1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: computeforwardingrules.compute.cnrm.cloud.google.com
27spec:
28 group: compute.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ComputeForwardingRule
33 plural: computeforwardingrules
34 shortNames:
35 - gcpcomputeforwardingrule
36 - gcpcomputeforwardingrules
37 singular: computeforwardingrule
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 allPorts:
75 description: |-
76 Immutable. This field can only be used:
77 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
78 * By internal TCP/UDP load balancers, backend service-based network load
79 balancers, and internal and external protocol forwarding.
80
81
82 Set this field to true to allow packets addressed to any port or packets
83 lacking destination port information (for example, UDP fragments after the
84 first fragment) to be forwarded to the backends configured with this
85 forwarding rule.
86
87 The 'ports', 'port_range', and
88 'allPorts' fields are mutually exclusive.
89 type: boolean
90 allowGlobalAccess:
91 description: |-
92 This field is used along with the 'backend_service' field for
93 internal load balancing or with the 'target' field for internal
94 TargetInstance.
95
96 If the field is set to 'TRUE', clients can access ILB from all
97 regions.
98
99 Otherwise only allows access from clients in the same region as the
100 internal load balancer.
101 type: boolean
102 allowPscGlobalAccess:
103 description: Immutable. This is used in PSC consumer ForwardingRule
104 to control whether the PSC endpoint can be accessed from another
105 region.
106 type: boolean
107 backendServiceRef:
108 description: |-
109 A ComputeBackendService to receive the matched traffic. This is
110 used only for internal load balancing.
111 oneOf:
112 - not:
113 required:
114 - external
115 required:
116 - name
117 - not:
118 anyOf:
119 - required:
120 - name
121 - required:
122 - namespace
123 required:
124 - external
125 properties:
126 external:
127 description: 'Allowed value: The `selfLink` field of a `ComputeBackendService`
128 resource.'
129 type: string
130 name:
131 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
132 type: string
133 namespace:
134 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
135 type: string
136 type: object
137 description:
138 description: |-
139 Immutable. An optional description of this resource. Provide this property when
140 you create the resource.
141 type: string
142 ipAddress:
143 description: |-
144 The IP address that this forwarding rule is serving on behalf of.
145
146 Addresses are restricted based on the forwarding rule's load
147 balancing scheme (EXTERNAL or INTERNAL) and scope (global or
148 regional).
149
150 When the load balancing scheme is EXTERNAL, for global forwarding
151 rules, the address must be a global IP, and for regional forwarding
152 rules, the address must live in the same region as the forwarding
153 rule. If this field is empty, an ephemeral IPv4 address from the
154 same scope (global or regional) will be assigned. A regional
155 forwarding rule supports IPv4 only. A global forwarding rule
156 supports either IPv4 or IPv6.
157
158 When the load balancing scheme is INTERNAL, this can only be an RFC
159 1918 IP address belonging to the network/subnet configured for the
160 forwarding rule. By default, if this field is empty, an ephemeral
161 internal IP address will be automatically allocated from the IP
162 range of the subnet or network configured for this forwarding rule.
163 oneOf:
164 - required:
165 - addressRef
166 - required:
167 - ip
168 properties:
169 addressRef:
170 oneOf:
171 - not:
172 required:
173 - external
174 required:
175 - name
176 - not:
177 anyOf:
178 - required:
179 - name
180 - required:
181 - namespace
182 required:
183 - external
184 properties:
185 external:
186 description: 'Allowed value: The `address` field of a `ComputeAddress`
187 resource.'
188 type: string
189 name:
190 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
191 type: string
192 namespace:
193 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
194 type: string
195 type: object
196 ip:
197 type: string
198 type: object
199 ipProtocol:
200 description: |-
201 Immutable. The IP protocol to which this rule applies.
202
203 For protocol forwarding, valid
204 options are 'TCP', 'UDP', 'ESP',
205 'AH', 'SCTP', 'ICMP' and
206 'L3_DEFAULT'.
207
208 The valid IP protocols are different for different load balancing products
209 as described in [Load balancing
210 features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"].
211 type: string
212 ipVersion:
213 description: 'Immutable. The IP Version that will be used by this
214 global forwarding rule. Possible values: ["IPV4", "IPV6"].'
215 type: string
216 isMirroringCollector:
217 description: |-
218 Immutable. Indicates whether or not this load balancer can be used as a collector for
219 packet mirroring. To prevent mirroring loops, instances behind this
220 load balancer will not have their traffic mirrored even if a
221 'PacketMirroring' rule applies to them.
