1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: computebackendservices.compute.cnrm.cloud.google.com
27spec:
28 group: compute.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ComputeBackendService
33 plural: computebackendservices
34 shortNames:
35 - gcpcomputebackendservice
36 - gcpcomputebackendservices
37 singular: computebackendservice
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 affinityCookieTtlSec:
75 description: |-
76 Lifetime of cookies in seconds if session_affinity is
77 GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts
78 only until the end of the browser session (or equivalent). The
79 maximum allowed value for TTL is one day.
80
81 When the load balancing scheme is INTERNAL, this field is not used.
82 type: integer
83 backend:
84 description: The set of backends that serve this BackendService.
85 items:
86 properties:
87 balancingMode:
88 description: |-
89 Specifies the balancing mode for this backend.
90
91 For global HTTP(S) or TCP/SSL load balancing, the default is
92 UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))
93 and CONNECTION (for TCP/SSL).
94
95 See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)
96 for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"].
97 type: string
98 capacityScaler:
99 description: |-
100 A multiplier applied to the group's maximum servicing capacity
101 (based on UTILIZATION, RATE or CONNECTION).
102
103 Default value is 1, which means the group will serve up to 100%
104 of its configured capacity (depending on balancingMode). A
105 setting of 0 means the group is completely drained, offering
106 0% of its available Capacity. Valid range is [0.0,1.0].
107 type: number
108 description:
109 description: |-
110 An optional description of this resource.
111 Provide this property when you create the resource.
112 type: string
113 failover:
114 description: |-
115 This field designates whether this is a failover backend. More
116 than one failover backend can be configured for a given RegionBackendService.
117 type: boolean
118 group:
119 description: |-
120 Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup
121 resource. In case of instance group this defines the list of
122 instances that serve traffic. Member virtual machine instances from
123 each instance group must live in the same zone as the instance
124 group itself. No two backends in a backend service are allowed to
125 use same Instance Group resource.
126
127 For Network Endpoint Groups this defines list of endpoints. All
128 endpoints of Network Endpoint Group must be hosted on instances
129 located in the same zone as the Network Endpoint Group.
130
131 Backend services cannot mix Instance Group and Network Endpoint
132 Group backends.
133
134 When the 'load_balancing_scheme' is INTERNAL, only instance groups
135 are supported.
136 oneOf:
137 - required:
138 - instanceGroupRef
139 - required:
140 - networkEndpointGroupRef
141 properties:
142 instanceGroupRef:
143 oneOf:
144 - not:
145 required:
146 - external
147 required:
148 - name
149 - not:
150 anyOf:
151 - required:
152 - name
153 - required:
154 - namespace
155 required:
156 - external
157 properties:
158 external:
159 description: 'Allowed value: The `selfLink` field of
160 a `ComputeInstanceGroup` resource.'
161 type: string
162 name:
163 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
164 type: string
165 namespace:
166 description: 'Namespace of the referent. More info:
167 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
168 type: string
169 type: object
170 networkEndpointGroupRef:
171 oneOf:
172 - not:
173 required:
174 - external
175 required:
176 - name
177 - not:
178 anyOf:
179 - required:
180 - name
181 - required:
182 - namespace
183 required:
184 - external
185 properties:
186 external:
187 description: 'Allowed value: The `selfLink` field of
188 a `ComputeNetworkEndpointGroup` resource.'
189 type: string
190 name:
191 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
192 type: string
193 namespace:
194 description: 'Namespace of the referent. More info:
195 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
196 type: string
197 type: object
198 type: object
199 maxConnections:
200 description: |-
201 The max number of simultaneous connections for the group. Can
202 be used with either CONNECTION or UTILIZATION balancing modes.
203
204 For CONNECTION mode, either maxConnections or one
205 of maxConnectionsPerInstance or maxConnectionsPerEndpoint,
206 as appropriate for group type, must be set.
207 type: integer
208 maxConnectionsPerEndpoint:
209 description: |-
210 The max number of simultaneous connections that a single backend
211 network endpoint can handle. This is used to calculate the
212 capacity of the group. Can be used in either CONNECTION or
213 UTILIZATION balancing modes.
214
215 For CONNECTION mode, either
216 maxConnections or maxConnectionsPerEndpoint must be set.
217 type: integer
218 maxConnectionsPerInstance:
219 description: |-
220 The max number of simultaneous connections that a single
221 backend instance can handle. This is used to calculate the
222 capacity of the group. Can be used in either CONNECTION or
223 UTILIZATION balancing modes.
224
225 For CONNECTION mode, either maxConnections or
226 maxConnectionsPerInstance must be set.
