1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com
27spec:
28 group: networkservices.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: NetworkServicesEdgeCacheService
33 plural: networkservicesedgecacheservices
34 shortNames:
35 - gcpnetworkservicesedgecacheservice
36 - gcpnetworkservicesedgecacheservices
37 singular: networkservicesedgecacheservice
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 description:
75 description: A human-readable description of the resource.
76 type: string
77 disableHttp2:
78 description: |-
79 Disables HTTP/2.
80
81 HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.
82
83 Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.
84 type: boolean
85 disableQuic:
86 description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.
87 type: boolean
88 edgeSecurityPolicy:
89 description: Resource URL that points at the Cloud Armor edge security
90 policy that is applied on each request against the EdgeCacheService.
91 type: string
92 edgeSslCertificates:
93 description: |-
94 URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.
95
96 Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService.
97 items:
98 type: string
99 type: array
100 logConfig:
101 description: Specifies the logging options for the traffic served
102 by this service. If logging is enabled, logs will be exported to
103 Cloud Logging.
104 properties:
105 enable:
106 description: Specifies whether to enable logging for traffic served
107 by this service.
108 type: boolean
109 sampleRate:
110 description: |-
111 Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].
112
113 This field can only be specified if logging is enabled for this service.
114 type: number
115 type: object
116 projectRef:
117 description: The project that this resource belongs to.
118 oneOf:
119 - not:
120 required:
121 - external
122 required:
123 - name
124 - not:
125 anyOf:
126 - required:
127 - name
128 - required:
129 - namespace
130 required:
131 - external
132 properties:
133 external:
134 description: 'Allowed value: The `name` field of a `Project` resource.'
135 type: string
136 name:
137 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
138 type: string
139 namespace:
140 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
141 type: string
142 type: object
143 requireTls:
144 description: |-
145 Require TLS (HTTPS) for all clients connecting to this service.
146
147 Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).
148 You must have at least one (1) edgeSslCertificate specified to enable this.
149 type: boolean
150 resourceID:
151 description: Immutable. Optional. The name of the resource. Used for
152 creation and acquisition. When unset, the value of `metadata.name`
153 is used as the default.
154 type: string
155 routing:
156 description: Defines how requests are routed, modified, cached and/or
157 which origin content is filled from.
158 properties:
159 hostRule:
160 description: The list of hostRules to match against. These rules
161 define which hostnames the EdgeCacheService will match against,
162 and which route configurations apply.
163 items:
164 properties:
165 description:
166 description: A human-readable description of the hostRule.
167 type: string
168 hosts:
169 description: |-
170 The list of host patterns to match.
171
172 Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.
173
174 When multiple hosts are specified, hosts are matched in the following priority:
175
176 1. Exact domain names: ''www.foo.com''.
177 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.
178 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.
179 4. Special wildcard ''*'' matching any domain.
180
181 Notes:
182
183 The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.
184
185 Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request.
186
187 You may specify up to 10 hosts.
188 items:
189 type: string
190 type: array
191 pathMatcher:
192 description: The name of the pathMatcher associated with
193 this hostRule.
194 type: string
195 required:
196 - hosts
197 - pathMatcher
198 type: object
199 type: array
200 pathMatcher:
201 description: The list of pathMatchers referenced via name by hostRules.
202 PathMatcher is used to match the path portion of the URL when
203 a HostRule matches the URL's host portion.
204 items:
205 properties:
206 description:
207 description: A human-readable description of the resource.
208 type: string
209 name:
210 description: The name to which this PathMatcher is referred
211 by the HostRule.
212 type: string
213 routeRule:
214 description: The routeRules to match against. routeRules
215 support advanced routing behaviour, and can match on paths,
216 headers and query parameters, as well as status codes
217 and HTTP methods.
218 items:
219 properties:
220 description:
221 description: A human-readable description of the routeRule.
222 type: string
223 headerAction:
224 description: The header actions, including adding
225 & removing headers, for requests that match this
226 route.
227 properties:
228 requestHeaderToAdd:
229 description: Describes a header to add.
230 items:
231 properties:
232 headerName:
233 description: The name of the header to add.
234 type: string
235 headerValue:
236 description: The value of the header to
237 add.
