...

Text file src/github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings/run.yaml

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings 

     1# Copyright 2023 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#      http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15apiVersion: core.cnrm.cloud.google.com/v1alpha1
    16kind: ServiceMapping
    17metadata:
    18  name: run.cnrm.cloud.google.com
    19  namespace: cnrm-system
    20spec:
    21  name: Run
    22  version: v1beta1
    23  serviceHostName: "run.googleapis.com"
    24  resources:
    25  - name: google_cloud_run_v2_job
    26    kind: RunJob
    27    ignoredFields:
    28      - conditions
    29      - generation
    30      - observed_generation
    31      - labels
    32      - template.template.vpc_access.connector
    33      - template.labels
    34      - template.template.volumes.cloud_sql_instance
    35    iamConfig:
    36      policyName: google_cloud_run_v2_job_iam_policy
    37      policyMemberName: google_cloud_run_v2_job_iam_member
    38      referenceField:
    39        name: name
    40        type: name
    41      supportsConditions: false
    42    idTemplate: "projects/{{project}}/locations/{{location}}/jobs/{{name}}"
    43    idTemplateCanBeUsedToMatchResourceName: false
    44    metadataMapping:
    45      name: name
    46    resourceID:
    47      targetField: name
    48    resourceAvailableInAssetInventory: false
    49    hierarchicalReferences:
    50    - type: project
    51      key: projectRef
    52    resourceReferences:
    53    - tfField: project
    54      key: projectRef
    55      description: |-
    56        The project that this resource belongs to.
    57      gvk:
    58        kind: Project
    59        version: v1beta1
    60        group: resourcemanager.cnrm.cloud.google.com
    61    - tfField: template.template.containers.env.value_source.secret_key_ref.secret
    62      description: |-
    63        The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.
    64      key: secretRef
    65      targetField: name
    66      gvk:
    67        kind: SecretManagerSecret
    68        version: v1beta1
    69        group: secretmanager.cnrm.cloud.google.com
    70    - tfField: template.template.containers.env.value_source.secret_key_ref.version
    71      description: |-
    72          The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.
    73      key: versionRef
    74      targetField: version
    75      gvk:
    76        kind: SecretManagerSecretVersion
    77        version: v1beta1
    78        group: secretmanager.cnrm.cloud.google.com
    79    - tfField: template.template.service_account
    80      description: |-
    81        Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.
    82      key: serviceAccountRef
    83      targetField: email
    84      gvk:
    85        kind: IAMServiceAccount
    86        version: v1beta1
    87        group: iam.cnrm.cloud.google.com
    88    - tfField: template.template.volumes.secret.secret
    89      description: |-
    90        Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
    91      key: secretRef
    92      targetField: name
    93      gvk:
    94        kind: SecretManagerSecret
    95        version: v1beta1
    96        group: secretmanager.cnrm.cloud.google.com
    97    - tfField: template.template.volumes.secret.items.version
    98      description: |-
    99        The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version
   100      key: versionRef
   101      targetField: version
   102      gvk:
   103        kind: SecretManagerSecretVersion
   104        version: v1beta1
   105        group: secretmanager.cnrm.cloud.google.com
   106    - tfField: template.template.encryption_key
   107      description: |-
   108        A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
   109      key: encryptionKeyRef
   110      targetField: self_link
   111      gvk:
   112        kind: KMSCryptoKey
   113        version: v1beta1
   114        group: kms.cnrm.cloud.google.com
   115

View as plain text