227 type: integer
228 maxRate:
229 description: |-
230 The max requests per second (RPS) of the group.
231
232 Can be used with either RATE or UTILIZATION balancing modes,
233 but required if RATE mode. For RATE mode, either maxRate or one
234 of maxRatePerInstance or maxRatePerEndpoint, as appropriate for
235 group type, must be set.
236 type: integer
237 maxRatePerEndpoint:
238 description: |-
239 The max requests per second (RPS) that a single backend network
240 endpoint can handle. This is used to calculate the capacity of
241 the group. Can be used in either balancing mode. For RATE mode,
242 either maxRate or maxRatePerEndpoint must be set.
243 type: number
244 maxRatePerInstance:
245 description: |-
246 The max requests per second (RPS) that a single backend
247 instance can handle. This is used to calculate the capacity of
248 the group. Can be used in either balancing mode. For RATE mode,
249 either maxRate or maxRatePerInstance must be set.
250 type: number
251 maxUtilization:
252 description: |-
253 Used when balancingMode is UTILIZATION. This ratio defines the
254 CPU utilization target for the group. Valid range is [0.0, 1.0].
255 type: number
256 required:
257 - group
258 type: object
259 type: array
260 cdnPolicy:
261 description: Cloud CDN configuration for this BackendService.
262 properties:
263 bypassCacheOnRequestHeaders:
264 description: |-
265 Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.
266 The cache is bypassed for all cdnPolicy.cacheMode settings.
267 items:
268 properties:
269 headerName:
270 description: The header field name to match on when bypassing
271 cache. Values are case-insensitive.
272 type: string
273 required:
274 - headerName
275 type: object
276 type: array
277 cacheKeyPolicy:
278 description: The CacheKeyPolicy for this CdnPolicy.
279 properties:
280 includeHost:
281 description: If true requests to different hosts will be cached
282 separately.
283 type: boolean
284 includeHttpHeaders:
285 description: |-
286 Allows HTTP request headers (by name) to be used in the
287 cache key.
288 items:
289 type: string
290 type: array
291 includeNamedCookies:
292 description: Names of cookies to include in cache keys.
293 items:
294 type: string
295 type: array
296 includeProtocol:
297 description: If true, http and https requests will be cached
298 separately.
299 type: boolean
300 includeQueryString:
301 description: |-
302 If true, include query string parameters in the cache key
303 according to query_string_whitelist and
304 query_string_blacklist. If neither is set, the entire query
305 string will be included.
306
307 If false, the query string will be excluded from the cache
308 key entirely.
309 type: boolean
310 queryStringBlacklist:
311 description: |-
312 Names of query string parameters to exclude in cache keys.
313
314 All other parameters will be included. Either specify
315 query_string_whitelist or query_string_blacklist, not both.
316 '&' and '=' will be percent encoded and not treated as
317 delimiters.
318 items:
319 type: string
320 type: array
321 queryStringWhitelist:
322 description: |-
323 Names of query string parameters to include in cache keys.
324
325 All other parameters will be excluded. Either specify
326 query_string_whitelist or query_string_blacklist, not both.
327 '&' and '=' will be percent encoded and not treated as
328 delimiters.
329 items:
330 type: string
331 type: array
332 type: object
333 cacheMode:
334 description: |-
335 Specifies the cache setting for all responses from this backend.
336 The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"].
337 type: string
338 clientTtl:
339 description: Specifies the maximum allowed TTL for cached content
340 served by this origin.
341 type: integer
342 defaultTtl:
343 description: |-
344 Specifies the default TTL for cached content served by this origin for responses
345 that do not have an existing valid TTL (max-age or s-max-age).
346 type: integer
347 maxTtl:
348 description: Specifies the maximum allowed TTL for cached content
349 served by this origin.
350 type: integer
351 negativeCaching:
352 description: Negative caching allows per-status code TTLs to be
353 set, in order to apply fine-grained caching for common errors
354 or redirects.
355 type: boolean
356 negativeCachingPolicy:
357 description: |-
358 Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.
359 Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.
360 items:
361 properties:
362 code:
363 description: |-
364 The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501
365 can be specified as values, and you cannot specify a status code more than once.