222
223 This can only be set to true for load balancers that have their
224 'loadBalancingScheme' set to 'INTERNAL'.
225 type: boolean
226 loadBalancingScheme:
227 description: |-
228 Immutable. Specifies the forwarding rule type.
229
230 For more information about forwarding rules, refer to
231 [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED"].
232 type: string
233 location:
234 description: 'Location represents the geographical location of the
235 ComputeForwardingRule. Specify a region name or "global" for global
236 resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
237 type: string
238 metadataFilters:
239 description: |-
240 Immutable. Opaque filter criteria used by Loadbalancer to restrict routing
241 configuration to a limited set xDS compliant clients. In their xDS
242 requests to Loadbalancer, xDS clients present node metadata. If a
243 match takes place, the relevant routing configuration is made available
244 to those proxies.
245
246 For each metadataFilter in this list, if its filterMatchCriteria is set
247 to MATCH_ANY, at least one of the filterLabels must match the
248 corresponding label provided in the metadata. If its filterMatchCriteria
249 is set to MATCH_ALL, then all of its filterLabels must match with
250 corresponding labels in the provided metadata.
251
252 metadataFilters specified here can be overridden by those specified in
253 the UrlMap that this ForwardingRule references.
254
255 metadataFilters only applies to Loadbalancers that have their
256 loadBalancingScheme set to INTERNAL_SELF_MANAGED.
257 items:
258 properties:
259 filterLabels:
260 description: |-
261 Immutable. The list of label value pairs that must match labels in the
262 provided metadata based on filterMatchCriteria
263
264 This list must not be empty and can have at the most 64 entries.
265 items:
266 properties:
267 name:
268 description: |-
269 Immutable. Name of the metadata label. The length must be between
270 1 and 1024 characters, inclusive.
271 type: string
272 value:
273 description: |-
274 Immutable. The value that the label must match. The value has a maximum
275 length of 1024 characters.
276 type: string
277 required:
278 - name
279 - value
280 type: object
281 type: array
282 filterMatchCriteria:
283 description: |-
284 Immutable. Specifies how individual filterLabel matches within the list of
285 filterLabels contribute towards the overall metadataFilter match.
286
287 MATCH_ANY - At least one of the filterLabels must have a matching
288 label in the provided metadata.
289 MATCH_ALL - All filterLabels must have matching labels in the
290 provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"].
291 type: string
292 required:
293 - filterLabels
294 - filterMatchCriteria
295 type: object
296 type: array
297 networkRef:
298 description: |-
299 This field is not used for external load balancing. For internal
300 load balancing, this field identifies the network that the load
301 balanced IP should belong to for this forwarding rule. If this
302 field is not specified, the default network will be used.
303 oneOf:
304 - not:
305 required:
306 - external
307 required:
308 - name
309 - not:
310 anyOf:
311 - required:
312 - name
313 - required:
314 - namespace
315 required:
316 - external
317 properties:
318 external:
319 description: 'Allowed value: The `selfLink` field of a `ComputeNetwork`
320 resource.'
321 type: string
322 name:
323 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
324 type: string
325 namespace:
326 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
327 type: string
328 type: object
329 networkTier:
330 description: |-
331 Immutable. This signifies the networking tier used for configuring
332 this load balancer and can only take the following values:
333 'PREMIUM', 'STANDARD'.
334
335 For regional ForwardingRule, the valid values are 'PREMIUM' and
336 'STANDARD'. For GlobalForwardingRule, the valid value is
337 'PREMIUM'.
338
339 If this field is not specified, it is assumed to be 'PREMIUM'.
340 If 'IPAddress' is specified, this value must be equal to the
341 networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"].
342 type: string
343 portRange:
344 description: |-
345 Immutable. This field can only be used:
346
347 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
348 * By backend service-based network load balancers, target pool-based
349 network load balancers, internal proxy load balancers, external proxy load
350 balancers, Traffic Director, external protocol forwarding, and Classic VPN.
351 Some products have restrictions on what ports can be used. See
352 [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)
353 for details.
354
355
356 Only packets addressed to ports in the specified range will be forwarded to
357 the backends configured with this forwarding rule.
358
359 The 'ports' and 'port_range' fields are mutually exclusive.
360
361 For external forwarding rules, two or more forwarding rules cannot use the
362 same '[IPAddress, IPProtocol]' pair, and cannot have
363 overlapping 'portRange's.
