1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com
27spec:
28 group: networkservices.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: NetworkServicesEdgeCacheKeyset
33 plural: networkservicesedgecachekeysets
34 shortNames:
35 - gcpnetworkservicesedgecachekeyset
36 - gcpnetworkservicesedgecachekeysets
37 singular: networkservicesedgecachekeyset
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 description:
75 description: A human-readable description of the resource.
76 type: string
77 projectRef:
78 description: The project that this resource belongs to.
79 oneOf:
80 - not:
81 required:
82 - external
83 required:
84 - name
85 - not:
86 anyOf:
87 - required:
88 - name
89 - required:
90 - namespace
91 required:
92 - external
93 properties:
94 external:
95 description: 'Allowed value: The `name` field of a `Project` resource.'
96 type: string
97 name:
98 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
99 type: string
100 namespace:
101 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
102 type: string
103 type: object
104 publicKey:
105 description: |-
106 An ordered list of Ed25519 public keys to use for validating signed requests.
107 You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.
108 You may specify no more than one Google-managed public key.
109 If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.
110
111 Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.
112 Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset.
113 items:
114 properties:
115 id:
116 description: |-
117 The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.
118 The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*
119 which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
120 type: string
121 managed:
122 description: Set to true to have the CDN automatically manage
123 this public key value.
124 type: boolean
125 value:
126 description: |-
127 The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).
128 Representations or encodings of the public key other than this will be rejected with an error.
129 oneOf:
130 - not:
131 required:
132 - valueFrom
133 required:
134 - value
135 - not:
136 required:
137 - value
138 required:
139 - valueFrom
140 properties:
141 value:
142 description: Value of the field. Cannot be used if 'valueFrom'
143 is specified.
144 type: string
145 valueFrom:
146 description: Source for the field's value. Cannot be used
147 if 'value' is specified.
148 properties:
149 secretKeyRef:
150 description: Reference to a value with the given key
151 in the given Secret in the resource's namespace.
152 properties:
153 key:
154 description: Key that identifies the value to be
155 extracted.
156 type: string
157 name:
158 description: Name of the Secret to extract a value
159 from.
160 type: string
161 required:
162 - name
163 - key
164 type: object
165 type: object
166 type: object
167 required:
168 - id
169 type: object
170 type: array
171 resourceID:
172 description: Immutable. Optional. The name of the resource. Used for
173 creation and acquisition. When unset, the value of `metadata.name`
174 is used as the default.
175 type: string
176 validationSharedKeys:
177 description: |-
178 An ordered list of shared keys to use for validating signed requests.
179 Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.
180 You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.
181 You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.
182 items:
183 properties:
184 secretVersion:
185 description: |-
186 The name of the secret version in Secret Manager.
187
188 The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.
189 The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.
190 * If you are using HMAC-SHA1, we suggest 20-byte secrets.
191 * If you are using HMAC-SHA256, we suggest 32-byte secrets.
192 See RFC 2104, Section 3 for more details on these recommendations.
193 type: string
194 required:
195 - secretVersion
196 type: object
197 type: array
198 required:
199 - projectRef
200 type: object
201 status:
202 properties:
203 conditions:
204 description: Conditions represent the latest available observation
205 of the resource's current state.
206 items:
207 properties:
208 lastTransitionTime:
209 description: Last time the condition transitioned from one status
210 to another.
211 type: string
212 message:
213 description: Human-readable message indicating details about
214 last transition.
215 type: string
216 reason:
217 description: Unique, one-word, CamelCase reason for the condition's
218 last transition.
219 type: string
220 status:
221 description: Status is the status of the condition. Can be True,
222 False, Unknown.
223 type: string
224 type:
225 description: Type is the type of the condition.
226 type: string
227 type: object
228 type: array
229 observedGeneration:
230 description: ObservedGeneration is the generation of the resource
231 that was most recently observed by the Config Connector controller.
232 If this is equal to metadata.generation, then that means that the
233 current reported status reflects the most recent desired state of
234 the resource.
235 type: integer
236 type: object
237 required:
238 - spec
239 type: object
240 served: true
241 storage: true
242 subresources:
243 status: {}
244status:
245 acceptedNames:
246 kind: ""
247 plural: ""
248 conditions: []
249 storedVersions: []
View as plain text