366 type: integer
367 ttl:
368 description: |-
369 The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s
370 (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
371 type: integer
372 type: object
373 type: array
374 serveWhileStale:
375 description: Serve existing content from the cache (if available)
376 when revalidating content with the origin, or when an error
377 is encountered when refreshing the cache.
378 type: integer
379 signedUrlCacheMaxAgeSec:
380 description: |-
381 Maximum number of seconds the response to a signed URL request
382 will be considered fresh, defaults to 1hr (3600s). After this
383 time period, the response will be revalidated before
384 being served.
385
386 When serving responses to signed URL requests, Cloud CDN will
387 internally behave as though all responses from this backend had a
388 "Cache-Control: public, max-age=[TTL]" header, regardless of any
389 existing Cache-Control header. The actual headers served in
390 responses will not be altered.
391 type: integer
392 type: object
393 circuitBreakers:
394 description: |-
395 Settings controlling the volume of connections to a backend service. This field
396 is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
397 properties:
398 connectTimeout:
399 description: The timeout for new network connections to hosts.
400 properties:
401 nanos:
402 description: |-
403 Span of time that's a fraction of a second at nanosecond
404 resolution. Durations less than one second are represented
405 with a 0 seconds field and a positive nanos field. Must
406 be from 0 to 999,999,999 inclusive.
407 type: integer
408 seconds:
409 description: |-
410 Span of time at a resolution of a second.
411 Must be from 0 to 315,576,000,000 inclusive.
412 type: integer
413 required:
414 - seconds
415 type: object
416 maxConnections:
417 description: |-
418 The maximum number of connections to the backend cluster.
419 Defaults to 1024.
420 type: integer
421 maxPendingRequests:
422 description: |-
423 The maximum number of pending requests to the backend cluster.
424 Defaults to 1024.
425 type: integer
426 maxRequests:
427 description: |-
428 The maximum number of parallel requests to the backend cluster.
429 Defaults to 1024.
430 type: integer
431 maxRequestsPerConnection:
432 description: |-
433 Maximum requests for a single backend connection. This parameter
434 is respected by both the HTTP/1.1 and HTTP/2 implementations. If
435 not specified, there is no limit. Setting this parameter to 1
436 will effectively disable keep alive.
437 type: integer
438 maxRetries:
439 description: |-
440 The maximum number of parallel retries to the backend cluster.
441 Defaults to 3.
442 type: integer
443 type: object
444 compressionMode:
445 description: 'Compress text responses using Brotli or gzip compression,
446 based on the client''s Accept-Encoding header. Possible values:
447 ["AUTOMATIC", "DISABLED"].'
448 type: string
449 connectionDrainingTimeoutSec:
450 description: |-
451 Time for which instance will be drained (not accept new
452 connections, but still work to finish started).
453 type: integer
454 connectionTrackingPolicy:
455 description: |-
456 Connection Tracking configuration for this BackendService.
457 This is available only for Layer 4 Internal Load Balancing and
458 Network Load Balancing.
459 properties:
460 connectionPersistenceOnUnhealthyBackends:
461 description: |-
462 Specifies connection persistence when backends are unhealthy.
463
464 If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on
465 unhealthy backends only for connection-oriented protocols (TCP and SCTP)
466 and only if the Tracking Mode is PER_CONNECTION (default tracking mode)
467 or the Session Affinity is configured for 5-tuple. They do not persist
468 for UDP.
469
470 If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing
471 connections on the unhealthy backend are never persisted on the unhealthy
472 backend. They are always diverted to newly selected healthy backends
473 (unless all backends are unhealthy).
474
475 If set to 'ALWAYS_PERSIST', existing connections always persist on
476 unhealthy backends regardless of protocol and session affinity. It is
477 generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"].
478 type: string
479 idleTimeoutSec:
480 description: |-
481 Specifies how long to keep a Connection Tracking entry while there is
482 no matching traffic (in seconds).
483
484 For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours.
485
486 For NLB the minimum(default) is 60 seconds and the maximum is 16 hours.
487 type: integer
488 trackingMode:
489 description: |-
490 Specifies the key used for connection tracking. There are two options:
491 'PER_CONNECTION': The Connection Tracking is performed as per the
492 Connection Key (default Hash Method) for the specific protocol.
493
494 'PER_SESSION': The Connection Tracking is performed as per the
495 configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"].