364
365 For internal forwarding rules within the same VPC network, two or more
366 forwarding rules cannot use the same '[IPAddress, IPProtocol]'
367 pair, and cannot have overlapping 'portRange's.
368 type: string
369 ports:
370 description: |-
371 Immutable. This field can only be used:
372
373 * If 'IPProtocol' is one of TCP, UDP, or SCTP.
374 * By internal TCP/UDP load balancers, backend service-based network load
375 balancers, and internal protocol forwarding.
376
377
378 You can specify a list of up to five ports by number, separated by commas.
379 The ports can be contiguous or discontiguous. Only packets addressed to
380 these ports will be forwarded to the backends configured with this
381 forwarding rule.
382
383 For external forwarding rules, two or more forwarding rules cannot use the
384 same '[IPAddress, IPProtocol]' pair, and cannot share any values
385 defined in 'ports'.
386
387 For internal forwarding rules within the same VPC network, two or more
388 forwarding rules cannot use the same '[IPAddress, IPProtocol]'
389 pair, and cannot share any values defined in 'ports'.
390
391 The 'ports' and 'port_range' fields are mutually exclusive.
392 items:
393 type: string
394 type: array
395 resourceID:
396 description: Immutable. Optional. The name of the resource. Used for
397 creation and acquisition. When unset, the value of `metadata.name`
398 is used as the default.
399 type: string
400 serviceDirectoryRegistrations:
401 description: |-
402 Immutable. Service Directory resources to register this forwarding rule with.
403
404 Currently, only supports a single Service Directory resource.
405 items:
406 properties:
407 namespace:
408 description: Immutable. Service Directory namespace to register
409 the forwarding rule under.
410 type: string
411 service:
412 description: Immutable. Service Directory service to register
413 the forwarding rule under.
414 type: string
415 type: object
416 type: array
417 serviceLabel:
418 description: |-
419 Immutable. An optional prefix to the service name for this Forwarding Rule.
420 If specified, will be the first label of the fully qualified service
421 name.
422
423 The label must be 1-63 characters long, and comply with RFC1035.
424 Specifically, the label must be 1-63 characters long and match the
425 regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first
426 character must be a lowercase letter, and all following characters
427 must be a dash, lowercase letter, or digit, except the last
428 character, which cannot be a dash.
429
430 This field is only used for INTERNAL load balancing.
431 type: string
432 sourceIpRanges:
433 description: Immutable. If not empty, this Forwarding Rule will only
434 forward the traffic when the source IP address matches one of the
435 IP addresses or CIDR ranges set here. Note that a Forwarding Rule
436 can only have up to 64 source IP ranges, and this field can only
437 be used with a regional Forwarding Rule whose scheme is EXTERNAL.
438 Each sourceIpRange entry should be either an IP address (for example,
439 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
440 items:
441 type: string
442 type: array
443 subnetworkRef:
444 description: |-
445 The subnetwork that the load balanced IP should belong to for this
446 forwarding rule. This field is only used for internal load
447 balancing.
448
449 If the network specified is in auto subnet mode, this field is
450 optional. However, if the network is in custom subnet mode, a
451 subnetwork must be specified.
452 oneOf:
453 - not:
454 required:
455 - external
456 required:
457 - name
458 - not:
459 anyOf:
460 - required:
461 - name
462 - required:
463 - namespace
464 required:
465 - external
466 properties:
467 external:
468 description: 'Allowed value: The `name` field of a `ComputeSubnetwork`
469 resource.'
470 type: string
471 name:
472 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
473 type: string
474 namespace:
475 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
476 type: string
477 type: object
478 target:
479 description: |-
480 The target resource to receive the matched traffic. The forwarded
481 traffic must be of a type appropriate to the target object. For
482 INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
483 are valid.
484 oneOf:
485 - required:
486 - targetGRPCProxyRef
487 - required:
488 - targetHTTPProxyRef
489 - required:
490 - targetHTTPSProxyRef
491 - required:
492 - targetSSLProxyRef
493 - required:
494 - targetTCPProxyRef
495 - required:
496 - targetVPNGatewayRef
497 properties:
498 targetGRPCProxyRef:
499 oneOf:
500 - not:
501 required:
502 - external
503 required:
504 - name
505 - not:
506 anyOf:
507 - required:
508 - name
509 - required:
510 - namespace
511 required:
512 - external
513 properties:
514 external:
515 description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy`
516 resource.'