238 type: string
239 replace:
240 description: Whether to replace all existing
241 headers with the same name.
242 type: boolean
243 required:
244 - headerName
245 - headerValue
246 type: object
247 type: array
248 requestHeaderToRemove:
249 description: A list of header names for headers
250 that need to be removed from the request prior
251 to forwarding the request to the origin.
252 items:
253 properties:
254 headerName:
255 description: The name of the header to remove.
256 type: string
257 required:
258 - headerName
259 type: object
260 type: array
261 responseHeaderToAdd:
262 description: |-
263 Headers to add to the response prior to sending it back to the client.
264
265 Response headers are only sent to the client, and do not have an effect on the cache serving the response.
266 items:
267 properties:
268 headerName:
269 description: The name of the header to add.
270 type: string
271 headerValue:
272 description: The value of the header to
273 add.
274 type: string
275 replace:
276 description: Whether to replace all existing
277 headers with the same name.
278 type: boolean
279 required:
280 - headerName
281 - headerValue
282 type: object
283 type: array
284 responseHeaderToRemove:
285 description: A list of header names for headers
286 that need to be removed from the request prior
287 to forwarding the request to the origin.
288 items:
289 properties:
290 headerName:
291 description: |-
292 Headers to remove from the response prior to sending it back to the client.
293
294 Response headers are only sent to the client, and do not have an effect on the cache serving the response.
295 type: string
296 required:
297 - headerName
298 type: object
299 type: array
300 type: object
301 matchRule:
302 description: |-
303 The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates
304 within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.
305 items:
306 properties:
307 fullPathMatch:
308 description: For satisfying the matchRule condition,
309 the path of the request must exactly match
310 the value specified in fullPathMatch after
311 removing any query parameters and anchor that
312 may be part of the original URL.
313 type: string
314 headerMatch:
315 description: Specifies a list of header match
316 criteria, all of which must match corresponding
317 headers in the request.
318 items:
319 properties:
320 exactMatch:
321 description: The value of the header should
322 exactly match contents of exactMatch.
323 type: string
324 headerName:
325 description: The header name to match
326 on.
327 type: string
328 invertMatch:
329 description: |-
330 If set to false (default), the headerMatch is considered a match if the match criteria above are met.
331 If set to true, the headerMatch is considered a match if the match criteria above are NOT met.
332 type: boolean
333 prefixMatch:
334 description: The value of the header must
335 start with the contents of prefixMatch.
336 type: string
337 presentMatch:
338 description: A header with the contents
339 of headerName must exist. The match
340 takes place whether or not the request's
341 header has a value.
342 type: boolean
343 suffixMatch:
344 description: The value of the header must
345 end with the contents of suffixMatch.
346 type: string
347 required:
348 - headerName
349 type: object
350 type: array
351 ignoreCase:
352 description: Specifies that prefixMatch and
353 fullPathMatch matches are case sensitive.
354 type: boolean
355 pathTemplateMatch:
356 description: |-
357 For satisfying the matchRule condition, the path of the request
358 must match the wildcard pattern specified in pathTemplateMatch
359 after removing any query parameters and anchor that may be part
360 of the original URL.
361
362 pathTemplateMatch must be between 1 and 255 characters
363 (inclusive). The pattern specified by pathTemplateMatch may
364 have at most 5 wildcard operators and at most 5 variable
365 captures in total.
366 type: string
367 prefixMatch:
368 description: For satisfying the matchRule condition,
369 the request's path must begin with the specified
370 prefixMatch. prefixMatch must begin with a
371 /.
372 type: string
373 queryParameterMatch:
374 description: Specifies a list of query parameter
375 match criteria, all of which must match corresponding
376 query parameters in the request.
377 items:
378 properties:
379 exactMatch:
380 description: The queryParameterMatch matches
381 if the value of the parameter exactly
382 matches the contents of exactMatch.
383 type: string
384 name:
385 description: The name of the query parameter
386 to match. The query parameter must exist
387 in the request, in the absence of which
388 the request match fails.
389 type: string
390 presentMatch:
391 description: Specifies that the queryParameterMatch
392 matches if the request contains the
393 query parameter, irrespective of whether
394 the parameter has a value or not.