496 type: string
497 type: object
498 consistentHash:
499 description: |-
500 Consistent Hash-based load balancing can be used to provide soft session
501 affinity based on HTTP headers, cookies or other properties. This load balancing
502 policy is applicable only for HTTP connections. The affinity to a particular
503 destination host will be lost when one or more hosts are added/removed from the
504 destination service. This field specifies parameters that control consistent
505 hashing. This field only applies if the load_balancing_scheme is set to
506 INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is
507 set to MAGLEV or RING_HASH.
508 properties:
509 httpCookie:
510 description: |-
511 Hash is based on HTTP Cookie. This field describes a HTTP cookie
512 that will be used as the hash key for the consistent hash load
513 balancer. If the cookie is not present, it will be generated.
514 This field is applicable if the sessionAffinity is set to HTTP_COOKIE.
515 properties:
516 name:
517 description: Name of the cookie.
518 type: string
519 path:
520 description: Path to set for the cookie.
521 type: string
522 ttl:
523 description: Lifetime of the cookie.
524 properties:
525 nanos:
526 description: |-
527 Span of time that's a fraction of a second at nanosecond
528 resolution. Durations less than one second are represented
529 with a 0 seconds field and a positive nanos field. Must
530 be from 0 to 999,999,999 inclusive.
531 type: integer
532 seconds:
533 description: |-
534 Span of time at a resolution of a second.
535 Must be from 0 to 315,576,000,000 inclusive.
536 type: integer
537 required:
538 - seconds
539 type: object
540 type: object
541 httpHeaderName:
542 description: |-
543 The hash based on the value of the specified header field.
544 This field is applicable if the sessionAffinity is set to HEADER_FIELD.
545 type: string
546 minimumRingSize:
547 description: |-
548 The minimum number of virtual nodes to use for the hash ring.
549 Larger ring sizes result in more granular load
550 distributions. If the number of hosts in the load balancing pool
551 is larger than the ring size, each host will be assigned a single
552 virtual node.
553 Defaults to 1024.
554 type: integer
555 type: object
556 customRequestHeaders:
557 description: |-
558 Headers that the HTTP/S load balancer should add to proxied
559 requests.
560 items:
561 type: string
562 type: array
563 customResponseHeaders:
564 description: |-
565 Headers that the HTTP/S load balancer should add to proxied
566 responses.
567 items:
568 type: string
569 type: array
570 description:
571 description: An optional description of this resource.
572 type: string
573 edgeSecurityPolicyRef:
574 description: |-
575 The resource URL for the edge security policy associated with this
576 backend service.
577 oneOf:
578 - not:
579 required:
580 - external
581 required:
582 - name
583 - not:
584 anyOf:
585 - required:
586 - name
587 - required:
588 - namespace
589 required:
590 - external
591 properties:
592 external:
593 description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy`
594 resource.'
595 type: string
596 name:
597 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
598 type: string
599 namespace:
600 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
601 type: string
602 type: object
603 enableCdn:
604 description: If true, enable Cloud CDN for this BackendService.
605 type: boolean
606 failoverPolicy:
607 description: Policy for failovers.
608 properties:
609 disableConnectionDrainOnFailover:
610 description: |-
611 On failover or failback, this field indicates whether connection drain
612 will be honored. Setting this to true has the following effect: connections
613 to the old active pool are not drained. Connections to the new active pool
614 use the timeout of 10 min (currently fixed). Setting to false has the
615 following effect: both old and new connections will have a drain timeout
616 of 10 min.
617 This can be set to true only if the protocol is TCP.
618 The default is false.
619 type: boolean
620 dropTrafficIfUnhealthy:
621 description: |-
622 This option is used only when no healthy VMs are detected in the primary
623 and backup instance groups. When set to true, traffic is dropped. When
624 set to false, new connections are sent across all VMs in the primary group.
625 The default is false.
626 type: boolean
627 failoverRatio:
628 description: |-
629 The value of the field must be in [0, 1]. If the ratio of the healthy
630 VMs in the primary backend is at or below this number, traffic arriving
631 at the load-balanced IP will be directed to the failover backend.
632 In case where 'failoverRatio' is not set or all the VMs in the backup
633 backend are unhealthy, the traffic will be directed back to the primary
634 backend in the "force" mode, where traffic will be spread to the healthy
635 VMs with the best effort, or to all VMs when no VM is healthy.
636 This field is only used with l4 load balancing.
637 type: number
638 type: object
639 healthChecks:
640 items:
641 description: |-
642 The health check resources for health checking this
643 ComputeBackendService. Currently at most one health check can be
644 specified, and a health check is required.
