1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: dnsmanagedzones.dns.cnrm.cloud.google.com
27spec:
28 group: dns.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: DNSManagedZone
33 plural: dnsmanagedzones
34 shortNames:
35 - gcpdnsmanagedzone
36 - gcpdnsmanagedzones
37 singular: dnsmanagedzone
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 cloudLoggingConfig:
75 description: Cloud logging configuration.
76 properties:
77 enableLogging:
78 description: If set, enable query logging for this ManagedZone.
79 False by default, making logging opt-in.
80 type: boolean
81 required:
82 - enableLogging
83 type: object
84 description:
85 description: A textual description field. Defaults to 'Managed by
86 Config Connector'.
87 type: string
88 dnsName:
89 description: Immutable. The DNS name of this managed zone, for instance
90 "example.com.".
91 type: string
92 dnssecConfig:
93 description: DNSSEC configuration.
94 properties:
95 defaultKeySpecs:
96 description: |-
97 Specifies parameters that will be used for generating initial DnsKeys
98 for this ManagedZone. If you provide a spec for keySigning or zoneSigning,
99 you must also provide one for the other.
100 default_key_specs can only be updated when the state is 'off'.
101 items:
102 properties:
103 algorithm:
104 description: 'String mnemonic specifying the DNSSEC algorithm
105 of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384",
106 "rsasha1", "rsasha256", "rsasha512"].'
107 type: string
108 keyLength:
109 description: Length of the keys in bits.
110 type: integer
111 keyType:
112 description: |-
113 Specifies whether this is a key signing key (KSK) or a zone
114 signing key (ZSK). Key signing keys have the Secure Entry
115 Point flag set and, when active, will only be used to sign
116 resource record sets of type DNSKEY. Zone signing keys do
117 not have the Secure Entry Point flag set and will be used
118 to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"].
119 type: string
120 kind:
121 description: Identifies what kind of resource this is.
122 type: string
123 type: object
124 type: array
125 kind:
126 description: Identifies what kind of resource this is.
127 type: string
128 nonExistence:
129 description: |-
130 Specifies the mechanism used to provide authenticated denial-of-existence responses.
131 non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"].
132 type: string
133 state:
134 description: 'Specifies whether DNSSEC is enabled, and what mode
135 it is in Possible values: ["off", "on", "transfer"].'
136 type: string
137 type: object
138 forwardingConfig:
139 description: |-
140 The presence for this field indicates that outbound forwarding is enabled
141 for this zone. The value of this field contains the set of destinations
142 to forward to.
143 properties:
144 targetNameServers:
145 description: |-
146 List of target name servers to forward to. Cloud DNS will
147 select the best available name server if more than
148 one target is given.
149 items:
150 properties:
151 forwardingPath:
152 description: |-
153 Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding
154 decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go
155 to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"].
156 type: string
157 ipv4Address:
158 description: IPv4 address of a target name server.
159 type: string
160 required:
161 - ipv4Address
162 type: object
163 type: array
164 required:
165 - targetNameServers
166 type: object
167 peeringConfig:
168 description: |-
169 The presence of this field indicates that DNS Peering is enabled for this
170 zone. The value of this field contains the network to peer with.
171 properties:
172 targetNetwork:
173 description: The network with which to peer.
174 properties:
175 networkRef:
176 description: VPC network to forward queries to.
177 oneOf:
178 - not:
179 required:
180 - external
181 required:
182 - name
183 - not:
184 anyOf:
185 - required:
186 - name
187 - required:
188 - namespace
189 required:
190 - external
191 properties:
192 external:
193 description: 'Allowed value: The `selfLink` field of a
194 `ComputeNetwork` resource.'
195 type: string
196 name:
197 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
198 type: string
199 namespace:
200 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
201 type: string
202 type: object
203 required:
204 - networkRef
205 type: object
206 required:
207 - targetNetwork
208 type: object
209 privateVisibilityConfig:
210 description: |-
211 For privately visible zones, the set of Virtual Private Cloud
212 resources that the zone is visible from.
213 properties:
214 gkeClusters:
215 description: The list of Google Kubernetes Engine clusters that
216 can see this zone.