395 type: boolean
396 required:
397 - name
398 type: object
399 type: array
400 type: object
401 type: array
402 origin:
403 description: |-
404 The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin"
405
406 Only one of origin or urlRedirect can be set.
407 type: string
408 priority:
409 description: |-
410 The priority of this route rule, where 1 is the highest priority.
411
412 You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.
413
414 Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers
415 to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.
416 type: string
417 routeAction:
418 description: In response to a matching path, the routeAction
419 performs advanced routing actions like URL rewrites,
420 header transformations, etc. prior to forwarding
421 the request to the selected origin.
422 properties:
423 cdnPolicy:
424 description: The policy to use for defining caching
425 and signed request behaviour for requests that
426 match this route.
427 properties:
428 addSignatures:
429 description: |-
430 Enable signature generation or propagation on this route.
431
432 This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.
433 properties:
434 actions:
435 description: 'The actions to take to add
436 signatures to responses. Possible values:
437 ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS",
438 "PROPAGATE_TOKEN_HLS_COOKIELESS"].'
439 items:
440 type: string
441 type: array
442 copiedParameters:
443 description: |-
444 The parameters to copy from the verified token to the generated token.
445
446 Only the following parameters may be copied:
447
448 * 'PathGlobs'
449 * 'paths'
450 * 'acl'
451 * 'URLPrefix'
452 * 'IPRanges'
453 * 'SessionID'
454 * 'id'
455 * 'Data'
456 * 'data'
457 * 'payload'
458 * 'Headers'
459
460 You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.
461
462 This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.
463 items:
464 type: string
465 type: array
466 keyset:
467 description: |-
468 The keyset to use for signature generation.
469
470 The following are both valid paths to an EdgeCacheKeyset resource:
471
472 * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'
473 * 'yourKeyset'
474
475 This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.
476 type: string
477 tokenQueryParameter:
478 description: |-
479 The query parameter in which to put the generated token.
480
481 If not specified, defaults to 'edge-cache-token'.
482
483 If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
484
485 This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.
486 type: string
487 tokenTtl:
488 description: |-
489 The duration the token is valid starting from the moment the token is first generated.
490
491 Defaults to '86400s' (1 day).
492
493 The TTL must be >= 0 and <= 604,800 seconds (1 week).
494
495 This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.
496
497 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
498 type: string
499 required:
500 - actions
501 type: object
502 cacheKeyPolicy:
503 description: Defines the request parameters
504 that contribute to the cache key.
505 properties:
506 excludeHost:
507 description: |-
508 If true, requests to different hosts will be cached separately.
509
510 Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.
511 type: boolean
512 excludeQueryString:
513 description: |-
514 If true, exclude query string parameters from the cache key
515
516 If false (the default), include the query string parameters in
517 the cache key according to includeQueryParameters and
518 excludeQueryParameters. If neither includeQueryParameters nor
519 excludeQueryParameters is set, the entire query string will be
520 included.
521 type: boolean
522 excludedQueryParameters:
523 description: |-
524 Names of query string parameters to exclude from cache keys. All other parameters will be included.
525
526 Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters.
527 items:
528 type: string
529 type: array
530 includeProtocol:
531 description: If true, http and https requests
532 will be cached separately.
533 type: boolean
534 includedCookieNames:
535 description: |-
536 Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.
537
538 Cookie names:
539 - must be valid RFC 6265 "cookie-name" tokens
540 - are case sensitive
541 - cannot start with "Edge-Cache-" (case insensitive)
542
543 Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.
544
545 You may specify up to three cookie names.
546 items:
547 type: string
548 type: array
549 includedHeaderNames:
550 description: |-
551 Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.
552
553 - Header names must be valid HTTP RFC 7230 header field values.
554 - Header field names are case insensitive
555 - To include the HTTP method, use ":method"
556
557 Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.
558 items:
559 type: string
560 type: array
561 includedQueryParameters:
562 description: |-
563 Names of query string parameters to include in cache keys. All other parameters will be excluded.
564
565 Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters.
566 items:
567 type: string
568 type: array
569 type: object
570 cacheMode:
571 description: |-
572 Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.
573
574 For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"].
575 type: string
576 clientTtl:
577 description: |-
578 Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.
579
580 - The TTL must be > 0 and <= 86400s (1 day)
581 - The clientTtl cannot be larger than the defaultTtl (if set)
582 - Fractions of a second are not allowed.