645 oneOf:
646 - required:
647 - healthCheckRef
648 - required:
649 - httpHealthCheckRef
650 properties:
651 healthCheckRef:
652 oneOf:
653 - not:
654 required:
655 - external
656 required:
657 - name
658 - not:
659 anyOf:
660 - required:
661 - name
662 - required:
663 - namespace
664 required:
665 - external
666 properties:
667 external:
668 description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck`
669 resource.'
670 type: string
671 name:
672 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
673 type: string
674 namespace:
675 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
676 type: string
677 type: object
678 httpHealthCheckRef:
679 oneOf:
680 - not:
681 required:
682 - external
683 required:
684 - name
685 - not:
686 anyOf:
687 - required:
688 - name
689 - required:
690 - namespace
691 required:
692 - external
693 properties:
694 external:
695 description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck`
696 resource.'
697 type: string
698 name:
699 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
700 type: string
701 namespace:
702 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
703 type: string
704 type: object
705 type: object
706 type: array
707 iap:
708 description: Settings for enabling Cloud Identity Aware Proxy.
709 oneOf:
710 - required:
711 - oauth2ClientId
712 - required:
713 - oauth2ClientIdRef
714 properties:
715 oauth2ClientId:
716 description: DEPRECATED. Although this field is still available,
717 there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef`
718 instead.
719 type: string
720 oauth2ClientIdRef:
721 description: OAuth2 Client ID for IAP.
722 oneOf:
723 - not:
724 required:
725 - external
726 required:
727 - name
728 - not:
729 anyOf:
730 - required:
731 - name
732 - required:
733 - namespace
734 required:
735 - external
736 properties:
737 external:
738 description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient`
739 resource.'
740 type: string
741 name:
742 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
743 type: string
744 namespace:
745 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
746 type: string
747 type: object
748 oauth2ClientSecret:
749 description: OAuth2 Client Secret for IAP.
750 oneOf:
751 - not:
752 required:
753 - valueFrom
754 required:
755 - value
756 - not:
757 required:
758 - value
759 required:
760 - valueFrom
761 properties:
762 value:
763 description: Value of the field. Cannot be used if 'valueFrom'
764 is specified.
765 type: string
766 valueFrom:
767 description: Source for the field's value. Cannot be used
768 if 'value' is specified.
769 properties:
770 secretKeyRef:
771 description: Reference to a value with the given key in
772 the given Secret in the resource's namespace.
773 properties:
774 key:
775 description: Key that identifies the value to be extracted.
776 type: string
777 name:
778 description: Name of the Secret to extract a value
779 from.
780 type: string
781 required:
782 - key
783 - name
784 type: object
785 type: object
786 type: object
787 oauth2ClientSecretSha256:
788 description: OAuth2 Client Secret SHA-256 for IAP.
789 type: string
790 type: object
791 loadBalancingScheme:
792 description: |-
793 Immutable. Indicates whether the backend service will be used with internal or
794 external load balancing. A backend service created for one type of
795 load balancing cannot be used with the other. For more information, refer to
796 [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"].
797 type: string
798 localityLbPolicies:
799 description: |-
800 A list of locality load balancing policies to be used in order of
801 preference. Either the policy or the customPolicy field should be set.
802 Overrides any value set in the localityLbPolicy field.
803
804 localityLbPolicies is only supported when the BackendService is referenced
805 by a URL Map that is referenced by a target gRPC proxy that has the
806 validateForProxyless field set to true.
807 items:
808 properties:
809 customPolicy:
810 description: |-
811 The configuration for a custom policy implemented by the user and
812 deployed with the client.
813 properties:
814 data:
815 description: |-
816 An optional, arbitrary JSON object with configuration data, understood
817 by a locally installed custom policy implementation.
818 type: string
819 name:
820 description: |-
821 Identifies the custom policy.
822
823 The value should match the type the custom implementation is registered
824 with on the gRPC clients. It should follow protocol buffer
825 message naming conventions and include the full path (e.g.
826 myorg.CustomLbPolicy). The maximum length is 256 characters.
827
828 Note that specifying the same custom policy more than once for a
829 backend is not a valid configuration and will be rejected.
830 type: string
831 required:
832 - name
833 type: object
834 policy:
835 description: The configuration for a built-in load balancing
836 policy.
837 properties:
838 name:
839 description: |-
840 The name of a locality load balancer policy to be used. The value
841 should be one of the predefined ones as supported by localityLbPolicy,
842 although at the moment only ROUND_ROBIN is supported.
