1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: computeforwardingrules.compute.cnrm.cloud.google.com
13spec:
14 group: compute.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: ComputeForwardingRule
19 plural: computeforwardingrules
20 shortNames:
21 - gcpcomputeforwardingrule
22 - gcpcomputeforwardingrules
23 singular: computeforwardingrule
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 allPorts:
62 description: |-
63 Immutable. This field can only be used:
64 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
65 * By internal TCP/UDP load balancers, backend service-based network load
66 balancers, and internal and external protocol forwarding.
67
68
69 Set this field to true to allow packets addressed to any port or packets
70 lacking destination port information (for example, UDP fragments after the
71 first fragment) to be forwarded to the backends configured with this
72 forwarding rule.
73
74 The 'ports', 'port_range', and
75 'allPorts' fields are mutually exclusive.
76 type: boolean
77 allowGlobalAccess:
78 description: |-
79 This field is used along with the 'backend_service' field for
80 internal load balancing or with the 'target' field for internal
81 TargetInstance.
82
83 If the field is set to 'TRUE', clients can access ILB from all
84 regions.
85
86 Otherwise only allows access from clients in the same region as the
87 internal load balancer.
88 type: boolean
89 allowPscGlobalAccess:
90 description: Immutable. This is used in PSC consumer ForwardingRule
91 to control whether the PSC endpoint can be accessed from another
92 region.
93 type: boolean
94 backendServiceRef:
95 description: |-
96 A ComputeBackendService to receive the matched traffic. This is
97 used only for internal load balancing.
98 oneOf:
99 - not:
100 required:
101 - external
102 required:
103 - name
104 - not:
105 anyOf:
106 - required:
107 - name
108 - required:
109 - namespace
110 required:
111 - external
112 properties:
113 external:
114 description: 'Allowed value: The `selfLink` field of a `ComputeBackendService`
115 resource.'
116 type: string
117 name:
118 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
119 type: string
120 namespace:
121 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
122 type: string
123 type: object
124 description:
125 description: |-
126 Immutable. An optional description of this resource. Provide this property when
127 you create the resource.
128 type: string
129 ipAddress:
130 description: |-
131 The IP address that this forwarding rule is serving on behalf of.
132
133 Addresses are restricted based on the forwarding rule's load
134 balancing scheme (EXTERNAL or INTERNAL) and scope (global or
135 regional).
136
137 When the load balancing scheme is EXTERNAL, for global forwarding
138 rules, the address must be a global IP, and for regional forwarding
139 rules, the address must live in the same region as the forwarding
140 rule. If this field is empty, an ephemeral IPv4 address from the
141 same scope (global or regional) will be assigned. A regional
142 forwarding rule supports IPv4 only. A global forwarding rule
143 supports either IPv4 or IPv6.
144
145 When the load balancing scheme is INTERNAL, this can only be an RFC
146 1918 IP address belonging to the network/subnet configured for the
147 forwarding rule. By default, if this field is empty, an ephemeral
148 internal IP address will be automatically allocated from the IP
149 range of the subnet or network configured for this forwarding rule.
150 oneOf:
151 - required:
152 - addressRef
153 - required:
154 - ip
155 properties:
156 addressRef:
157 oneOf:
158 - not:
159 required:
160 - external
161 required:
162 - name
163 - not:
164 anyOf:
165 - required:
166 - name
167 - required:
168 - namespace
169 required:
170 - external
171 properties:
172 external:
173 description: 'Allowed value: The `address` field of a `ComputeAddress`
174 resource.'
175 type: string
176 name:
177 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
178 type: string
179 namespace:
180 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
181 type: string
182 type: object
183 ip:
184 type: string
185 type: object
186 ipProtocol:
187 description: |-
188 Immutable. The IP protocol to which this rule applies.
189
190 For protocol forwarding, valid
191 options are 'TCP', 'UDP', 'ESP',
192 'AH', 'SCTP', 'ICMP' and
193 'L3_DEFAULT'.
194
195 The valid IP protocols are different for different load balancing products
196 as described in [Load balancing
197 features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"].
198 type: string
199 ipVersion:
200 description: 'Immutable. The IP Version that will be used by this
201 global forwarding rule. Possible values: ["IPV4", "IPV6"].'
202 type: string
203 isMirroringCollector:
204 description: |-
205 Immutable. Indicates whether or not this load balancer can be used as a collector for
206 packet mirroring. To prevent mirroring loops, instances behind this
207 load balancer will not have their traffic mirrored even if a
208 'PacketMirroring' rule applies to them.