583
584 Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.
585
586 When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field.
587 A duration in seconds terminated by 's'. Example: "3s".
588 type: string
589 defaultTtl:
590 description: |-
591 Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
592
593 Defaults to 3600s (1 hour).
594
595 - The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
596 - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate)
597 - The value of defaultTTL cannot be set to a value greater than that of maxTTL.
598 - Fractions of a second are not allowed.
599 - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.
600
601 Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.
602
603 When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field.
604
605 A duration in seconds terminated by 's'. Example: "3s".
606 type: string
607 maxTtl:
608 description: |-
609 Specifies the maximum allowed TTL for cached content served by this origin.
610
611 Defaults to 86400s (1 day).
612
613 Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.
614
615 - The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
616 - Setting a TTL of "0" means "always revalidate"
617 - The value of maxTtl must be equal to or greater than defaultTtl.
618 - Fractions of a second are not allowed.
619
620 When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field.
621
622 A duration in seconds terminated by 's'. Example: "3s".
623 type: string
624 negativeCaching:
625 description: |-
626 Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.
627
628 By default, the CDNPolicy will apply the following default TTLs to these status codes:
629
630 - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m
631 - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s
632 - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s
633
634 These defaults can be overridden in negativeCachingPolicy.
635 type: boolean
636 negativeCachingPolicy:
637 additionalProperties:
638 type: string
639 description: |-
640 Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.
641
642 - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.
643 - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day)
644
645 Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.
646 type: object
647 signedRequestKeyset:
648 description: The EdgeCacheKeyset containing
649 the set of public keys used to validate
650 signed requests at the edge.
651 type: string
652 signedRequestMaximumExpirationTtl:
653 description: |-
654 Limit how far into the future the expiration time of a signed request may be.
655
656 When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.
657
658 - The TTL must be > 0.
659 - Fractions of a second are not allowed.
660
661 By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.
662 type: string
663 signedRequestMode:
664 description: |-
665 Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.
666
667 You must also set a signedRequestKeyset to enable signed requests.
668
669 When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"].
670 type: string
671 signedTokenOptions:
672 description: |-
673 Additional options for signed tokens.
674
675 signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.
676 properties:
677 allowedSignatureAlgorithms:
678 description: |-
679 The allowed signature algorithms to use.
680
681 Defaults to using only ED25519.
682
683 You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"].
684 items:
685 type: string
686 type: array
687 tokenQueryParameter:
688 description: |-
689 The query parameter in which to find the token.
690
691 The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
692
693 Defaults to 'edge-cache-token'.
694 type: string
695 type: object
696 type: object
697 corsPolicy:
698 description: CORSPolicy defines Cross-Origin-Resource-Sharing
699 configuration, including which CORS response
700 headers will be set.
701 properties:
702 allowCredentials:
703 description: |-
704 In response to a preflight request, setting this to true indicates that the actual request can include user credentials.
705
706 This translates to the Access-Control-Allow-Credentials response header.
707 type: boolean
708 allowHeaders:
709 description: Specifies the content for the
710 Access-Control-Allow-Headers response header.
711 items:
712 type: string
713 type: array
714 allowMethods:
715 description: Specifies the content for the
716 Access-Control-Allow-Methods response header.
717 items:
718 type: string
719 type: array
720 allowOrigins:
721 description: |-
722 Specifies the list of origins that will be allowed to do CORS requests.
723
724 This translates to the Access-Control-Allow-Origin response header.
725 items:
726 type: string
727 type: array
728 disabled:
729 description: If true, specifies the CORS policy
730 is disabled. The default value is false,
731 which indicates that the CORS policy is
732 in effect.
733 type: boolean
734 exposeHeaders:
735 description: Specifies the content for the
736 Access-Control-Allow-Headers response header.
737 items:
738 type: string
739 type: array
740 maxAge:
741 description: |-
742 Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).
743
744 - Setting the value to -1 forces a pre-flight check for all requests (not recommended)
745 - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.
746 - This translates to the Access-Control-Max-Age header.
747
748 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
749 type: string
750 required:
751 - maxAge
752 type: object
753 urlRewrite:
754 description: The URL rewrite configuration for
755 requests that match this route.