517 type: string
518 name:
519 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
520 type: string
521 namespace:
522 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
523 type: string
524 type: object
525 targetHTTPProxyRef:
526 oneOf:
527 - not:
528 required:
529 - external
530 required:
531 - name
532 - not:
533 anyOf:
534 - required:
535 - name
536 - required:
537 - namespace
538 required:
539 - external
540 properties:
541 external:
542 description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy`
543 resource.'
544 type: string
545 name:
546 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
547 type: string
548 namespace:
549 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
550 type: string
551 type: object
552 targetHTTPSProxyRef:
553 oneOf:
554 - not:
555 required:
556 - external
557 required:
558 - name
559 - not:
560 anyOf:
561 - required:
562 - name
563 - required:
564 - namespace
565 required:
566 - external
567 properties:
568 external:
569 description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy`
570 resource.'
571 type: string
572 name:
573 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
574 type: string
575 namespace:
576 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
577 type: string
578 type: object
579 targetSSLProxyRef:
580 oneOf:
581 - not:
582 required:
583 - external
584 required:
585 - name
586 - not:
587 anyOf:
588 - required:
589 - name
590 - required:
591 - namespace
592 required:
593 - external
594 properties:
595 external:
596 description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy`
597 resource.'
598 type: string
599 name:
600 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
601 type: string
602 namespace:
603 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
604 type: string
605 type: object
606 targetTCPProxyRef:
607 oneOf:
608 - not:
609 required:
610 - external
611 required:
612 - name
613 - not:
614 anyOf:
615 - required:
616 - name
617 - required:
618 - namespace
619 required:
620 - external
621 properties:
622 external:
623 description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy`
624 resource.'
625 type: string
626 name:
627 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
628 type: string
629 namespace:
630 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
631 type: string
632 type: object
633 targetVPNGatewayRef:
634 oneOf:
635 - not:
636 required:
637 - external
638 required:
639 - name
640 - not:
641 anyOf:
642 - required:
643 - name
644 - required:
645 - namespace
646 required:
647 - external
648 properties:
649 external:
650 description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway`
651 resource.'
652 type: string
653 name:
654 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
655 type: string
656 namespace:
657 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
658 type: string
659 type: object
660 type: object
661 required:
662 - location
663 type: object
664 status:
665 properties:
666 baseForwardingRule:
667 description: '[Output Only] The URL for the corresponding base Forwarding
668 Rule. By base Forwarding Rule, we mean the Forwarding Rule that
669 has the same IP address, protocol, and port settings with the current
670 Forwarding Rule, but without sourceIPRanges specified. Always empty
671 if the current Forwarding Rule does not have sourceIPRanges specified.'
672 type: string
673 conditions:
674 description: Conditions represent the latest available observation
675 of the resource's current state.
676 items:
677 properties:
678 lastTransitionTime:
679 description: Last time the condition transitioned from one status
680 to another.
681 type: string
682 message:
683 description: Human-readable message indicating details about
684 last transition.
685 type: string
686 reason:
687 description: Unique, one-word, CamelCase reason for the condition's
688 last transition.
689 type: string
690 status:
691 description: Status is the status of the condition. Can be True,
692 False, Unknown.
693 type: string
694 type:
695 description: Type is the type of the condition.
696 type: string
697 type: object
698 type: array
699 creationTimestamp:
700 description: Creation timestamp in RFC3339 text format.
701 type: string
702 labelFingerprint:
703 description: |-
704 The fingerprint used for optimistic locking of this resource. Used
705 internally during updates.
706 type: string
707 observedGeneration:
708 description: ObservedGeneration is the generation of the resource
709 that was most recently observed by the Config Connector controller.
710 If this is equal to metadata.generation, then that means that the
711 current reported status reflects the most recent desired state of
712 the resource.
713 type: integer
714 pscConnectionId:
715 description: The PSC connection id of the PSC Forwarding Rule.
716 type: string
717 pscConnectionStatus:
718 description: 'The PSC connection status of the PSC Forwarding Rule.
719 Possible values: ''STATUS_UNSPECIFIED'', ''PENDING'', ''ACCEPTED'',
720 ''REJECTED'', ''CLOSED''.'
721 type: string
722 selfLink:
723 type: string
724 serviceName:
725 description: |-
726 The internal fully qualified service name for this Forwarding Rule.
727
728 This field is only used for INTERNAL load balancing.
729 type: string
730 type: object
731 required:
732 - spec
733 type: object
734 served: true
735 storage: true
736 subresources:
737 status: {}
738status:
739 acceptedNames:
740 kind: ""
741 plural: ""
742 conditions: []
743 storedVersions: []
View as plain text