1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: computerouternats.compute.cnrm.cloud.google.com
13spec:
14 group: compute.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: ComputeRouterNAT
19 plural: computerouternats
20 shortNames:
21 - gcpcomputerouternat
22 - gcpcomputerouternats
23 singular: computerouternat
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 drainNatIps:
62 items:
63 description: |-
64 A list of IP resources to be drained. These IPs must be valid
65 static external IPs that have been assigned to the NAT.
66 oneOf:
67 - not:
68 required:
69 - external
70 required:
71 - name
72 - not:
73 anyOf:
74 - required:
75 - name
76 - required:
77 - namespace
78 required:
79 - external
80 properties:
81 external:
82 description: 'Allowed value: The `selfLink` field of a `ComputeAddress`
83 resource.'
84 type: string
85 name:
86 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
87 type: string
88 namespace:
89 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
90 type: string
91 type: object
92 type: array
93 enableDynamicPortAllocation:
94 description: |-
95 Enable Dynamic Port Allocation.
96 If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.
97 If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
98 If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.
99 If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
100
101 Mutually exclusive with enableEndpointIndependentMapping.
102 type: boolean
103 enableEndpointIndependentMapping:
104 description: |-
105 Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information
106 see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).
107 type: boolean
108 icmpIdleTimeoutSec:
109 description: Timeout (in seconds) for ICMP connections. Defaults to
110 30s if not set.
111 type: integer
112 logConfig:
113 description: Configuration for logging on NAT.
114 properties:
115 enable:
116 description: Indicates whether or not to export logs.
117 type: boolean
118 filter:
119 description: 'Specifies the desired filtering of logs on this
120 NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].'
121 type: string
122 required:
123 - enable
124 - filter
125 type: object
126 maxPortsPerVm:
127 description: |-
128 Maximum number of ports allocated to a VM from this NAT.
129 This field can only be set when enableDynamicPortAllocation is enabled.
130 type: integer
131 minPortsPerVm:
132 description: Minimum number of ports allocated to a VM from this NAT.
133 type: integer
134 natIpAllocateOption:
135 description: |-
136 How external IPs should be allocated for this NAT. Valid values are
137 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud
138 Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"].
139 type: string
140 natIps:
141 items:
142 description: NAT IPs. Only valid if natIpAllocateOption is set to
143 MANUAL_ONLY.
144 oneOf:
145 - not:
146 required:
147 - external
148 required:
149 - name
150 - not:
151 anyOf:
152 - required:
153 - name
154 - required:
155 - namespace
156 required:
157 - external
158 properties:
159 external:
160 description: 'Allowed value: The `selfLink` field of a `ComputeAddress`
161 resource.'
162 type: string
163 name:
164 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
165 type: string
166 namespace:
167 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
168 type: string
169 type: object
170 type: array
171 region:
172 description: Immutable. Region where the router and NAT reside.
173 type: string
174 resourceID:
175 description: Immutable. Optional. The name of the resource. Used for
176 creation and acquisition. When unset, the value of `metadata.name`
177 is used as the default.
178 type: string
179 routerRef:
180 description: The Cloud Router in which this NAT will be configured.
181 oneOf:
182 - not:
183 required:
184 - external
185 required:
186 - name
187 - not:
188 anyOf:
189 - required:
190 - name
191 - required:
192 - namespace
193 required:
194 - external
195 properties:
196 external:
197 description: 'Allowed value: The `name` field of a `ComputeRouter`
198 resource.'
199 type: string
200 name:
201 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
202 type: string
203 namespace:
204 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
205 type: string
206 type: object
207 rules:
208 description: A list of rules associated with this NAT.
209 items:
210 properties:
211 action:
212 description: The action to be enforced for traffic that matches
213 this rule.
214 properties:
215 sourceNatActiveIpsRefs:
216 items:
217 description: |-
218 A list of URLs of the IP resources used for this NAT rule. These IP
219 addresses must be valid static external IP addresses assigned to the
220 project. This field is used for public NAT.
221 oneOf:
222 - not:
223 required:
224 - external
225 required:
226 - name
227 - not:
228 anyOf:
229 - required:
230 - name
231 - required:
232 - namespace
233 required:
234 - external
235 properties:
236 external:
237 description: 'Allowed value: The `selfLink` field
238 of a `ComputeAddress` resource.'
239 type: string
240 name:
241 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
242 type: string
243 namespace:
244 description: 'Namespace of the referent. More info:
245 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
246 type: string
247 type: object
248 type: array
249 sourceNatDrainIpsRefs:
250 items:
251 description: |-
252 A list of URLs of the IP resources to be drained. These IPs must be
253 valid static external IPs that have been assigned to the NAT. These
254 IPs should be used for updating/patching a NAT rule only. This field
255 is used for public NAT.