209
210 This can only be set to true for load balancers that have their
211 'loadBalancingScheme' set to 'INTERNAL'.
212 type: boolean
213 loadBalancingScheme:
214 description: |-
215 Immutable. Specifies the forwarding rule type.
216
217 For more information about forwarding rules, refer to
218 [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED"].
219 type: string
220 location:
221 description: 'Location represents the geographical location of the
222 ComputeForwardingRule. Specify a region name or "global" for global
223 resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
224 type: string
225 metadataFilters:
226 description: |-
227 Immutable. Opaque filter criteria used by Loadbalancer to restrict routing
228 configuration to a limited set xDS compliant clients. In their xDS
229 requests to Loadbalancer, xDS clients present node metadata. If a
230 match takes place, the relevant routing configuration is made available
231 to those proxies.
232
233 For each metadataFilter in this list, if its filterMatchCriteria is set
234 to MATCH_ANY, at least one of the filterLabels must match the
235 corresponding label provided in the metadata. If its filterMatchCriteria
236 is set to MATCH_ALL, then all of its filterLabels must match with
237 corresponding labels in the provided metadata.
238
239 metadataFilters specified here can be overridden by those specified in
240 the UrlMap that this ForwardingRule references.
241
242 metadataFilters only applies to Loadbalancers that have their
243 loadBalancingScheme set to INTERNAL_SELF_MANAGED.
244 items:
245 properties:
246 filterLabels:
247 description: |-
248 Immutable. The list of label value pairs that must match labels in the
249 provided metadata based on filterMatchCriteria
250
251 This list must not be empty and can have at the most 64 entries.
252 items:
253 properties:
254 name:
255 description: |-
256 Immutable. Name of the metadata label. The length must be between
257 1 and 1024 characters, inclusive.
258 type: string
259 value:
260 description: |-
261 Immutable. The value that the label must match. The value has a maximum
262 length of 1024 characters.
263 type: string
264 required:
265 - name
266 - value
267 type: object
268 type: array
269 filterMatchCriteria:
270 description: |-
271 Immutable. Specifies how individual filterLabel matches within the list of
272 filterLabels contribute towards the overall metadataFilter match.
273
274 MATCH_ANY - At least one of the filterLabels must have a matching
275 label in the provided metadata.
276 MATCH_ALL - All filterLabels must have matching labels in the
277 provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"].
278 type: string
279 required:
280 - filterLabels
281 - filterMatchCriteria
282 type: object
283 type: array
284 networkRef:
285 description: |-
286 This field is not used for external load balancing. For internal
287 load balancing, this field identifies the network that the load
288 balanced IP should belong to for this forwarding rule. If this
289 field is not specified, the default network will be used.
290 oneOf:
291 - not:
292 required:
293 - external
294 required:
295 - name
296 - not:
297 anyOf:
298 - required:
299 - name
300 - required:
301 - namespace
302 required:
303 - external
304 properties:
305 external:
306 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
307 resource.'
308 type: string
309 name:
310 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
311 type: string
312 namespace:
313 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
314 type: string
315 type: object
316 networkTier:
317 description: |-
318 Immutable. This signifies the networking tier used for configuring
319 this load balancer and can only take the following values:
320 'PREMIUM', 'STANDARD'.
321
322 For regional ForwardingRule, the valid values are 'PREMIUM' and
323 'STANDARD'. For GlobalForwardingRule, the valid value is
324 'PREMIUM'.
325
326 If this field is not specified, it is assumed to be 'PREMIUM'.
327 If 'IPAddress' is specified, this value must be equal to the
328 networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"].
329 type: string
330 portRange:
331 description: |-
332 Immutable. This field can only be used:
333
334 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
335 * By backend service-based network load balancers, target pool-based
336 network load balancers, internal proxy load balancers, external proxy load
337 balancers, Traffic Director, external protocol forwarding, and Classic VPN.
338 Some products have restrictions on what ports can be used. See
339 [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)
340 for details.
341
342
343 Only packets addressed to ports in the specified range will be forwarded to
344 the backends configured with this forwarding rule.
345
346 The 'ports' and 'port_range' fields are mutually exclusive.
347
348 For external forwarding rules, two or more forwarding rules cannot use the
349 same '[IPAddress, IPProtocol]' pair, and cannot have
350 overlapping 'portRange's.