843
844 This field should only be populated when the customPolicy field is not
845 used.
846
847 Note that specifying the same policy more than once for a backend is
848 not a valid configuration and will be rejected.
849
850 The possible values are:
851
852 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
853 is selected in round robin order.
854
855 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
856 hosts and picks the host which has fewer active requests.
857
858 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
859 hashing to backends. The algorithm has the property that the
860 addition/removal of a host from a set of N hosts only affects
861 1/N of the requests.
862
863 * 'RANDOM': The load balancer selects a random healthy host.
864
865 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
866 connection metadata, i.e., connections are opened
867 to the same address as the destination address of
868 the incoming connection before the connection
869 was redirected to the load balancer.
870
871 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
872 Maglev is not as stable as ring hash but has faster table lookup
873 build times and host selection times. For more information about
874 Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"].
875 type: string
876 required:
877 - name
878 type: object
879 type: object
880 type: array
881 localityLbPolicy:
882 description: |-
883 The load balancing algorithm used within the scope of the locality.
884 The possible values are:
885
886 * 'ROUND_ROBIN': This is a simple policy in which each healthy backend
887 is selected in round robin order.
888
889 * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy
890 hosts and picks the host which has fewer active requests.
891
892 * 'RING_HASH': The ring/modulo hash load balancer implements consistent
893 hashing to backends. The algorithm has the property that the
894 addition/removal of a host from a set of N hosts only affects
895 1/N of the requests.
896
897 * 'RANDOM': The load balancer selects a random healthy host.
898
899 * 'ORIGINAL_DESTINATION': Backend host is selected based on the client
900 connection metadata, i.e., connections are opened
901 to the same address as the destination address of
902 the incoming connection before the connection
903 was redirected to the load balancer.
904
905 * 'MAGLEV': used as a drop in replacement for the ring hash load balancer.
906 Maglev is not as stable as ring hash but has faster table lookup
907 build times and host selection times. For more information about
908 Maglev, refer to https://ai.google/research/pubs/pub44824
909
910 * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check
911 reported weights. If set, the Backend Service must
912 configure a non legacy HTTP-based Health Check, and
913 health check replies are expected to contain
914 non-standard HTTP response header field
915 X-Load-Balancing-Endpoint-Weight to specify the
916 per-instance weights. If set, Load Balancing is weight
917 based on the per-instance weights reported in the last
918 processed health check replies, as long as every
919 instance either reported a valid weight or had
920 UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains
921 equal-weight.
922
923
924 This field is applicable to either:
925
926 * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,
927 and loadBalancingScheme set to INTERNAL_MANAGED.
928 * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
929 * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
930 Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
931 Network Load Balancing. The default is MAGLEV.
932
933
934 If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,
935 or RING_HASH, session affinity settings will not take effect.
936
937 Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
938 by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
939 field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"].
940 type: string
941 location:
942 description: 'Location represents the geographical location of the
943 ComputeBackendService. Specify a region name or "global" for global
944 resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
945 type: string
946 logConfig:
947 description: |-
948 This field denotes the logging options for the load balancer traffic served by this backend service.
949 If logging is enabled, logs will be exported to Stackdriver.
950 properties:
951 enable:
952 description: Whether to enable logging for the load balancer traffic
953 served by this backend service.
954 type: boolean
955 sampleRate:
956 description: |-
957 This field can only be specified if logging is enabled for this backend service. The value of
958 the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer
959 where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.
960 The default value is 1.0.
961 type: number
962 type: object
963 networkRef:
964 description: |-
965 The network to which this backend service belongs. This field can
966 only be specified when the load balancing scheme is set to
967 INTERNAL.
968 oneOf:
969 - not:
970 required:
971 - external
972 required:
973 - name
974 - not:
975 anyOf:
976 - required:
977 - name
978 - required:
979 - namespace
980 required:
981 - external
982 properties:
983 external:
984 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
985 resource.'
986 type: string
987 name:
988 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
989 type: string
990 namespace:
991 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
992 type: string
993 type: object
994 outlierDetection:
995 description: |-
996 Settings controlling eviction of unhealthy hosts from the load balancing pool.
997 This field is applicable only when the load_balancing_scheme is set
998 to INTERNAL_SELF_MANAGED.
