1179 - clientTLSPolicyRef
1180 - subjectAltNames
1181 type: object
1182 sessionAffinity:
1183 description: |-
1184 Type of session affinity to use. The default is NONE. Session affinity is
1185 not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"].
1186 type: string
1187 subsetting:
1188 description: Subsetting configuration for this BackendService. Currently
1189 this is applicable only for Internal TCP/UDP load balancing and
1190 Internal HTTP(S) load balancing.
1191 properties:
1192 policy:
1193 description: 'The algorithm used for subsetting. Possible values:
1194 ["CONSISTENT_HASH_SUBSETTING"].'
1195 type: string
1196 required:
1197 - policy
1198 type: object
1199 timeoutSec:
1200 description: |-
1201 How many seconds to wait for the backend before considering it a
1202 failed request. Default is 30 seconds. Valid range is [1, 86400].
1203 type: integer
1204 required:
1205 - location
1206 type: object
1207 status:
1208 properties:
1209 conditions:
1210 description: Conditions represent the latest available observation
1211 of the resource's current state.
1212 items:
1213 properties:
1214 lastTransitionTime:
1215 description: Last time the condition transitioned from one status
1216 to another.
1217 type: string
1218 message:
1219 description: Human-readable message indicating details about
1220 last transition.
1221 type: string
1222 reason:
1223 description: Unique, one-word, CamelCase reason for the condition's
1224 last transition.
1225 type: string
1226 status:
1227 description: Status is the status of the condition. Can be True,
1228 False, Unknown.
1229 type: string
1230 type:
1231 description: Type is the type of the condition.
1232 type: string
1233 type: object
1234 type: array
1235 creationTimestamp:
1236 description: Creation timestamp in RFC3339 text format.
1237 type: string
1238 fingerprint:
1239 description: |-
1240 Fingerprint of this resource. A hash of the contents stored in this
1241 object. This field is used in optimistic locking.
1242 type: string
1243 generatedId:
1244 description: The unique identifier for the resource. This identifier
1245 is defined by the server.
1246 type: integer
1247 observedGeneration:
1248 description: ObservedGeneration is the generation of the resource
1249 that was most recently observed by the Config Connector controller.
1250 If this is equal to metadata.generation, then that means that the
1251 current reported status reflects the most recent desired state of
1252 the resource.
1253 type: integer
1254 selfLink:
1255 type: string
1256 type: object
1257 required:
1258 - spec
1259 type: object
1260 served: true
1261 storage: true
1262 subresources:
1263 status: {}
1264status:
1265 acceptedNames:
1266 kind: ""
1267 plural: ""
1268 conditions: []
1269 storedVersions: []
View as plain text