351
352 For internal forwarding rules within the same VPC network, two or more
353 forwarding rules cannot use the same '[IPAddress, IPProtocol]'
354 pair, and cannot have overlapping 'portRange's.
355 type: string
356 ports:
357 description: |-
358 Immutable. This field can only be used:
359
360 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
361 * By internal TCP/UDP load balancers, backend service-based network load
362 balancers, and internal protocol forwarding.
363
364
365 You can specify a list of up to five ports by number, separated by commas.
366 The ports can be contiguous or discontiguous. Only packets addressed to
367 these ports will be forwarded to the backends configured with this
368 forwarding rule.
369
370 For external forwarding rules, two or more forwarding rules cannot use the
371 same '[IPAddress, IPProtocol]' pair, and cannot share any values
372 defined in 'ports'.
373
374 For internal forwarding rules within the same VPC network, two or more
375 forwarding rules cannot use the same '[IPAddress, IPProtocol]'
376 pair, and cannot share any values defined in 'ports'.
377
378 The 'ports' and 'port_range' fields are mutually exclusive.
379 items:
380 type: string
381 type: array
382 resourceID:
383 description: Immutable. Optional. The name of the resource. Used for
384 creation and acquisition. When unset, the value of `metadata.name`
385 is used as the default.
386 type: string
387 serviceDirectoryRegistrations:
388 description: |-
389 Immutable. Service Directory resources to register this forwarding rule with.
390
391 Currently, only supports a single Service Directory resource.
392 items:
393 properties:
394 namespace:
395 description: Immutable. Service Directory namespace to register
396 the forwarding rule under.
397 type: string
398 service:
399 description: Immutable. Service Directory service to register
400 the forwarding rule under.
401 type: string
402 type: object
403 type: array
404 serviceLabel:
405 description: |-
406 Immutable. An optional prefix to the service name for this Forwarding Rule.
407 If specified, will be the first label of the fully qualified service
408 name.
409
410 The label must be 1-63 characters long, and comply with RFC1035.
411 Specifically, the label must be 1-63 characters long and match the
412 regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first
413 character must be a lowercase letter, and all following characters
414 must be a dash, lowercase letter, or digit, except the last
415 character, which cannot be a dash.
416
417 This field is only used for INTERNAL load balancing.
418 type: string
419 sourceIpRanges:
420 description: Immutable. If not empty, this Forwarding Rule will only
421 forward the traffic when the source IP address matches one of the
422 IP addresses or CIDR ranges set here. Note that a Forwarding Rule
423 can only have up to 64 source IP ranges, and this field can only
424 be used with a regional Forwarding Rule whose scheme is EXTERNAL.
425 Each sourceIpRange entry should be either an IP address (for example,
426 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
427 items:
428 type: string
429 type: array
430 subnetworkRef:
431 description: |-
432 The subnetwork that the load balanced IP should belong to for this
433 forwarding rule. This field is only used for internal load
434 balancing.
435
436 If the network specified is in auto subnet mode, this field is
437 optional. However, if the network is in custom subnet mode, a
438 subnetwork must be specified.
439 oneOf:
440 - not:
441 required:
442 - external
443 required:
444 - name
445 - not:
446 anyOf:
447 - required:
448 - name
449 - required:
450 - namespace
451 required:
452 - external
453 properties:
454 external:
455 description: 'Allowed value: The `name` field of a `ComputeSubnetwork`
456 resource.'
457 type: string
458 name:
459 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
460 type: string
461 namespace:
462 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
463 type: string
464 type: object
465 target:
466 description: |-
467 The target resource to receive the matched traffic. The forwarded
468 traffic must be of a type appropriate to the target object. For
469 INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
470 are valid.
471 oneOf:
472 - required:
473 - targetGRPCProxyRef
474 - required:
475 - targetHTTPProxyRef
476 - required:
477 - targetHTTPSProxyRef
478 - required:
479 - targetSSLProxyRef
480 - required:
481 - targetTCPProxyRef
482 - required:
483 - targetVPNGatewayRef
484 properties:
485 targetGRPCProxyRef:
486 oneOf:
487 - not:
488 required:
489 - external
490 required:
491 - name
492 - not:
493 anyOf:
494 - required:
495 - name
496 - required:
497 - namespace
498 required:
499 - external
500 properties:
501 external:
502 description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy`
503 resource.'
