1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com
27spec:
28 group: networksecurity.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: NetworkSecurityServerTLSPolicy
33 plural: networksecurityservertlspolicies
34 shortNames:
35 - gcpnetworksecurityservertlspolicy
36 - gcpnetworksecurityservertlspolicies
37 singular: networksecurityservertlspolicy
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 allowOpen:
75 description: Optional. Determines if server allows plaintext connections.
76 If set to true, server allows plain text connections. By default,
77 it is set to false. This setting is not exclusive of other encryption
78 modes. For example, if allow_open and mtls_policy are set, server
79 allows both plain text and mTLS connections. See documentation of
80 other encryption modes to confirm compatibility.
81 type: boolean
82 description:
83 description: Optional. Free-text description of the resource.
84 type: string
85 location:
86 description: Immutable. The location for the resource
87 type: string
88 mtlsPolicy:
89 description: Optional. Defines a mechanism to provision peer validation
90 certificates for peer to peer authentication (Mutual TLS - mTLS).
91 If not specified, client certificate will not be requested. The
92 connection is treated as TLS and not mTLS. If allow_open and mtls_policy
93 are set, server allows both plain text and mTLS connections.
94 properties:
95 clientValidationCa:
96 description: Required. Defines the mechanism to obtain the Certificate
97 Authority certificate to validate the client certificate.
98 items:
99 properties:
100 certificateProviderInstance:
101 description: The certificate provider instance specification
102 that will be passed to the data plane, which will be used
103 to load necessary credential information.
104 properties:
105 pluginInstance:
106 description: Required. Plugin instance name, used to
107 locate and load CertificateProvider instance configuration.
108 Set to "google_cloud_private_spiffe" to use Certificate
109 Authority Service certificate provider instance.
110 type: string
111 required:
112 - pluginInstance
113 type: object
114 grpcEndpoint:
115 description: gRPC specific configuration to access the gRPC
116 server to obtain the CA certificate.
117 properties:
118 targetUri:
119 description: Required. The target URI of the gRPC endpoint.
120 Only UDS path is supported, and should start with
121 “unix:”.
122 type: string
123 required:
124 - targetUri
125 type: object
126 type: object
127 type: array
128 required:
129 - clientValidationCa
130 type: object
131 projectRef:
132 description: Immutable. The Project that this resource belongs to.
133 oneOf:
134 - not:
135 required:
136 - external
137 required:
138 - name
139 - not:
140 anyOf:
141 - required:
142 - name
143 - required:
144 - namespace
145 required:
146 - external
147 properties:
148 external:
149 description: |-
150 The project for the resource
151
152 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
153 type: string
154 name:
155 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
156 type: string
157 namespace:
158 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
159 type: string
160 type: object
161 resourceID:
162 description: Immutable. Optional. The name of the resource. Used for
163 creation and acquisition. When unset, the value of `metadata.name`
164 is used as the default.
165 type: string
166 serverCertificate:
167 description: Optional. Defines a mechanism to provision server identity
168 (public and private keys). Cannot be combined with allow_open as
169 a permissive mode that allows both plain text and TLS is not supported.
170 properties:
171 certificateProviderInstance:
172 description: The certificate provider instance specification that
173 will be passed to the data plane, which will be used to load
174 necessary credential information.
175 properties:
176 pluginInstance:
177 description: Required. Plugin instance name, used to locate
178 and load CertificateProvider instance configuration. Set
179 to "google_cloud_private_spiffe" to use Certificate Authority
180 Service certificate provider instance.
181 type: string
182 required:
183 - pluginInstance
184 type: object
185 grpcEndpoint:
186 description: gRPC specific configuration to access the gRPC server
187 to obtain the cert and private key.
188 properties:
189 targetUri:
190 description: Required. The target URI of the gRPC endpoint.
191 Only UDS path is supported, and should start with “unix:”.
192 type: string
193 required:
194 - targetUri
195 type: object
196 type: object
197 required:
198 - location
199 type: object
200 status:
201 properties:
202 conditions:
203 description: Conditions represent the latest available observation
204 of the resource's current state.
205 items:
206 properties:
207 lastTransitionTime:
208 description: Last time the condition transitioned from one status
209 to another.
210 type: string
211 message:
212 description: Human-readable message indicating details about
213 last transition.
214 type: string
215 reason:
216 description: Unique, one-word, CamelCase reason for the condition's
217 last transition.
218 type: string
219 status:
220 description: Status is the status of the condition. Can be True,
221 False, Unknown.
222 type: string
223 type:
224 description: Type is the type of the condition.
225 type: string
226 type: object
227 type: array
228 createTime:
229 description: Output only. The timestamp when the resource was created.
230 format: date-time
231 type: string
232 observedGeneration:
233 description: ObservedGeneration is the generation of the resource
234 that was most recently observed by the Config Connector controller.
235 If this is equal to metadata.generation, then that means that the
236 current reported status reflects the most recent desired state of
237 the resource.
238 type: integer
239 updateTime:
240 description: Output only. The timestamp when the resource was updated.
241 format: date-time
242 type: string
243 type: object
244 required:
245 - spec
246 type: object
247 served: true
248 storage: true
249 subresources:
250 status: {}
251status:
252 acceptedNames:
253 kind: ""
254 plural: ""
255 conditions: []
256 storedVersions: []
View as plain text