999 properties:
1000 baseEjectionTime:
1001 description: |-
1002 The base time that a host is ejected for. The real time is equal to the base
1003 time multiplied by the number of times the host has been ejected. Defaults to
1004 30000ms or 30s.
1005 properties:
1006 nanos:
1007 description: |-
1008 Span of time that's a fraction of a second at nanosecond resolution. Durations
1009 less than one second are represented with a 0 'seconds' field and a positive
1010 'nanos' field. Must be from 0 to 999,999,999 inclusive.
1011 type: integer
1012 seconds:
1013 description: |-
1014 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
1015 inclusive.
1016 type: integer
1017 required:
1018 - seconds
1019 type: object
1020 consecutiveErrors:
1021 description: |-
1022 Number of errors before a host is ejected from the connection pool. When the
1023 backend host is accessed over HTTP, a 5xx return code qualifies as an error.
1024 Defaults to 5.
1025 type: integer
1026 consecutiveGatewayFailure:
1027 description: |-
1028 The number of consecutive gateway failures (502, 503, 504 status or connection
1029 errors that are mapped to one of those status codes) before a consecutive
1030 gateway failure ejection occurs. Defaults to 5.
1031 type: integer
1032 enforcingConsecutiveErrors:
1033 description: |-
1034 The percentage chance that a host will be actually ejected when an outlier
1035 status is detected through consecutive 5xx. This setting can be used to disable
1036 ejection or to ramp it up slowly. Defaults to 100.
1037 type: integer
1038 enforcingConsecutiveGatewayFailure:
1039 description: |-
1040 The percentage chance that a host will be actually ejected when an outlier
1041 status is detected through consecutive gateway failures. This setting can be
1042 used to disable ejection or to ramp it up slowly. Defaults to 0.
1043 type: integer
1044 enforcingSuccessRate:
1045 description: |-
1046 The percentage chance that a host will be actually ejected when an outlier
1047 status is detected through success rate statistics. This setting can be used to
1048 disable ejection or to ramp it up slowly. Defaults to 100.
1049 type: integer
1050 interval:
1051 description: |-
1052 Time interval between ejection sweep analysis. This can result in both new
1053 ejections as well as hosts being returned to service. Defaults to 10 seconds.
1054 properties:
1055 nanos:
1056 description: |-
1057 Span of time that's a fraction of a second at nanosecond resolution. Durations
1058 less than one second are represented with a 0 'seconds' field and a positive
1059 'nanos' field. Must be from 0 to 999,999,999 inclusive.
1060 type: integer
1061 seconds:
1062 description: |-
1063 Span of time at a resolution of a second. Must be from 0 to 315,576,000,000
1064 inclusive.
1065 type: integer
1066 required:
1067 - seconds
1068 type: object
1069 maxEjectionPercent:
1070 description: |-
1071 Maximum percentage of hosts in the load balancing pool for the backend service
1072 that can be ejected. Defaults to 10%.
1073 type: integer
1074 successRateMinimumHosts:
1075 description: |-
1076 The number of hosts in a cluster that must have enough request volume to detect
1077 success rate outliers. If the number of hosts is less than this setting, outlier
1078 detection via success rate statistics is not performed for any host in the
1079 cluster. Defaults to 5.
1080 type: integer
1081 successRateRequestVolume:
1082 description: |-
1083 The minimum number of total requests that must be collected in one interval (as
1084 defined by the interval duration above) to include this host in success rate
1085 based outlier detection. If the volume is lower than this setting, outlier
1086 detection via success rate statistics is not performed for that host. Defaults
1087 to 100.
1088 type: integer
1089 successRateStdevFactor:
1090 description: |-
1091 This factor is used to determine the ejection threshold for success rate outlier
1092 ejection. The ejection threshold is the difference between the mean success
1093 rate, and the product of this factor and the standard deviation of the mean
1094 success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided
1095 by a thousand to get a double. That is, if the desired factor is 1.9, the
1096 runtime value should be 1900. Defaults to 1900.
1097 type: integer
1098 type: object
1099 portName:
1100 description: |-
1101 Name of backend port. The same name should appear in the instance
1102 groups referenced by this service. Required when the load balancing
1103 scheme is EXTERNAL.
1104 type: string
1105 protocol:
1106 description: |-
1107 The protocol this BackendService uses to communicate with backends.
1108 The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer
1109 types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"].
1110 type: string
1111 resourceID:
1112 description: Immutable. Optional. The name of the resource. Used for
1113 creation and acquisition. When unset, the value of `metadata.name`
1114 is used as the default.