504 type: string
505 name:
506 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
507 type: string
508 namespace:
509 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
510 type: string
511 type: object
512 targetHTTPProxyRef:
513 oneOf:
514 - not:
515 required:
516 - external
517 required:
518 - name
519 - not:
520 anyOf:
521 - required:
522 - name
523 - required:
524 - namespace
525 required:
526 - external
527 properties:
528 external:
529 description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy`
530 resource.'
531 type: string
532 name:
533 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
534 type: string
535 namespace:
536 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
537 type: string
538 type: object
539 targetHTTPSProxyRef:
540 oneOf:
541 - not:
542 required:
543 - external
544 required:
545 - name
546 - not:
547 anyOf:
548 - required:
549 - name
550 - required:
551 - namespace
552 required:
553 - external
554 properties:
555 external:
556 description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy`
557 resource.'
558 type: string
559 name:
560 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
561 type: string
562 namespace:
563 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
564 type: string
565 type: object
566 targetSSLProxyRef:
567 oneOf:
568 - not:
569 required:
570 - external
571 required:
572 - name
573 - not:
574 anyOf:
575 - required:
576 - name
577 - required:
578 - namespace
579 required:
580 - external
581 properties:
582 external:
583 description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy`
584 resource.'
585 type: string
586 name:
587 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
588 type: string
589 namespace:
590 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
591 type: string
592 type: object
593 targetTCPProxyRef:
594 oneOf:
595 - not:
596 required:
597 - external
598 required:
599 - name
600 - not:
601 anyOf:
602 - required:
603 - name
604 - required:
605 - namespace
606 required:
607 - external
608 properties:
609 external:
610 description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy`
611 resource.'
612 type: string
613 name:
614 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
615 type: string
616 namespace:
617 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
618 type: string
619 type: object
620 targetVPNGatewayRef:
621 oneOf:
622 - not:
623 required:
624 - external
625 required:
626 - name
627 - not:
628 anyOf:
629 - required:
630 - name
631 - required:
632 - namespace
633 required:
634 - external
635 properties:
636 external:
637 description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway`
638 resource.'
639 type: string
640 name:
641 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
642 type: string
643 namespace:
644 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
645 type: string
646 type: object
647 type: object
648 required:
649 - location
650 type: object
651 status:
652 properties:
653 baseForwardingRule:
654 description: '[Output Only] The URL for the corresponding base Forwarding
655 Rule. By base Forwarding Rule, we mean the Forwarding Rule that
656 has the same IP address, protocol, and port settings with the current
657 Forwarding Rule, but without sourceIPRanges specified. Always empty
658 if the current Forwarding Rule does not have sourceIPRanges specified.'
659 type: string
660 conditions:
661 description: Conditions represent the latest available observation
662 of the resource's current state.
663 items:
664 properties:
665 lastTransitionTime:
666 description: Last time the condition transitioned from one status
667 to another.
668 type: string
669 message:
670 description: Human-readable message indicating details about
671 last transition.
672 type: string
673 reason:
674 description: Unique, one-word, CamelCase reason for the condition's
675 last transition.
676 type: string
677 status:
678 description: Status is the status of the condition. Can be True,
679 False, Unknown.
680 type: string
681 type:
682 description: Type is the type of the condition.
683 type: string
684 type: object
685 type: array
686 creationTimestamp:
687 description: Creation timestamp in RFC3339 text format.
688 type: string
689 labelFingerprint:
690 description: |-
691 The fingerprint used for optimistic locking of this resource. Used
692 internally during updates.
693 type: string
694 observedGeneration:
695 description: ObservedGeneration is the generation of the resource
696 that was most recently observed by the Config Connector controller.
697 If this is equal to metadata.generation, then that means that the
698 current reported status reflects the most recent desired state of
699 the resource.
700 type: integer
701 pscConnectionId:
702 description: The PSC connection id of the PSC Forwarding Rule.
703 type: string
704 pscConnectionStatus:
705 description: 'The PSC connection status of the PSC Forwarding Rule.
706 Possible values: ''STATUS_UNSPECIFIED'', ''PENDING'', ''ACCEPTED'',
707 ''REJECTED'', ''CLOSED''.'
708 type: string
709 selfLink:
710 type: string
711 serviceName:
712 description: |-
713 The internal fully qualified service name for this Forwarding Rule.
714
715 This field is only used for INTERNAL load balancing.
716 type: string
717 type: object
718 required:
719 - spec
720 type: object
721 served: true
722 storage: true
723 subresources:
724 status: {}
725status:
726 acceptedNames:
727 kind: ""
728 plural: ""
729 conditions: []
730 storedVersions: []
View as plain text