756 properties:
757 hostRewrite:
758 description: Prior to forwarding the request
759 to the selected origin, the request's host
760 header is replaced with contents of hostRewrite.
761 type: string
762 pathPrefixRewrite:
763 description: Prior to forwarding the request
764 to the selected origin, the matching portion
765 of the request's path is replaced by pathPrefixRewrite.
766 type: string
767 pathTemplateRewrite:
768 description: |-
769 Prior to forwarding the request to the selected origin, if the
770 request matched a pathTemplateMatch, the matching portion of the
771 request's path is replaced re-written using the pattern specified
772 by pathTemplateRewrite.
773
774 pathTemplateRewrite must be between 1 and 255 characters
775 (inclusive), must start with a '/', and must only use variables
776 captured by the route's pathTemplate matchers.
777
778 pathTemplateRewrite may only be used when all of a route's
779 MatchRules specify pathTemplate.
780
781 Only one of pathPrefixRewrite and pathTemplateRewrite may be
782 specified.
783 type: string
784 type: object
785 type: object
786 urlRedirect:
787 description: The URL redirect configuration for requests
788 that match this route.
789 properties:
790 hostRedirect:
791 description: The host that will be used in the
792 redirect response instead of the one that was
793 supplied in the request.
794 type: string
795 httpsRedirect:
796 description: |-
797 If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.
798
799 This can only be set if there is at least one (1) edgeSslCertificate set on the service.
800 type: boolean
801 pathRedirect:
802 description: |-
803 The path that will be used in the redirect response instead of the one that was supplied in the request.
804
805 pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.
806
807 The path value must be between 1 and 1024 characters.
808 type: string
809 prefixRedirect:
810 description: |-
811 The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.
812
813 prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.
814 type: string
815 redirectResponseCode:
816 description: |-
817 The HTTP Status code to use for this RedirectAction.
818
819 The supported values are:
820
821 - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.
822 - 'FOUND', which corresponds to 302.
823 - 'SEE_OTHER' which corresponds to 303.
824 - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.
825 - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"].
826 type: string
827 stripQuery:
828 description: If set to true, any accompanying
829 query portion of the original URL is removed
830 prior to redirecting the request. If set to
831 false, the query portion of the original URL
832 is retained.
833 type: boolean
834 type: object
835 required:
836 - matchRule
837 - priority
838 type: object
839 type: array
840 required:
841 - name
842 - routeRule
843 type: object
844 type: array
845 required:
846 - hostRule
847 - pathMatcher
848 type: object
849 sslPolicy:
850 description: |-
851 URL of the SslPolicy resource that will be associated with the EdgeCacheService.
852
853 If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy.
854 type: string
855 required:
856 - projectRef
857 - routing
858 type: object
859 status:
860 properties:
861 conditions:
862 description: Conditions represent the latest available observation
863 of the resource's current state.
864 items:
865 properties:
866 lastTransitionTime:
867 description: Last time the condition transitioned from one status
868 to another.
869 type: string
870 message:
871 description: Human-readable message indicating details about
872 last transition.
873 type: string
874 reason:
875 description: Unique, one-word, CamelCase reason for the condition's
876 last transition.
877 type: string
878 status:
879 description: Status is the status of the condition. Can be True,
880 False, Unknown.
881 type: string
882 type:
883 description: Type is the type of the condition.
884 type: string
885 type: object
886 type: array
887 ipv4Addresses:
888 description: The IPv4 addresses associated with this service. Addresses
889 are static for the lifetime of the service.
890 items:
891 type: string
892 type: array
893 ipv6Addresses:
894 description: The IPv6 addresses associated with this service. Addresses
895 are static for the lifetime of the service.
896 items:
897 type: string
898 type: array
899 observedGeneration:
900 description: ObservedGeneration is the generation of the resource
901 that was most recently observed by the Config Connector controller.
902 If this is equal to metadata.generation, then that means that the
903 current reported status reflects the most recent desired state of
904 the resource.
905 type: integer
906 type: object
907 required:
908 - spec
909 type: object
910 served: true
911 storage: true
912 subresources:
913 status: {}
914status:
915 acceptedNames:
916 kind: ""
917 plural: ""
918 conditions: []
919 storedVersions: []
View as plain text