1115 type: string
1116 securityPolicyRef:
1117 description: The security policy associated with this backend service.
1118 oneOf:
1119 - not:
1120 required:
1121 - external
1122 required:
1123 - name
1124 - not:
1125 anyOf:
1126 - required:
1127 - name
1128 - required:
1129 - namespace
1130 required:
1131 - external
1132 properties:
1133 external:
1134 description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy`
1135 resource.'
1136 type: string
1137 name:
1138 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1139 type: string
1140 namespace:
1141 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1142 type: string
1143 type: object
1144 securitySettings:
1145 description: |-
1146 The security settings that apply to this backend service. This field is applicable to either
1147 a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and
1148 load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the
1149 load_balancing_scheme set to INTERNAL_SELF_MANAGED.
1150 properties:
1151 clientTLSPolicyRef:
1152 description: |-
1153 ClientTlsPolicy is a resource that specifies how a client should
1154 authenticate connections to backends of a service. This resource itself
1155 does not affect configuration unless it is attached to a backend
1156 service resource.
1157 oneOf:
1158 - not:
1159 required:
1160 - external
1161 required:
1162 - name
1163 - not:
1164 anyOf:
1165 - required:
1166 - name
1167 - required:
1168 - namespace
1169 required:
1170 - external
1171 properties:
1172 external:
1173 description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy`
1174 resource.'
1175 type: string
1176 name:
1177 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1178 type: string
1179 namespace:
1180 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1181 type: string
1182 type: object
1183 subjectAltNames:
1184 description: |-
1185 A list of alternate names to verify the subject identity in the certificate.
1186 If specified, the client will verify that the server certificate's subject
1187 alt name matches one of the specified values.
1188 items:
1189 type: string
1190 type: array
1191 required:
1192 - clientTLSPolicyRef
1193 - subjectAltNames
1194 type: object
1195 sessionAffinity:
1196 description: |-
1197 Type of session affinity to use. The default is NONE. Session affinity is
1198 not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"].
1199 type: string
1200 subsetting:
1201 description: Subsetting configuration for this BackendService. Currently
1202 this is applicable only for Internal TCP/UDP load balancing and
1203 Internal HTTP(S) load balancing.
1204 properties:
1205 policy:
1206 description: 'The algorithm used for subsetting. Possible values:
1207 ["CONSISTENT_HASH_SUBSETTING"].'
1208 type: string
1209 required:
1210 - policy
1211 type: object
1212 timeoutSec:
1213 description: |-
1214 How many seconds to wait for the backend before considering it a
1215 failed request. Default is 30 seconds. Valid range is [1, 86400].
1216 type: integer
1217 required:
1218 - location
1219 type: object
1220 status:
1221 properties:
1222 conditions:
1223 description: Conditions represent the latest available observation
1224 of the resource's current state.
1225 items:
1226 properties:
1227 lastTransitionTime:
1228 description: Last time the condition transitioned from one status
1229 to another.
1230 type: string
1231 message:
1232 description: Human-readable message indicating details about
1233 last transition.
1234 type: string
1235 reason:
1236 description: Unique, one-word, CamelCase reason for the condition's
1237 last transition.
1238 type: string
1239 status:
1240 description: Status is the status of the condition. Can be True,
1241 False, Unknown.
1242 type: string
1243 type:
1244 description: Type is the type of the condition.
1245 type: string
1246 type: object
1247 type: array
1248 creationTimestamp:
1249 description: Creation timestamp in RFC3339 text format.
1250 type: string
1251 fingerprint:
1252 description: |-
1253 Fingerprint of this resource. A hash of the contents stored in this
1254 object. This field is used in optimistic locking.
1255 type: string
1256 generatedId:
1257 description: The unique identifier for the resource. This identifier
1258 is defined by the server.
1259 type: integer
1260 observedGeneration:
1261 description: ObservedGeneration is the generation of the resource
1262 that was most recently observed by the Config Connector controller.
1263 If this is equal to metadata.generation, then that means that the
1264 current reported status reflects the most recent desired state of
1265 the resource.
1266 type: integer
1267 selfLink:
1268 type: string
1269 type: object
1270 required:
1271 - spec
1272 type: object
1273 served: true
1274 storage: true
1275 subresources:
1276 status: {}
1277status:
1278 acceptedNames:
1279 kind: ""
1280 plural: ""
1281 conditions: []
1282 storedVersions: []
View as plain text