256 oneOf:
257 - not:
258 required:
259 - external
260 required:
261 - name
262 - not:
263 anyOf:
264 - required:
265 - name
266 - required:
267 - namespace
268 required:
269 - external
270 properties:
271 external:
272 description: 'Allowed value: The `selfLink` field
273 of a `ComputeAddress` resource.'
274 type: string
275 name:
276 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
277 type: string
278 namespace:
279 description: 'Namespace of the referent. More info:
280 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
281 type: string
282 type: object
283 type: array
284 type: object
285 description:
286 description: An optional description of this rule.
287 type: string
288 match:
289 description: |-
290 CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.
291 If it evaluates to true, the corresponding action is enforced.
292
293 The following examples are valid match expressions for public NAT:
294
295 "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')"
296
297 "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'"
298
299 The following example is a valid match expression for private NAT:
300
301 "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'".
302 type: string
303 ruleNumber:
304 description: |-
305 An integer uniquely identifying a rule in the list.
306 The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
307 type: integer
308 required:
309 - match
310 - ruleNumber
311 type: object
312 type: array
313 sourceSubnetworkIpRangesToNat:
314 description: |-
315 How NAT should be configured per Subnetwork.
316 If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the
317 IP ranges in every Subnetwork are allowed to Nat.
318 If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP
319 ranges in every Subnetwork are allowed to Nat.
320 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat
321 (specified in the field subnetwork below). Note that if this field
322 contains ALL_SUBNETWORKS_ALL_IP_RANGES or
323 ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
324 other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"].
325 type: string
326 subnetwork:
327 description: |-
328 One or more subnetwork NAT configurations. Only used if
329 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'.
330 items:
331 properties:
332 secondaryIpRangeNames:
333 description: |-
334 List of the secondary ranges of the subnetwork that are allowed
335 to use NAT. This can be populated only if
336 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in
337 sourceIpRangesToNat.
338 items:
339 type: string
340 type: array
341 sourceIpRangesToNat:
342 description: |-
343 List of options for which source IPs in the subnetwork
344 should have NAT enabled. Supported values include:
345 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',
346 'PRIMARY_IP_RANGE'.
347 items:
348 type: string
349 type: array
350 subnetworkRef:
351 description: The subnetwork to NAT.
352 oneOf:
353 - not:
354 required:
355 - external
356 required:
357 - name
358 - not:
359 anyOf:
360 - required:
361 - name
362 - required:
363 - namespace
364 required:
365 - external
366 properties:
367 external:
368 description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork`
369 resource.'
370 type: string
371 name:
372 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
373 type: string
374 namespace:
375 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
376 type: string
377 type: object
378 required:
379 - sourceIpRangesToNat
380 - subnetworkRef
381 type: object
382 type: array
383 tcpEstablishedIdleTimeoutSec:
384 description: |-
385 Timeout (in seconds) for TCP established connections.
386 Defaults to 1200s if not set.
387 type: integer
388 tcpTimeWaitTimeoutSec:
389 description: |-
390 Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
391 Defaults to 120s if not set.
392 type: integer
393 tcpTransitoryIdleTimeoutSec:
394 description: |-
395 Timeout (in seconds) for TCP transitory connections.
396 Defaults to 30s if not set.
397 type: integer
398 udpIdleTimeoutSec:
399 description: Timeout (in seconds) for UDP connections. Defaults to
400 30s if not set.
401 type: integer
402 required:
403 - natIpAllocateOption
404 - region
405 - routerRef
406 - sourceSubnetworkIpRangesToNat
407 type: object
408 status:
409 properties:
410 conditions:
411 description: Conditions represent the latest available observation
412 of the resource's current state.
413 items:
414 properties:
415 lastTransitionTime:
416 description: Last time the condition transitioned from one status
417 to another.
418 type: string
419 message:
420 description: Human-readable message indicating details about
421 last transition.
422 type: string
423 reason:
424 description: Unique, one-word, CamelCase reason for the condition's
425 last transition.
426 type: string
427 status:
428 description: Status is the status of the condition. Can be True,
429 False, Unknown.
430 type: string
431 type:
432 description: Type is the type of the condition.
433 type: string
434 type: object
435 type: array
436 observedGeneration:
437 description: ObservedGeneration is the generation of the resource
438 that was most recently observed by the Config Connector controller.
439 If this is equal to metadata.generation, then that means that the
440 current reported status reflects the most recent desired state of
441 the resource.
442 type: integer
443 type: object
444 required:
445 - spec
446 type: object
447 served: true
448 storage: true
449 subresources:
450 status: {}
451status:
452 acceptedNames:
453 kind: ""
454 plural: ""
455 conditions: []
456 storedVersions: []
View as plain text