217 items:
218 properties:
219 gkeClusterNameRef:
220 description: |-
221 The resource name of the cluster to bind this ManagedZone to.
222 This should be specified in the format like
223 'projects/*/locations/*/clusters/*'.
224 oneOf:
225 - not:
226 required:
227 - external
228 required:
229 - name
230 - not:
231 anyOf:
232 - required:
233 - name
234 - required:
235 - namespace
236 required:
237 - external
238 properties:
239 external:
240 description: 'Allowed value: The `selfLink` field of
241 a `ContainerCluster` resource.'
242 type: string
243 name:
244 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
245 type: string
246 namespace:
247 description: 'Namespace of the referent. More info:
248 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
249 type: string
250 type: object
251 required:
252 - gkeClusterNameRef
253 type: object
254 type: array
255 networks:
256 items:
257 properties:
258 networkRef:
259 description: VPC network to bind to.
260 oneOf:
261 - not:
262 required:
263 - external
264 required:
265 - name
266 - not:
267 anyOf:
268 - required:
269 - name
270 - required:
271 - namespace
272 required:
273 - external
274 properties:
275 external:
276 description: 'Allowed value: The `selfLink` field of
277 a `ComputeNetwork` resource.'
278 type: string
279 name:
280 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
281 type: string
282 namespace:
283 description: 'Namespace of the referent. More info:
284 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
285 type: string
286 type: object
287 required:
288 - networkRef
289 type: object
290 type: array
291 required:
292 - networks
293 type: object
294 resourceID:
295 description: Immutable. Optional. The name of the resource. Used for
296 creation and acquisition. When unset, the value of `metadata.name`
297 is used as the default.
298 type: string
299 reverseLookup:
300 description: |-
301 Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse
302 lookup queries using automatically configured records for VPC resources. This only applies
303 to networks listed under 'private_visibility_config'.
304 type: boolean
305 serviceDirectoryConfig:
306 description: Immutable. The presence of this field indicates that
307 this zone is backed by Service Directory. The value of this field
308 contains information related to the namespace associated with the
309 zone.
310 properties:
311 namespace:
312 description: The namespace associated with the zone.
313 properties:
314 namespaceUrl:
315 description: |-
316 The fully qualified or partial URL of the service directory namespace that should be
317 associated with the zone. This should be formatted like
318 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}'
319 or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}'
320 Ignored for 'public' visibility zones.
321 type: string
322 required:
323 - namespaceUrl
324 type: object
325 required:
326 - namespace
327 type: object
328 visibility:
329 description: |-
330 Immutable. The zone's visibility: public zones are exposed to the Internet,
331 while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"].
332 type: string
333 required:
334 - dnsName
335 type: object
336 status:
337 properties:
338 conditions:
339 description: Conditions represent the latest available observation
340 of the resource's current state.
341 items:
342 properties:
343 lastTransitionTime:
344 description: Last time the condition transitioned from one status
345 to another.
346 type: string
347 message:
348 description: Human-readable message indicating details about
349 last transition.
350 type: string
351 reason:
352 description: Unique, one-word, CamelCase reason for the condition's
353 last transition.
354 type: string
355 status:
356 description: Status is the status of the condition. Can be True,
357 False, Unknown.
358 type: string
359 type:
360 description: Type is the type of the condition.
361 type: string
362 type: object
363 type: array
364 creationTime:
365 description: |-
366 The time that this resource was created on the server.
367 This is in RFC3339 text format.
368 type: string
369 managedZoneId:
370 description: Unique identifier for the resource; defined by the server.
371 type: integer
372 nameServers:
373 description: |-
374 Delegate your managed_zone to these virtual name servers;
375 defined by the server.
376 items:
377 type: string
378 type: array
379 observedGeneration:
380 description: ObservedGeneration is the generation of the resource
381 that was most recently observed by the Config Connector controller.
382 If this is equal to metadata.generation, then that means that the
383 current reported status reflects the most recent desired state of
384 the resource.
385 type: integer
386 type: object
387 required:
388 - spec
389 type: object
390 served: true
391 storage: true
392 subresources:
393 status: {}
394status:
395 acceptedNames:
396 kind: ""
397 plural: ""
398 conditions: []
399 storedVersions: []
View as plain text