# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerAccessLevelCondition plural: accesscontextmanageraccesslevelconditions shortNames: - gcpaccesscontextmanageraccesslevelcondition - gcpaccesscontextmanageraccesslevelconditions singular: accesscontextmanageraccesslevelcondition preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: accessLevelRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object devicePolicy: description: |- Immutable. Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed. properties: allowedDeviceManagementLevels: description: |- Immutable. A list of allowed device management levels. An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. items: type: string type: array allowedEncryptionStatuses: description: |- Immutable. A list of allowed encryptions statuses. An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. items: type: string type: array osConstraints: description: |- Immutable. A list of allowed OS versions. An empty list allows all types and all versions. items: properties: minimumVersion: description: |- Immutable. The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch" such as "10.5.301", "9.2.1". type: string osType: description: 'Immutable. The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' type: string required: - osType type: object type: array requireAdminApproval: description: Immutable. Whether the device needs to be approved by the customer admin. type: boolean requireCorpOwned: description: Immutable. Whether the device needs to be corp owned. type: boolean requireScreenLock: description: |- Immutable. Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false. type: boolean type: object ipSubnetworks: description: |- Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. items: type: string type: array members: description: |- Immutable. An allowed list of members (users, service accounts). Using groups is not supported yet. The signed-in user originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.). Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. items: type: string type: array negate: description: |- Immutable. Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. type: boolean regions: description: |- Immutable. The request must originate from one of the provided countries/regions. Format: A valid ISO 3166-1 alpha-2 code. items: type: string type: array requiredAccessLevels: description: |- Immutable. A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Format: accessPolicies/{policy_id}/accessLevels/{short_name}. items: type: string type: array resourceID: description: Immutable. Optional. The accessLevel of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerAccessLevel plural: accesscontextmanageraccesslevels shortNames: - gcpaccesscontextmanageraccesslevel - gcpaccesscontextmanageraccesslevels singular: accesscontextmanageraccesslevel preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: accessPolicyRef: description: |- The AccessContextManagerAccessPolicy this AccessContextManagerAccessLevel lives in. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `accessPolicies/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object basic: description: A set of predefined conditions for the access level and a combining function. properties: combiningFunction: description: |- How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. type: string conditions: description: A set of requirements for the AccessLevel to be granted. items: properties: devicePolicy: description: |- Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed. properties: allowedDeviceManagementLevels: description: |- A list of allowed device management levels. An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. items: type: string type: array allowedEncryptionStatuses: description: |- A list of allowed encryptions statuses. An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. items: type: string type: array osConstraints: description: |- A list of allowed OS versions. An empty list allows all types and all versions. items: properties: minimumVersion: description: |- The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch" such as "10.5.301", "9.2.1". type: string osType: description: 'The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' type: string requireVerifiedChromeOs: description: If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access. type: boolean required: - osType type: object type: array requireAdminApproval: description: Whether the device needs to be approved by the customer admin. type: boolean requireCorpOwned: description: Whether the device needs to be corp owned. type: boolean requireScreenLock: description: |- Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false. type: boolean type: object ipSubnetworks: description: |- A list of CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. items: type: string type: array members: items: description: |- An allowed list of members (users, service accounts). Using groups is not supported. The signed-in user originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.). oneOf: - required: - serviceAccountRef - required: - user properties: serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object user: type: string type: object type: array negate: description: |- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. type: boolean regions: description: |- The request must originate from one of the provided countries/regions. Format: A valid ISO 3166-1 alpha-2 code. items: type: string type: array requiredAccessLevels: items: description: |- A list of other access levels defined in the same policy. Referencing an AccessContextManagerAccessLevel which does not exist is an error. All access levels listed must be granted for the condition to be true. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object type: array required: - conditions type: object custom: description: |- Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec. properties: expr: description: |- Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. properties: description: description: Description of the expression. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: Title for the expression, i.e. a short string describing its purpose. type: string required: - expression type: object required: - expr type: object description: description: Description of the AccessLevel and its use. Does not affect behavior. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string title: description: Human readable title. Must be unique within the Policy. type: string required: - accessPolicyRef - title type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerAccessPolicy plural: accesscontextmanageraccesspolicies shortNames: - gcpaccesscontextmanageraccesspolicy - gcpaccesscontextmanageraccesspolicies singular: accesscontextmanageraccesspolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string title: description: Human readable title. Does not affect behavior. type: string required: - title type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time the AccessPolicy was created in UTC. type: string name: description: 'Resource name of the AccessPolicy. Format: {policy_id}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Time the AccessPolicy was updated in UTC. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerGCPUserAccessBinding plural: accesscontextmanagergcpuseraccessbindings shortNames: - gcpaccesscontextmanagergcpuseraccessbinding - gcpaccesscontextmanagergcpuseraccessbindings singular: accesscontextmanagergcpuseraccessbinding preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: accessLevels: description: 'Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' items: type: string type: array groupKey: description: 'Immutable. Required. Immutable. Google Group id whose members are subject to this binding''s restrictions. See "id" in the G Suite Directory API''s Groups resource. If a group''s email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht".' type: string organizationRef: description: The organization that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - accessLevels - groupKey - organizationRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerServicePerimeterResource plural: accesscontextmanagerserviceperimeterresources shortNames: - gcpaccesscontextmanagerserviceperimeterresource - gcpaccesscontextmanagerserviceperimeterresources singular: accesscontextmanagerserviceperimeterresource preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: perimeterNameRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resource: description: |- Immutable. A GCP resource that is inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}. type: string required: - perimeterNameRef - resource type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com spec: group: accesscontextmanager.cnrm.cloud.google.com names: categories: - gcp kind: AccessContextManagerServicePerimeter plural: accesscontextmanagerserviceperimeters shortNames: - gcpaccesscontextmanagerserviceperimeter - gcpaccesscontextmanagerserviceperimeters singular: accesscontextmanagerserviceperimeter preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: accessPolicyRef: description: |- The AccessContextManagerAccessPolicy this AccessContextManagerServicePerimeter lives in. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `accessPolicies/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: |- Description of the ServicePerimeter and its use. Does not affect behavior. type: string perimeterType: description: |- Immutable. Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter. In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in. Perimeter Bridges are typically useful when building more complex topologies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string spec: description: |- Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the 'useExplicitDryRunSpec' flag is set. properties: accessLevels: items: description: |- (Optional) A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array egressPolicies: description: |- List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge. items: properties: egressFrom: description: Defines conditions on the source of a request causing this 'EgressPolicy' to apply. properties: identities: items: description: |- (Optional) A list of identities that are allowed access through this EgressPolicy. Should be in the format of email address. The email address should represent individual user or service account only. oneOf: - required: - serviceAccountRef - required: - user properties: serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object user: type: string type: object type: array identityType: description: |- Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of 'identities' field will be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. type: string type: object egressTo: description: |- Defines the conditions on the 'ApiOperation' and destination resources that cause this 'EgressPolicy' to apply. properties: externalResources: description: |- A list of external resources that are allowed to be accessed. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed. items: type: string type: array operations: description: |- A list of 'ApiOperations' that this egress rule applies to. A request matches if it contains an operation/service in this list. items: properties: methodSelectors: description: |- API methods or permissions to allow. Method or permission must belong to the service specified by 'serviceName' field. A single MethodSelector entry with '*' specified for the 'method' field will allow all methods AND permissions for the service specified in 'serviceName'. items: properties: method: description: |- Value for 'method' should be a valid method name for the corresponding 'serviceName' in 'ApiOperation'. If '*' used as value for method, then ALL methods and permissions are allowed. type: string permission: description: |- Value for permission should be a valid Cloud IAM permission for the corresponding 'serviceName' in 'ApiOperation'. type: string type: object type: array serviceName: description: |- The name of the API whose methods or permissions the 'IngressPolicy' or 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName field set to '*' will allow all methods AND permissions for all services. type: string type: object type: array resources: items: description: |- (Optional) A list of resources, currently only projects in the form "projects/{project_number}". A request matches if it contains a resource in this list. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object type: object type: array ingressPolicies: description: |- List of 'IngressPolicies' to apply to the perimeter. A perimeter may have multiple 'IngressPolicies', each of which is evaluated separately. Access is granted if any 'Ingress Policy' grants it. Must be empty for a perimeter bridge. items: properties: ingressFrom: description: |- Defines the conditions on the source of a request causing this 'IngressPolicy' to apply. properties: identities: items: description: |- (Optional) A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only. oneOf: - required: - serviceAccountRef - required: - user properties: serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object user: type: string type: object type: array identityType: description: |- Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of 'identities' field will be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. type: string sources: description: Sources that this 'IngressPolicy' authorizes access from. items: properties: accessLevelRef: description: |- An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: |- (Optional) A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format "projects/{project_number}" The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object ingressTo: description: |- Defines the conditions on the 'ApiOperation' and request destination that cause this 'IngressPolicy' to apply. properties: operations: description: |- A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' are allowed to perform in this 'ServicePerimeter'. items: properties: methodSelectors: description: |- API methods or permissions to allow. Method or permission must belong to the service specified by serviceName field. A single 'MethodSelector' entry with '*' specified for the method field will allow all methods AND permissions for the service specified in 'serviceName'. items: properties: method: description: |- Value for method should be a valid method name for the corresponding serviceName in 'ApiOperation'. If '*' used as value for 'method', then ALL methods and permissions are allowed. type: string permission: description: |- Value for permission should be a valid Cloud IAM permission for the corresponding 'serviceName' in 'ApiOperation'. type: string type: object type: array serviceName: description: |- The name of the API whose methods or permissions the 'IngressPolicy' or 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' field set to '*' will allow all methods AND permissions for all services. type: string type: object type: array resources: items: description: |- A list of resources, currently only projects in the form "projects/{project_number}", protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object type: object type: array resources: items: description: |- (Optional) A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array restrictedServices: description: |- GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if 'storage.googleapis.com' is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. items: type: string type: array vpcAccessibleServices: description: |- Specifies how APIs are allowed to communicate within the Service Perimeter. properties: allowedServices: description: |- The list of APIs usable within the Service Perimeter. Must be empty unless 'enableRestriction' is True. items: type: string type: array enableRestriction: description: |- Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. type: boolean type: object type: object status: description: |- ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries. properties: accessLevels: items: description: |- (Optional) A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array egressPolicies: description: |- List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge. items: properties: egressFrom: description: Defines conditions on the source of a request causing this 'EgressPolicy' to apply. properties: identities: items: description: |- (Optional) A list of identities that are allowed access through this EgressPolicy. Should be in the format of email address. The email address should represent individual user or service account only. oneOf: - required: - serviceAccountRef - required: - user properties: serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object user: type: string type: object type: array identityType: description: |- Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of 'identities' field will be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. type: string type: object egressTo: description: |- Defines the conditions on the 'ApiOperation' and destination resources that cause this 'EgressPolicy' to apply. properties: externalResources: description: |- A list of external resources that are allowed to be accessed. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed. items: type: string type: array operations: description: |- A list of 'ApiOperations' that this egress rule applies to. A request matches if it contains an operation/service in this list. items: properties: methodSelectors: description: |- API methods or permissions to allow. Method or permission must belong to the service specified by 'serviceName' field. A single MethodSelector entry with '*' specified for the 'method' field will allow all methods AND permissions for the service specified in 'serviceName'. items: properties: method: description: |- Value for 'method' should be a valid method name for the corresponding 'serviceName' in 'ApiOperation'. If '*' used as value for method, then ALL methods and permissions are allowed. type: string permission: description: |- Value for permission should be a valid Cloud IAM permission for the corresponding 'serviceName' in 'ApiOperation'. type: string type: object type: array serviceName: description: |- The name of the API whose methods or permissions the 'IngressPolicy' or 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName field set to '*' will allow all methods AND permissions for all services. type: string type: object type: array resources: items: description: |- (Optional) A list of resources, currently only projects in the form "projects/{project_number}". A request matches if it contains a resource in this list. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object type: object type: array ingressPolicies: description: |- List of 'IngressPolicies' to apply to the perimeter. A perimeter may have multiple 'IngressPolicies', each of which is evaluated separately. Access is granted if any 'Ingress Policy' grants it. Must be empty for a perimeter bridge. items: properties: ingressFrom: description: |- Defines the conditions on the source of a request causing this 'IngressPolicy' to apply. properties: identities: items: description: |- (Optional) A list of identities that are allowed access through this EgressPolicy. Should be in the format of email address. The email address should represent individual user or service account only. oneOf: - required: - serviceAccountRef - required: - user properties: serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object user: type: string type: object type: array identityType: description: |- Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of 'identities' field will be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. type: string sources: description: Sources that this 'IngressPolicy' authorizes access from. items: properties: accessLevelRef: description: |- An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: |- (Optional) A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format "projects/{project_number}" The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object ingressTo: description: |- Defines the conditions on the 'ApiOperation' and request destination that cause this 'IngressPolicy' to apply. properties: operations: description: |- A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' are allowed to perform in this 'ServicePerimeter'. items: properties: methodSelectors: description: |- API methods or permissions to allow. Method or permission must belong to the service specified by serviceName field. A single 'MethodSelector' entry with '*' specified for the method field will allow all methods AND permissions for the service specified in 'serviceName'. items: properties: method: description: |- Value for method should be a valid method name for the corresponding serviceName in 'ApiOperation'. If '*' used as value for 'method', then ALL methods and permissions are allowed. type: string permission: description: |- Value for permission should be a valid Cloud IAM permission for the corresponding 'serviceName' in 'ApiOperation'. type: string type: object type: array serviceName: description: |- The name of the API whose methods or permissions the 'IngressPolicy' or 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' field set to '*' will allow all methods AND permissions for all services. type: string type: object type: array resources: items: description: |- A list of resources, currently only projects in the form "projects/{project_number}", protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object type: object type: array resources: items: description: |- (Optional) A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array restrictedServices: description: |- GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if 'storage.googleapis.com' is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. items: type: string type: array vpcAccessibleServices: description: |- Specifies how APIs are allowed to communicate within the Service Perimeter. properties: allowedServices: description: |- The list of APIs usable within the Service Perimeter. Must be empty unless 'enableRestriction' is True. items: type: string type: array enableRestriction: description: |- Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. type: boolean type: object type: object title: description: Human readable title. Must be unique within the Policy. type: string useExplicitDryRunSpec: description: |- Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. useExplicitDryRunSpec must bet set to True if any of the fields in the spec are set to non-default values. type: boolean required: - accessPolicyRef - title type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time the AccessPolicy was created in UTC. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Time the AccessPolicy was updated in UTC. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: group: alloydb.cnrm.cloud.google.com names: categories: - gcp kind: AlloyDBBackup plural: alloydbbackups shortNames: - gcpalloydbbackup - gcpalloydbbackups singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clusterName: description: Immutable. The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). type: string description: description: Immutable. User-provided description of the backup. type: string encryptionConfig: description: EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). properties: kmsKeyName: description: 'Immutable. The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' type: string type: object location: description: Immutable. The location where the alloydb backup should reside. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The backupId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - clusterName - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time the Backup was created in UTC. type: string encryptionInfo: description: EncryptionInfo describes the encryption information of a cluster or a backup. items: properties: encryptionType: description: Output only. Type of encryption. type: string kmsKeyVersions: description: Output only. Cloud KMS key versions that are being used to protect the database or the backup. items: type: string type: array type: object type: array etag: description: A hash of the resource. type: string name: description: 'Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer reconciling: description: If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance. type: boolean state: description: The current state of the backup. type: string uid: description: Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted. type: string updateTime: description: Time the Backup was updated in UTC. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: group: alloydb.cnrm.cloud.google.com names: categories: - gcp kind: AlloyDBCluster plural: alloydbclusters shortNames: - gcpalloydbcluster - gcpalloydbclusters singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: automatedBackupPolicy: description: |- The automated backup policy for this cluster. If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: backupWindow: description: |- The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string enabled: description: Whether automated backups are enabled. type: boolean encryptionConfig: description: EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). properties: kmsKeyName: description: 'The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' type: string type: object labels: additionalProperties: type: string description: Labels to apply to backups created using this configuration. type: object location: description: The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster. type: string quantityBasedRetention: description: Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together. properties: count: description: The number of backups to retain. type: integer type: object timeBasedRetention: description: Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together. properties: retentionPeriod: description: |- The retention period. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string type: object weeklySchedule: description: Weekly schedule for the Backup. properties: daysOfWeek: description: 'The days of the week to perform a backup. At least one day of the week must be provided. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' items: type: string type: array startTimes: description: The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00). items: properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. type: integer minutes: description: Minutes of hour of day. Currently, only the value 0 is supported. type: integer nanos: description: Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. type: integer seconds: description: Seconds of minutes of the time. Currently, only the value 0 is supported. type: integer type: object type: array required: - startTimes type: object type: object displayName: description: User-settable and human-readable display name for the Cluster. type: string encryptionConfig: description: EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). properties: kmsKeyName: description: 'Immutable. The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' type: string type: object initialUser: description: Initial user to setup during cluster creation. properties: password: description: The initial password for the user. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object user: description: The database username. type: string required: - password type: object location: description: Immutable. The location where the alloydb cluster should reside. type: string network: description: |- The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The clusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - network - projectRef type: object status: properties: backupSource: description: Cluster created from backup. items: properties: backupName: description: The name of the backup resource. type: string type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array databaseVersion: description: The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. type: string encryptionInfo: description: EncryptionInfo describes the encryption information of a cluster or a backup. items: properties: encryptionType: description: Output only. Type of encryption. type: string kmsKeyVersions: description: Output only. Cloud KMS key versions that are being used to protect the database or the backup. items: type: string type: array type: object type: array migrationSource: description: Cluster created via DMS migration. items: properties: hostPort: description: The host and port of the on-premises instance in host:port format. type: string referenceId: description: Place holder for the external source identifier(e.g DMS job name) that created the cluster. type: string sourceType: description: Type of migration source. type: string type: object type: array name: description: The name of the cluster resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer uid: description: The system-generated UID of the resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: group: alloydb.cnrm.cloud.google.com names: categories: - gcp kind: AlloyDBInstance plural: alloydbinstances shortNames: - gcpalloydbinstance - gcpalloydbinstances singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: annotations: additionalProperties: type: string description: Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. type: object availabilityType: description: 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. Note that primary and read instances can have different availability types. Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string cluster: description: |- Immutable. Identifies the alloydb cluster. Must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string databaseFlags: additionalProperties: type: string description: Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary. type: object displayName: description: User-settable and human-readable display name for the Instance. type: string gceZone: description: The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity. type: string instanceType: description: 'Immutable. The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the ''depends_on'' meta-data attribute. Possible values: ["PRIMARY", "READ_POOL"].' type: string machineConfig: description: Configurations for the machines that host the underlying database engine. properties: cpuCount: description: The number of CPU's in the VM instance. type: integer type: object readPoolConfig: description: Read pool specific config. properties: nodeCount: description: Read capacity, i.e. number of nodes in a read pool instance. type: integer type: object resourceID: description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - cluster - instanceType type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time the Instance was created in UTC. type: string ipAddress: description: The IP address for the Instance. This is the connection endpoint for an end-user application. type: string name: description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer reconciling: description: Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance. type: boolean state: description: The current state of the alloydb instance. type: string uid: description: The system-generated UID of the resource. type: string updateTime: description: Time the Instance was updated in UTC. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: group: apigateway.cnrm.cloud.google.com names: categories: - gcp kind: APIGatewayAPIConfig plural: apigatewayapiconfigs shortNames: - gcpapigatewayapiconfig - gcpapigatewayapiconfigs singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: api: description: Immutable. The API to attach the config to. type: string apiConfigIdPrefix: description: Immutable. Creates a unique name beginning with the specified prefix. If this and api_config_id are unspecified, a random value is chosen for the name. type: string displayName: description: A user-visible name for the API. type: string gatewayConfig: description: |- Immutable. Immutable. Gateway specific configuration. If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. properties: backendConfig: description: Backend settings that are applied to all backends of the Gateway. properties: googleServiceAccount: description: |- Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). type: string required: - googleServiceAccount type: object required: - backendConfig type: object grpcServices: description: gRPC service definition files. If specified, openapiDocuments must not be included. items: properties: fileDescriptorSet: description: |- Immutable. Input only. File descriptor set, generated by protoc. To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: contents: description: Immutable. Base64 encoded content of the file. type: string path: description: Immutable. The file path (full or relative path). This is typically the path of the file when it is uploaded. type: string required: - contents - path type: object source: description: Uncompiled proto files associated with the descriptor set, used for display purposes (server-side compilation is not supported). These should match the inputs to 'protoc' command used to generate fileDescriptorSet. items: properties: contents: description: Immutable. Base64 encoded content of the file. type: string path: description: Immutable. The file path (full or relative path). This is typically the path of the file when it is uploaded. type: string required: - contents - path type: object type: array required: - fileDescriptorSet type: object type: array managedServiceConfigs: description: |- Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. items: properties: contents: description: Immutable. Base64 encoded content of the file. type: string path: description: Immutable. The file path (full or relative path). This is typically the path of the file when it is uploaded. type: string required: - contents - path type: object type: array openapiDocuments: description: OpenAPI specification documents. If specified, grpcServices and managedServiceConfigs must not be included. items: properties: document: description: The OpenAPI Specification document file. properties: contents: description: Immutable. Base64 encoded content of the file. type: string path: description: Immutable. The file path (full or relative path). This is typically the path of the file when it is uploaded. type: string required: - contents - path type: object required: - document type: object type: array projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The apiConfigId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - api - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The resource name of the API Config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer serviceConfigId: description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigatewayapis.apigateway.cnrm.cloud.google.com spec: group: apigateway.cnrm.cloud.google.com names: categories: - gcp kind: APIGatewayAPI plural: apigatewayapis shortNames: - gcpapigatewayapi - gcpapigatewayapis singular: apigatewayapi preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: A user-visible name for the API. type: string managedService: description: |- Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Creation timestamp in RFC3339 text format. type: string name: description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: group: apigateway.cnrm.cloud.google.com names: categories: - gcp kind: APIGatewayGateway plural: apigatewaygateways shortNames: - gcpapigatewaygateway - gcpapigatewaygateways singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: apiConfig: description: |- Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. type: string displayName: description: A user-visible name for the API. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the gateway for the API. type: string resourceID: description: Immutable. Optional. The gatewayId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - apiConfig - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array defaultHostname: description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. type: string name: description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeAddonsConfig plural: apigeeaddonsconfigs shortNames: - gcpapigeeaddonsconfig - gcpapigeeaddonsconfigs singular: apigeeaddonsconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addonsConfig: description: Addon configurations of the Apigee organization. properties: advancedApiOpsConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean type: object apiSecurityConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean expiresAt: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: string type: object connectorsPlatformConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean expiresAt: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: string type: object integrationConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean type: object monetizationConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean type: object type: object org: description: Immutable. Name of the Apigee organization. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - org type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeEndpointAttachment plural: apigeeendpointattachments shortNames: - gcpapigeeendpointattachment - gcpapigeeendpointattachments singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: Immutable. Location of the endpoint attachment. type: string orgId: description: |- Immutable. The Apigee Organization associated with the Apigee instance, in the format 'organizations/{{org_name}}'. type: string resourceID: description: Immutable. Optional. The endpointAttachmentId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceAttachment: description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - location - orgId - serviceAttachment type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array connectionState: description: State of the endpoint attachment connection to the service attachment. type: string host: description: Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server. type: string name: description: |- Name of the Endpoint Attachment in the following format: organizations/{organization}/endpointAttachments/{endpointAttachment}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeEnvgroupAttachment plural: apigeeenvgroupattachments shortNames: - gcpapigeeenvgroupattachment - gcpapigeeenvgroupattachments singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: envgroupId: description: |- Immutable. The Apigee environment group associated with the Apigee environment, in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. type: string environment: description: Immutable. The resource ID of the environment. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - envgroupId - environment type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The name of the newly created attachment (output parameter). type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeenvgroups.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeEnvgroup plural: apigeeenvgroups shortNames: - gcpapigeeenvgroup - gcpapigeeenvgroups singular: apigeeenvgroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: hostnames: description: Hostnames of the environment group. items: type: string type: array orgId: description: |- Immutable. The Apigee Organization associated with the Apigee environment group, in the format 'organizations/{{org_name}}'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - orgId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeEnvironment plural: apigeeenvironments shortNames: - gcpapigeeenvironment - gcpapigeeenvironments singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: apigeeOrganizationRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The apigee organization for the resource Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Optional. Description of the environment. type: string displayName: description: Optional. Display name for this environment. type: string properties: additionalProperties: type: string description: Optional. Key-value pairs that may be used for customizing the environment. type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - apigeeOrganizationRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createdAt: description: Output only. Creation time of this environment as milliseconds since epoch. format: int64 type: integer lastModifiedAt: description: Output only. Last modification time of this environment as milliseconds since epoch. format: int64 type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. State of the environment. Values other than ACTIVE means the resource is not ready to use. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeInstanceAttachment plural: apigeeinstanceattachments shortNames: - gcpapigeeinstanceattachment - gcpapigeeinstanceattachments singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: environment: description: Immutable. The resource ID of the environment. type: string instanceId: description: |- Immutable. The Apigee instance associated with the Apigee environment, in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - environment - instanceId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The name of the newly created attachment (output parameter). type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeeinstances.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeInstance plural: apigeeinstances shortNames: - gcpapigeeinstance - gcpapigeeinstances singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: consumerAcceptList: description: |- Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer side that can privately connect to the service attachment. It is an optional field which the customers can provide during the instance creation. By default, the customer project associated with the Apigee organization will be included to the list. items: type: string type: array description: description: Immutable. Description of the instance. type: string diskEncryptionKeyName: description: |- Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. type: string displayName: description: Immutable. Display name of the instance. type: string ipRange: description: |- Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for the Apigee instance creation. This optional range, if provided, should be freely available as part of larger named range the customer has allocated to the Service Networking peering. If this is not provided, Apigee will automatically request for any available /22 CIDR block from Service Networking. The customer should use this CIDR block for configuring their firewall needs to allow traffic from Apigee. Input format: "a.b.c.d/22". type: string location: description: Immutable. Required. Compute Engine location where the instance resides. type: string orgId: description: |- Immutable. The Apigee Organization associated with the Apigee instance, in the format 'organizations/{{org_name}}'. type: string peeringCidrRange: description: |- Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - orgId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array host: description: Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer port: description: Output only. Port number of the exposed Apigee endpoint. type: string serviceAttachment: description: |- Output only. Resource name of the service attachment created for the instance in the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately forward traffic to this service attachment using the PSC endpoints. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeNATAddress plural: apigeenataddresses shortNames: - gcpapigeenataddress - gcpapigeenataddresses singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: instanceId: description: |- Immutable. The Apigee instance associated with the Apigee environment, in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - instanceId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array ipAddress: description: The allocated NAT IP address. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: State of the NAT IP address. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeOrganization plural: apigeeorganizations shortNames: - gcpapigeeorganization - gcpapigeeorganizations singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addonsConfig: description: Addon configurations of the Apigee organization. properties: advancedApiOpsConfig: description: Configuration for the Advanced API Ops add-on. properties: enabled: description: Flag that specifies whether the Advanced API Ops add-on is enabled. type: boolean type: object monetizationConfig: description: Configuration for the Monetization add-on. properties: enabled: description: Flag that specifies whether the Monetization add-on is enabled. type: boolean type: object type: object analyticsRegion: description: Immutable. Required. Primary GCP region for analytics data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). type: string authorizedNetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Description of the Apigee organization. type: string displayName: description: Display name for the Apigee organization. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object properties: additionalProperties: type: string description: Properties defined in the Apigee organization profile. type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string runtimeDatabaseEncryptionKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object runtimeType: description: 'Immutable. Required. Runtime type of the Apigee organization based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, CLOUD, HYBRID' type: string required: - analyticsRegion - projectRef - runtimeType type: object status: properties: billingType: description: 'Output only. Billing type of the Apigee organization. See (https://cloud.google.com/apigee/pricing). Possible values: BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' type: string caCertificate: description: Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when (#RuntimeType) is `CLOUD`. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createdAt: description: Output only. Time that the Apigee organization was created in milliseconds since epoch. format: int64 type: integer environments: description: Output only. List of environments in the Apigee organization. items: type: string type: array expiresAt: description: Output only. Time that the Apigee organization is scheduled for deletion. format: int64 type: integer lastModifiedAt: description: Output only. Time that the Apigee organization was last modified in milliseconds since epoch. format: int64 type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer projectId: description: Output only. Project ID associated with the Apigee organization. type: string state: description: 'Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use. Possible values: SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, OK_EXTERNAL, DELETED' type: string subscriptionType: description: 'Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: group: apigee.cnrm.cloud.google.com names: categories: - gcp kind: ApigeeSyncAuthorization plural: apigeesyncauthorizations shortNames: - gcpapigeesyncauthorization - gcpapigeesyncauthorizations singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: identities: description: |- Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - identities type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: |- Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: group: appengine.cnrm.cloud.google.com names: categories: - gcp kind: AppEngineDomainMapping plural: appenginedomainmappings shortNames: - gcpappenginedomainmapping - gcpappenginedomainmappings singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: overrideStrategy: description: |- Whether the domain creation should override any existing mappings for this domain. By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. type: string project: description: Immutable. type: string resourceID: description: Immutable. Optional. The domainName of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sslSettings: description: SSL configuration for this domain. If unconfigured, this domain will not serve with SSL. properties: certificateId: description: |- ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will remove SSL support. By default, a managed certificate is automatically created for every domain mapping. To omit SSL support or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. Example: 12345. type: string pendingManagedCertificateId: description: |- ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the 'certificateId' field with an update request. type: string sslManagementType: description: |- SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. type: string required: - sslManagementType type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer resourceRecords: description: |- The resource records required to configure this domain mapping. These records must be added to the domain's DNS configuration in order to serve the application via this domain mapping. items: properties: name: description: 'Relative name of the object affected by this record. Only applicable for CNAME records. Example: ''www''.' type: string rrdata: description: Data for this record. Values vary by record type, as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). type: string type: description: 'Resource record type. Example: ''AAAA''. Possible values: ["A", "AAAA", "CNAME"].' type: string type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: appenginefirewallrules.appengine.cnrm.cloud.google.com spec: group: appengine.cnrm.cloud.google.com names: categories: - gcp kind: AppEngineFirewallRule plural: appenginefirewallrules shortNames: - gcpappenginefirewallrule - gcpappenginefirewallrules singular: appenginefirewallrule preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: action: description: 'The action to take if this rule matches. Possible values: ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' type: string description: description: An optional string description of this rule. type: string project: description: Immutable. type: string resourceID: description: Immutable. Optional. The priority of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceRange: description: IP address or range, defined using CIDR notation, of requests that this rule applies to. type: string required: - action - sourceRange type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: group: appengine.cnrm.cloud.google.com names: categories: - gcp kind: AppEngineFlexibleAppVersion plural: appengineflexibleappversions shortNames: - gcpappengineflexibleappversion - gcpappengineflexibleappversions singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: apiConfig: description: Serving configuration for Google Cloud Endpoints. properties: authFailAction: description: 'Action to take when users access resources that require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' type: string login: description: 'Level of login required to access this resource. Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", "LOGIN_REQUIRED"].' type: string script: description: Path to the script from the application root directory. type: string securityLevel: description: 'Security (HTTPS) enforcement for this URL. Possible values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", "SECURE_ALWAYS"].' type: string url: description: URL to serve the endpoint at. type: string required: - script type: object automaticScaling: description: Automatic scaling is based on request rate, response latencies, and other application metrics. properties: coolDownPeriod: description: |- The time period that the Autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. Default: 120s. type: string cpuUtilization: description: Target scaling by CPU usage. properties: aggregationWindowLength: description: Period of time over which CPU utilization is calculated. type: string targetUtilization: description: Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1. type: number required: - targetUtilization type: object diskUtilization: description: Target scaling by disk usage. properties: targetReadBytesPerSecond: description: Target bytes read per second. type: integer targetReadOpsPerSecond: description: Target ops read per seconds. type: integer targetWriteBytesPerSecond: description: Target bytes written per second. type: integer targetWriteOpsPerSecond: description: Target ops written per second. type: integer type: object maxConcurrentRequests: description: |- Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value. type: integer maxIdleInstances: description: Maximum number of idle instances that should be maintained for this version. type: integer maxPendingLatency: description: Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. type: string maxTotalInstances: description: 'Maximum number of instances that should be started to handle requests for this version. Default: 20.' type: integer minIdleInstances: description: Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. type: integer minPendingLatency: description: Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. type: string minTotalInstances: description: 'Minimum number of running instances that should be maintained for this version. Default: 2.' type: integer networkUtilization: description: Target scaling by network usage. properties: targetReceivedBytesPerSecond: description: Target bytes received per second. type: integer targetReceivedPacketsPerSecond: description: Target packets received per second. type: integer targetSentBytesPerSecond: description: Target bytes sent per second. type: integer targetSentPacketsPerSecond: description: Target packets sent per second. type: integer type: object requestUtilization: description: Target scaling by request utilization. properties: targetConcurrentRequests: description: Target number of concurrent requests. type: number targetRequestCountPerSecond: description: Target requests per second. type: string type: object required: - cpuUtilization type: object betaSettings: additionalProperties: type: string description: Metadata settings that are supplied to this version to enable beta runtime features. type: object defaultExpiration: description: |- Duration that static files should be cached by web proxies and browsers. Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. type: string deleteServiceOnDestroy: description: If set to 'true', the service will be deleted if it is the last version. type: boolean deployment: description: Code and application artifacts that make up this version. properties: cloudBuildOptions: description: Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly. properties: appYamlPath: description: Path to the yaml file used in deployment, used to determine runtime configuration details. type: string cloudBuildTimeout: description: |- The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - appYamlPath type: object container: description: The Docker image for the container that runs the version. properties: image: description: |- URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string required: - image type: object files: description: |- Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. items: properties: name: type: string sha1Sum: description: SHA1 checksum of the file. type: string sourceUrl: description: Source URL. type: string required: - name - sourceUrl type: object type: array zip: description: Zip File. properties: filesCount: description: files count. type: integer sourceUrl: description: Source URL. type: string required: - sourceUrl type: object type: object endpointsApiService: description: Code and application artifacts that make up this version. properties: configId: description: |- Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID and is required in this case. Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need the configuration ID. In this case, configId must be omitted. type: string disableTraceSampling: description: Enable or disable trace sampling. By default, this is set to false for enabled. type: boolean name: description: |- Endpoints service name which is the name of the "service" resource in the Service Management API. For example "myapi.endpoints.myproject.cloud.goog". type: string rolloutStrategy: description: 'Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - name type: object entrypoint: description: The entrypoint for the application. properties: shell: description: The format should be a shell command that can be fed to bash -c. type: string required: - shell type: object envVariables: additionalProperties: type: string type: object handlers: description: |- An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. items: properties: authFailAction: description: 'Actions to take when the user is not logged in. Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' type: string login: description: 'Methods to restrict access to a URL based on login status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", "LOGIN_REQUIRED"].' type: string redirectHttpResponseCode: description: '30x code to use when performing redirects for the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", "REDIRECT_HTTP_RESPONSE_CODE_307"].' type: string script: description: |- Executes a script to handle the requests that match this URL pattern. Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". properties: scriptPath: description: Path to the script from the application root directory. type: string required: - scriptPath type: object securityLevel: description: 'Security (HTTPS) enforcement for this URL. Possible values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", "SECURE_ALWAYS"].' type: string staticFiles: description: |- Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. properties: applicationReadable: description: |- Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged against both your code and static data storage resource quotas. type: boolean expiration: description: |- Time a static file served by this handler should be cached by web proxies and browsers. A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". Default is '0s'. type: string httpHeaders: additionalProperties: type: string description: |- HTTP headers to use for all responses from these URLs. An object containing a list of "key:value" value pairs.". type: object mimeType: description: |- MIME type used to serve all files served by this handler. Defaults to file-specific MIME types, which are derived from each file's filename extension. type: string path: description: |- Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern. type: string requireMatchingFile: description: Whether this handler should match the request if the file referenced by the handler does not exist. type: boolean uploadPathRegex: description: Regular expression that matches the file paths for all files that should be referenced by this handler. type: string type: object urlRegex: description: |- URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. type: string type: object type: array inboundServices: description: 'A list of the types of messages that this application is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", "INBOUND_SERVICE_WARMUP"].' items: type: string type: array instanceClass: description: |- Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G ManualScaling: B1, B2, B4, B8, B4_1G Defaults to F1 for AutomaticScaling and B1 for ManualScaling. type: string livenessCheck: description: Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances. properties: checkInterval: description: Interval between health checks. type: string failureThreshold: description: 'Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.' type: number host: description: 'Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com".' type: string initialDelay: description: 'The initial delay before starting to execute the checks. Default: "300s".' type: string path: description: The request path. type: string successThreshold: description: 'Number of consecutive successful checks required before considering the VM healthy. Default: 2.' type: number timeout: description: 'Time before the check is considered failed. Default: "4s".' type: string required: - path type: object manualScaling: description: A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. properties: instances: description: |- Number of instances to assign to the service at the start. **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. type: integer required: - instances type: object network: description: Extra network settings. properties: forwardedPorts: description: List of ports, or port pairs, to forward from the virtual machine to the application container. items: type: string type: array instanceTag: description: Tag to apply to the instance during creation. type: string name: description: Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path. type: string sessionAffinity: description: Enable session affinity. type: boolean subnetwork: description: |- Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string required: - name type: object nobuildFilesRegex: description: Files that match this pattern will not be built into this version. Only applicable for Go runtimes. type: string noopOnDestroy: description: If set to 'true', the application version will not be deleted. type: boolean project: description: Immutable. type: string readinessCheck: description: Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation. properties: appStartTimeout: description: |- A maximum time limit on application initialization, measured from moment the application successfully replies to a healthcheck until it is ready to serve traffic. Default: "300s". type: string checkInterval: description: 'Interval between health checks. Default: "5s".' type: string failureThreshold: description: 'Number of consecutive failed checks required before removing traffic. Default: 2.' type: number host: description: 'Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com".' type: string path: description: The request path. type: string successThreshold: description: 'Number of consecutive successful checks required before receiving traffic. Default: 2.' type: number timeout: description: 'Time before the check is considered failed. Default: "4s".' type: string required: - path type: object resourceID: description: Immutable. Optional. The versionId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resources: description: Machine resources for a version. properties: cpu: description: Number of CPU cores needed. type: integer diskGb: description: Disk size (GB) needed. type: integer memoryGb: description: Memory (GB) needed. type: number volumes: description: List of ports, or port pairs, to forward from the virtual machine to the application container. items: properties: name: description: Unique name for the volume. type: string sizeGb: description: Volume size in gigabytes. type: integer volumeType: description: Underlying volume type, e.g. 'tmpfs'. type: string required: - name - sizeGb - volumeType type: object type: array type: object runtime: description: Desired runtime. Example python27. type: string runtimeApiVersion: description: |- The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string runtimeChannel: description: The channel of the runtime to use. Only available for some runtimes. type: string runtimeMainExecutablePath: description: The path or name of the app's main executable. type: string serviceAccount: description: |- The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag. type: string serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `AppEngineService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object servingStatus: description: 'Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: "SERVING" Possible values: ["SERVING", "STOPPED"].' type: string vpcAccessConnector: description: Enables VPC connectivity for standard apps. properties: name: description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string required: - name type: object required: - livenessCheck - readinessCheck - runtime - serviceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: Full path to the Version resource in the API. Example, "v1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com spec: group: appengine.cnrm.cloud.google.com names: categories: - gcp kind: AppEngineServiceSplitTraffic plural: appengineservicesplittraffics shortNames: - gcpappengineservicesplittraffic - gcpappengineservicesplittraffics singular: appengineservicesplittraffic preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: migrateTraffic: description: If set to true traffic will be migrated to this version. type: boolean project: description: Immutable. type: string resourceID: description: Immutable. Optional. The service of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string split: description: Mapping that defines fractional HTTP traffic diversion to different versions within the service. properties: allocations: additionalProperties: type: string description: Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits. type: object shardBy: description: 'Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - allocations type: object required: - split type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: group: appengine.cnrm.cloud.google.com names: categories: - gcp kind: AppEngineStandardAppVersion plural: appenginestandardappversions shortNames: - gcpappenginestandardappversion - gcpappenginestandardappversions singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: appEngineApis: description: Allows App Engine second generation runtimes to access the legacy bundled services. type: boolean automaticScaling: description: Automatic scaling is based on request rate, response latencies, and other application metrics. properties: maxConcurrentRequests: description: |- Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value. type: integer maxIdleInstances: description: Maximum number of idle instances that should be maintained for this version. type: integer maxPendingLatency: description: |- Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string minIdleInstances: description: Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. type: integer minPendingLatency: description: |- Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string standardSchedulerSettings: description: Scheduler settings for standard environment. properties: maxInstances: description: Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration. type: integer minInstances: description: Minimum number of instances to run for this version. Set to zero to disable minInstances configuration. type: integer targetCpuUtilization: description: Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. type: number targetThroughputUtilization: description: Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. type: number type: object type: object basicScaling: description: Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity. properties: idleTimeout: description: |- Duration of time after the last request that an instance must wait before the instance is shut down. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string maxInstances: description: Maximum number of instances to create for this version. Must be in the range [1.0, 200.0]. type: integer required: - maxInstances type: object deleteServiceOnDestroy: description: If set to 'true', the service will be deleted if it is the last version. type: boolean deployment: description: Code and application artifacts that make up this version. properties: files: description: |- Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. items: properties: name: type: string sha1Sum: description: SHA1 checksum of the file. type: string sourceUrl: description: Source URL. type: string required: - name - sourceUrl type: object type: array zip: description: Zip File. properties: filesCount: description: files count. type: integer sourceUrl: description: Source URL. type: string required: - sourceUrl type: object type: object entrypoint: description: The entrypoint for the application. properties: shell: description: The format should be a shell command that can be fed to bash -c. type: string required: - shell type: object envVariables: additionalProperties: type: string description: Environment variables available to the application. type: object handlers: description: |- An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. items: properties: authFailAction: description: 'Actions to take when the user is not logged in. Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' type: string login: description: 'Methods to restrict access to a URL based on login status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", "LOGIN_REQUIRED"].' type: string redirectHttpResponseCode: description: '30x code to use when performing redirects for the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", "REDIRECT_HTTP_RESPONSE_CODE_307"].' type: string script: description: |- Executes a script to handle the requests that match this URL pattern. Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". properties: scriptPath: description: Path to the script from the application root directory. type: string required: - scriptPath type: object securityLevel: description: 'Security (HTTPS) enforcement for this URL. Possible values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", "SECURE_ALWAYS"].' type: string staticFiles: description: Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. properties: applicationReadable: description: |- Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged against both your code and static data storage resource quotas. type: boolean expiration: description: |- Time a static file served by this handler should be cached by web proxies and browsers. A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". type: string httpHeaders: additionalProperties: type: string description: |- HTTP headers to use for all responses from these URLs. An object containing a list of "key:value" value pairs.". type: object mimeType: description: |- MIME type used to serve all files served by this handler. Defaults to file-specific MIME types, which are derived from each file's filename extension. type: string path: description: Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern. type: string requireMatchingFile: description: Whether this handler should match the request if the file referenced by the handler does not exist. type: boolean uploadPathRegex: description: Regular expression that matches the file paths for all files that should be referenced by this handler. type: string type: object urlRegex: description: |- URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. type: string type: object type: array inboundServices: description: 'A list of the types of messages that this application is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", "INBOUND_SERVICE_WARMUP"].' items: type: string type: array instanceClass: description: |- Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. type: string libraries: description: Configuration for third-party Python runtime libraries that are required by the application. items: properties: name: description: Name of the library. Example "django". type: string version: description: Version of the library to select, or "latest". type: string type: object type: array manualScaling: description: A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. properties: instances: description: |- Number of instances to assign to the service at the start. **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. type: integer required: - instances type: object noopOnDestroy: description: If set to 'true', the application version will not be deleted. type: boolean project: description: Immutable. type: string resourceID: description: Immutable. Optional. The versionId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: description: Desired runtime. Example python27. type: string runtimeApiVersion: description: |- The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string serviceAccount: description: The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag. type: string serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `AppEngineService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object threadsafe: description: Whether multiple requests can be dispatched to this version at once. type: boolean vpcAccessConnector: description: Enables VPC connectivity for standard apps. properties: egressSetting: description: The egress setting for the connector, controlling what traffic is diverted through it. type: string name: description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string required: - name type: object required: - deployment - entrypoint - runtime - serviceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: Full path to the Version resource in the API. Example, "v1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp kind: ArtifactRegistryRepository plural: artifactregistryrepositories shortNames: - gcpartifactregistryrepository - gcpartifactregistryrepositories singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The user-provided description of the repository. type: string dockerConfig: description: Docker repository config contains repository level configuration for the repositories of docker type. properties: immutableTags: description: The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. type: boolean type: object format: description: |- Immutable. The format of packages that are stored in the repository. Supported formats can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string kmsKeyRef: description: |- The customer managed encryption key that’s used to encrypt the contents of the Repository. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: Immutable. The name of the location this repository is located in. type: string mavenConfig: description: |- MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. properties: allowSnapshotOverwrites: description: |- Immutable. The repository with this flag will allow publishing the same snapshot versions. type: boolean versionPolicy: description: 'Immutable. Version policy defines the versions that the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' type: string type: object mode: description: 'Immutable. The mode configures the repository to serve artifacts from different sources. Default value: "STANDARD_REPOSITORY" Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string remoteRepositoryConfig: description: Immutable. Configuration specific for a Remote Repository. properties: description: description: Immutable. The description of the remote source. type: string dockerRepository: description: Immutable. Specific settings for a Docker remote repository. properties: publicRepository: description: 'Immutable. Address of the remote repository. Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' type: string type: object mavenRepository: description: Immutable. Specific settings for a Maven remote repository. properties: publicRepository: description: 'Immutable. Address of the remote repository. Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' type: string type: object npmRepository: description: Immutable. Specific settings for an Npm remote repository. properties: publicRepository: description: 'Immutable. Address of the remote repository. Default value: "NPMJS" Possible values: ["NPMJS"].' type: string type: object pythonRepository: description: Immutable. Specific settings for a Python remote repository. properties: publicRepository: description: 'Immutable. Address of the remote repository. Default value: "PYPI" Possible values: ["PYPI"].' type: string type: object type: object resourceID: description: Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string virtualRepositoryConfig: description: Configuration specific for a Virtual Repository. properties: upstreamPolicies: description: |- Policies that configure the upstream artifacts distributed by the Virtual Repository. Upstream policies cannot be set on a standard repository. items: properties: id: description: The user-provided ID of the upstream policy. type: string priority: description: Entries with a greater priority value take precedence in the pull order. type: integer repositoryRef: description: |- A reference to the repository resource, for example: "projects/p1/locations/us-central1/repositories/repo1". oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, where {{value}} is the `name` field of an `ArtifactRegistryRepository` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array type: object required: - format - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time when the repository was created. type: string name: description: |- The name of the repository, for example: "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The time when the repository was last updated. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp kind: BeyondCorpAppConnection plural: beyondcorpappconnections shortNames: - gcpbeyondcorpappconnection - gcpbeyondcorpappconnections singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: applicationEndpoint: description: Address of the remote application endpoint for the BeyondCorp AppConnection. properties: host: description: Hostname or IP address of the remote application endpoint. type: string port: description: Port of the remote application endpoint. type: integer required: - host - port type: object connectors: description: List of AppConnectors that are authorised to be associated with this AppConnection. items: type: string type: array displayName: description: An arbitrary user-provided name for the AppConnection. type: string gateway: description: Gateway used by the AppConnection. properties: appGateway: description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' type: string ingressPort: description: Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443. type: integer type: description: |- The type of hosting used by the gateway. Refer to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 for a list of possible values. type: string uri: description: Server-defined URI for this resource. type: string required: - appGateway type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the AppConnection. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: |- Immutable. The type of network connectivity used by the AppConnection. Refer to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type for a list of possible values. type: string required: - applicationEndpoint - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp kind: BeyondCorpAppConnector plural: beyondcorpappconnectors shortNames: - gcpbeyondcorpappconnector - gcpbeyondcorpappconnectors singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: An arbitrary user-provided name for the AppConnector. type: string principalInfo: description: Principal information about the Identity of the AppConnector. properties: serviceAccount: description: ServiceAccount represents a GCP service account. properties: email: description: Email address of the service account. type: string required: - email type: object required: - serviceAccount type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the AppConnector. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - principalInfo - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: Represents the different states of a AppConnector. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp kind: BeyondCorpAppGateway plural: beyondcorpappgateways shortNames: - gcpbeyondcorpappgateway - gcpbeyondcorpappgateways singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Immutable. An arbitrary user-provided name for the AppGateway. type: string hostType: description: 'Immutable. The type of hosting used by the AppGateway. Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", "GCP_REGIONAL_MIG"].' type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: 'Immutable. The type of network connectivity used by the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", "TCP_PROXY"].' type: string required: - projectRef - region type: object status: properties: allocatedConnections: description: A list of connections allocated for the Gateway. items: properties: ingressPort: description: The ingress port of an allocated connection. type: integer pscUri: description: The PSC uri of an allocated connection. type: string type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: Represents the different states of a AppGateway. type: string uri: description: Server-defined URI for this resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com spec: group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryAnalyticsHubDataExchange plural: bigqueryanalyticshubdataexchanges shortNames: - gcpbigqueryanalyticshubdataexchange - gcpbigqueryanalyticshubdataexchanges singular: bigqueryanalyticshubdataexchange preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Description of the data exchange. type: string displayName: description: Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces. type: string documentation: description: Documentation describing the data exchange. type: string icon: description: Base64 encoded image representing the data exchange. type: string location: description: Immutable. The name of the location this data exchange. type: string primaryContact: description: Email or URL of the primary point of contact of the data exchange. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The dataExchangeId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - displayName - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array listingCount: description: Number of listings contained in the data exchange. type: integer name: description: |- The resource name of the data exchange, for example: "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryAnalyticsHubListing plural: bigqueryanalyticshublistings shortNames: - gcpbigqueryanalyticshublisting - gcpbigqueryanalyticshublistings singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bigqueryDataset: description: Shared dataset i.e. BigQuery dataset source. properties: dataset: description: Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123. type: string required: - dataset type: object categories: description: Categories of the listing. Up to two categories are allowed. items: type: string type: array dataExchangeId: description: Immutable. The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. type: string dataProvider: description: Details of the data provider who owns the source data. properties: name: description: Name of the data provider. type: string primaryContact: description: Email or URL of the data provider. type: string required: - name type: object description: description: Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). type: string displayName: description: Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (&) and can't start or end with spaces. type: string documentation: description: Documentation describing the listing. type: string icon: description: Base64 encoded image representing the listing. type: string location: description: Immutable. The name of the location this data exchange listing. type: string primaryContact: description: Email or URL of the primary point of contact of the listing. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publisher: description: Details of the publisher who owns the listing and who can share the source data. properties: name: description: Name of the listing publisher. type: string primaryContact: description: Email or URL of the listing publisher. type: string required: - name type: object requestAccess: description: Email or URL of the request access of the listing. Subscribers can use this reference to request access. type: string resourceID: description: Immutable. Optional. The listingId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - bigqueryDataset - dataExchangeId - displayName - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryConnectionConnection plural: bigqueryconnectionconnections shortNames: - gcpbigqueryconnectionconnection - gcpbigqueryconnectionconnections singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: aws: description: Connection properties specific to Amazon Web Services. properties: accessRole: description: Authentication using Google owned service account to assume into customer's AWS IAM Role. properties: iamRoleId: description: The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection. type: string identity: description: A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role. type: string required: - iamRoleId type: object required: - accessRole type: object azure: description: Container for connection properties specific to Azure. properties: application: description: The name of the Azure Active Directory Application. type: string clientId: description: The client id of the Azure Active Directory Application. type: string customerTenantId: description: The id of customer's directory that host the data. type: string federatedApplicationClientId: description: The Azure Application (client) ID where the federated credentials will be hosted. type: string identity: description: A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application. type: string objectId: description: The object id of the Azure Active Directory Application. type: string redirectUri: description: The URL user will be redirected to after granting consent during connection setup. type: string required: - customerTenantId type: object cloudResource: description: Container for connection properties for delegation of access to GCP resources. properties: serviceAccountId: description: The account ID of the service created for the purpose of this connection. type: string type: object cloudSpanner: description: Connection properties specific to Cloud Spanner. properties: database: description: Cloud Spanner database in the form 'project/instance/database'. type: string useParallelism: description: If parallelism should be used when reading from Cloud Spanner. type: boolean useServerlessAnalytics: description: If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. type: boolean required: - database type: object cloudSql: description: Connection properties specific to the Cloud SQL. properties: credential: description: Cloud SQL properties. properties: password: description: Password for database. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object username: description: Username for database. type: string required: - password - username type: object database: description: Database name. type: string instanceId: description: Cloud SQL instance ID in the form project:location:instance. type: string serviceAccountId: description: When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection. type: string type: description: 'Type of the Cloud SQL database. Possible values: ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' type: string required: - credential - database - instanceId - type type: object description: description: A descriptive description for the connection. type: string friendlyName: description: A descriptive name for the connection. type: string location: description: |- Immutable. The geographic location where the connection should reside. Cloud SQL instance must be in the same location as the connection with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. Examples: US, EU, asia-northeast1, us-central1, europe-west1. Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The connectionId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array hasCredential: description: True if the connection has credential assigned. type: boolean name: description: |- The resource name of the connection in the form of: "projects/{project_id}/locations/{location_id}/connections/{connectionId}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com spec: group: bigquerydatapolicy.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryDataPolicyDataPolicy plural: bigquerydatapolicydatapolicies shortNames: - gcpbigquerydatapolicydatapolicy - gcpbigquerydatapolicydatapolicies singular: bigquerydatapolicydatapolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataMaskingPolicy: description: The data masking policy that specifies the data masking rule to use. properties: predefinedExpression: description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", "DATE_YEAR_MASK"].' type: string required: - predefinedExpression type: object dataPolicyType: description: 'The enrollment level of the service. Possible values: ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: description: Immutable. The name of the location of the data policy. type: string policyTag: description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The dataPolicyId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - dataPolicyType - location - policyTag - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com spec: group: bigquery.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryDatasetAccess plural: bigquerydatasetaccesses shortNames: - gcpbigquerydatasetaccess - gcpbigquerydatasetaccesses singular: bigquerydatasetaccess preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataset: description: Immutable. Grants all resources of particular types in a particular dataset read access to the current dataset. properties: dataset: description: Immutable. The dataset this entry applies to. properties: datasetId: description: Immutable. The ID of the dataset containing this table. type: string projectId: description: Immutable. The ID of the project containing this table. type: string required: - datasetId - projectId type: object targetTypes: description: |- Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, but additional target types may be added in the future. Possible values: VIEWS. items: type: string type: array required: - dataset - targetTypes type: object datasetId: description: |- Immutable. A unique ID for this dataset, without the project name. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. type: string domain: description: |- Immutable. A domain to grant access to. Any users signed in with the domain specified will be granted the specified access. type: string groupByEmail: description: Immutable. An email address of a Google Group to grant access to. type: string iamMember: description: |- Immutable. Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. For example: 'allUsers'. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The routine of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string role: description: |- Immutable. Describes the rights granted to the user specified by the other member of the access object. Basic, predefined, and custom roles are supported. Predefined roles that have equivalent basic roles are swapped by the API to their basic counterparts, and will show a diff post-create. See [official docs](https://cloud.google.com/bigquery/docs/access-control). type: string specialGroup: description: |- Immutable. A special group to grant access to. Possible values include: * 'projectOwners': Owners of the enclosing project. * 'projectReaders': Readers of the enclosing project. * 'projectWriters': Writers of the enclosing project. * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string userByEmail: description: |- Immutable. An email address of a user to grant access to. For example: fred@example.com. type: string view: description: |- Immutable. A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. properties: datasetId: description: Immutable. The ID of the dataset containing this table. type: string projectId: description: Immutable. The ID of the project containing this table. type: string tableId: description: |- Immutable. The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. type: string required: - datasetId - projectId - tableId type: object required: - datasetId - projectRef type: object status: properties: apiUpdatedMember: description: If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type. type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: group: bigquery.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryDataset plural: bigquerydatasets shortNames: - gcpbigquerydataset - gcpbigquerydatasets singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: access: description: An array of objects that define dataset access for one or more entities. items: properties: dataset: description: Grants all resources of particular types in a particular dataset read access to the current dataset. properties: dataset: description: The dataset this entry applies to. properties: datasetId: description: The ID of the dataset containing this table. type: string projectId: description: The ID of the project containing this table. type: string required: - datasetId - projectId type: object targetTypes: description: |- Which resources in the dataset this entry applies to. Currently, only views are supported, but additional target types may be added in the future. Possible values: VIEWS. items: type: string type: array required: - dataset - targetTypes type: object domain: description: |- A domain to grant access to. Any users signed in with the domain specified will be granted the specified access. type: string groupByEmail: description: An email address of a Google Group to grant access to. type: string role: description: |- Describes the rights granted to the user specified by the other member of the access object. Basic, predefined, and custom roles are supported. Predefined roles that have equivalent basic roles are swapped by the API to their basic counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control). type: string specialGroup: description: |- A special group to grant access to. Possible values include: * 'projectOwners': Owners of the enclosing project. * 'projectReaders': Readers of the enclosing project. * 'projectWriters': Writers of the enclosing project. * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string userByEmail: description: |- An email address of a user to grant access to. For example: fred@example.com. type: string view: description: |- A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation. properties: datasetId: description: The ID of the dataset containing this table. type: string projectId: description: The ID of the project containing this table. type: string tableId: description: |- The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. type: string required: - datasetId - projectId - tableId type: object type: object type: array defaultCollation: description: |- Defines the default collation specification of future tables created in the dataset. If a table is created in this dataset without table-level default collation, then the table inherits the dataset default collation, which is applied to the string fields that do not have explicit collation specified. A change to this field affects only tables created afterwards, and does not alter the existing tables. The following values are supported: - 'und:ci': undetermined locale, case insensitive. - '': empty string. Default to case-sensitive behavior. type: string defaultEncryptionConfiguration: description: |- The default encryption key for all tables in the dataset. Once this property is set, all newly-created partitioned tables in the dataset will have encryption key set to this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeyRef type: object defaultPartitionExpirationMs: description: |- The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an 'expirationMs' property in the 'timePartitioning' settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. Setting this property overrides the use of 'defaultTableExpirationMs' for partitioned tables: only one of 'defaultTableExpirationMs' and 'defaultPartitionExpirationMs' will be used for any new partitioned table. If you provide an explicit 'timePartitioning.expirationMs' when creating or updating a partitioned table, that value takes precedence over the default partition expiration time indicated by this property. type: integer defaultTableExpirationMs: description: |- The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an 'expirationTime' property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the 'expirationTime' for a given table is reached, that table will be deleted automatically. If a table's 'expirationTime' is modified or removed before the table expires, or if you provide an explicit 'expirationTime' when creating a table, that value takes precedence over the default expiration time indicated by this property. type: integer description: description: A user-friendly description of the dataset. type: string friendlyName: description: A descriptive name for the dataset. type: string isCaseInsensitive: description: |- TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. By default, this is FALSE, which means the dataset and its table names are case-sensitive. This field does not affect routine references. type: boolean location: description: |- Immutable. The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. The default value is multi-regional location 'US'. Changing this forces a new resource to be created. type: string maxTimeTravelHours: description: Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days). type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The datasetId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTime: description: |- The time when this dataset was created, in milliseconds since the epoch. type: integer etag: description: A hash of the resource. type: string lastModifiedTime: description: |- The date when this dataset or any of its tables was last modified, in milliseconds since the epoch. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryDataTransferConfig plural: bigquerydatatransferconfigs shortNames: - gcpbigquerydatatransferconfig - gcpbigquerydatatransferconfigs singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataRefreshWindowDays: description: |- The number of days to look back to automatically refresh the data. For example, if dataRefreshWindowDays = 10, then every day BigQuery reingests data for [today-10, today-1], rather than ingesting data for just [today-1]. Only valid if the data source supports the feature. Set the value to 0 to use the default value. type: integer dataSourceId: description: Immutable. The data source id. Cannot be changed once the transfer config is created. type: string destinationDatasetId: description: The BigQuery target dataset id. type: string disabled: description: When set to true, no runs are scheduled for a given transfer. type: boolean displayName: description: The user specified display name for the transfer config. type: string emailPreferences: description: |- Email notifications will be sent according to these preferences to the email address of the user who owns this transfer config. properties: enableFailureEmail: description: If true, email notifications will be sent on transfer run failures. type: boolean required: - enableFailureEmail type: object location: description: |- Immutable. The geographic location where the transfer config should reside. Examples: US, EU, asia-northeast1. The default value is US. type: string notificationPubsubTopic: description: |- Pub/Sub topic where notifications will be sent after transfer runs associated with this transfer config finish. type: string params: additionalProperties: type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string schedule: description: |- Data transfer schedule. If the data source does not support a custom schedule, this should be empty. If it is empty, the default value for the data source will be used. The specified times are in UTC. Examples of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, jun 13:15, and first sunday of quarter 00:00. See more explanation about the format here: https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format NOTE: the granularity should be at least 8 hours, or less frequent. type: string scheduleOptions: description: Options customizing the data transfer schedule. properties: disableAutoScheduling: description: |- If true, automatic scheduling of data transfer runs for this configuration will be disabled. The runs can be started on ad-hoc basis using transferConfigs.startManualRuns API. When automatic scheduling is disabled, the TransferConfig.schedule field will be ignored. type: boolean endTime: description: |- Defines time to stop scheduling transfer runs. A transfer run cannot be scheduled at or after the end time. The end time can be changed at any moment. The time when a data transfer can be triggered manually is not limited by this option. type: string startTime: description: |- Specifies time to start scheduling transfer runs. The first run will be scheduled at or after the start time according to a recurrence pattern defined in the schedule string. The start time can be changed at any moment. The time when a data transfer can be triggered manually is not limited by this option. type: string type: object sensitiveParams: description: |- Different parameters are configured primarily using the the 'params' field on this resource. This block contains the parameters which contain secrets or passwords so that they can be marked sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key in the 'params' map in the api request. Credentials may not be specified in both locations and will cause an error. Changing from one location to a different credential configuration in the config will require an apply to update state. properties: secretAccessKey: description: The Secret Access Key of the AWS account transferring data from. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object required: - secretAccessKey type: object serviceAccountName: description: |- Immutable. Service account email. If this field is set, transfer config will be created with this service account credentials. It requires that requesting user calling this API has permissions to act as this service account. type: string required: - dataSourceId - displayName - params - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name of the transfer config. Transfer config names have the form projects/{projectId}/locations/{location}/transferConfigs/{configId}. Where configId is usually a uuid, but this is not required. The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: group: bigquery.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryJob plural: bigqueryjobs shortNames: - gcpbigqueryjob - gcpbigqueryjobs singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: copy: description: Immutable. Copies a table. properties: createDisposition: description: |- Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string destinationEncryptionConfiguration: description: Immutable. Custom encryption configuration (e.g., Cloud KMS keys). properties: kmsKeyRef: description: |- Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyVersion: description: Describes the Cloud KMS encryption key version used to protect destination BigQuery table. type: string required: - kmsKeyRef type: object destinationTable: description: Immutable. The destination table. properties: tableRef: description: A reference to the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tableRef type: object sourceTables: description: Immutable. Source tables to copy. items: properties: tableRef: description: A reference to the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tableRef type: object type: array writeDisposition: description: |- Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. Each action is atomic and only occurs if BigQuery is able to complete the job successfully. Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string required: - sourceTables type: object extract: description: Immutable. Configures an extract job. properties: compression: description: |- Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string destinationFormat: description: |- Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. The default value for models is SAVED_MODEL. type: string destinationUris: description: Immutable. A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written. items: type: string type: array fieldDelimiter: description: |- Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. Default is ','. type: string printHeader: description: Immutable. Whether to print out a header row in the results. Default is true. type: boolean sourceTable: description: Immutable. A reference to the table being exported. properties: tableRef: description: A reference to the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tableRef type: object useAvroLogicalTypes: description: Immutable. Whether to use logical types when extracting to AVRO format. type: boolean required: - destinationUris type: object jobTimeoutMs: description: Immutable. Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job. type: string load: description: Immutable. Configures a load job. properties: allowJaggedRows: description: |- Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. type: boolean allowQuotedNewlines: description: |- Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false. type: boolean autodetect: description: Immutable. Indicates if we should automatically infer the options and schema for CSV and JSON sources. type: boolean createDisposition: description: |- Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string destinationEncryptionConfiguration: description: Immutable. Custom encryption configuration (e.g., Cloud KMS keys). properties: kmsKeyRef: description: |- Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyVersion: description: Describes the Cloud KMS encryption key version used to protect destination BigQuery table. type: string required: - kmsKeyRef type: object destinationTable: description: Immutable. The destination table to load the data into. properties: tableRef: description: A reference to the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tableRef type: object encoding: description: |- Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. The default value is UTF-8. BigQuery decodes the data after the raw, binary data has been split using the values of the quote and fieldDelimiter properties. type: string fieldDelimiter: description: |- Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. The default value is a comma (','). type: string ignoreUnknownValues: description: |- Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: CSV: Trailing columns JSON: Named values that don't match any column names. type: boolean jsonExtension: description: |- Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited GeoJSON: set to GEOJSON. type: string maxBadRecords: description: |- Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. type: integer nullMarker: description: |- Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as an empty value. type: string parquetOptions: description: Immutable. Parquet Options for load and make external tables. properties: enableListInference: description: Immutable. If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type. type: boolean enumAsString: description: Immutable. If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. type: boolean type: object projectionFields: description: |- Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array quote: description: |- Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the data in its raw, binary state. The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. type: string schemaUpdateOptions: description: |- Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: type: string type: array skipLeadingRows: description: |- Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. The default value is 0. This property is useful if you have header rows in the file that should be skipped. When autodetect is on, the behavior is the following: skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, the row is read as data. Otherwise data is read starting from the second row. skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, row N is just skipped. Otherwise row N is used to extract column names for the detected schema. type: integer sourceFormat: description: |- Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". The default value is CSV. type: string sourceUris: description: |- Immutable. The fully-qualified URIs that point to your data in Google Cloud. For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character and it must come after the 'bucket' name. Size limits related to load jobs apply to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array timePartitioning: description: Immutable. Time-based partitioning specification for the destination table. properties: expirationMs: description: Immutable. Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value. type: string field: description: |- Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. A wrapper is used here because an empty string is an invalid value. type: string type: description: |- Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, but in OnePlatform the field will be treated as unset. type: string required: - type type: object writeDisposition: description: |- Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. Each action is atomic and only occurs if BigQuery is able to complete the job successfully. Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string required: - destinationTable - sourceUris type: object location: description: Immutable. The geographic location of the job. The default value is US. type: string query: description: Immutable. Configures a query job. properties: allowLargeResults: description: |- Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. However, you must still set destinationTable when result size exceeds the allowed maximum response size. type: boolean createDisposition: description: |- Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string defaultDataset: description: Immutable. Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names. properties: datasetRef: description: A reference to the dataset. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryDataset` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - datasetRef type: object destinationEncryptionConfiguration: description: Immutable. Custom encryption configuration (e.g., Cloud KMS keys). properties: kmsKeyRef: description: |- Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyVersion: description: Describes the Cloud KMS encryption key version used to protect destination BigQuery table. type: string required: - kmsKeyRef type: object destinationTable: description: |- Immutable. Describes the table where the query results should be stored. This property must be set for large results that exceed the maximum response size. For queries that produce anonymous (cached) results, this field will be populated by BigQuery. properties: tableRef: description: A reference to the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tableRef type: object flattenResults: description: |- Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. type: boolean maximumBillingTier: description: |- Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). If unspecified, this will be set to your project default. type: integer maximumBytesBilled: description: |- Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). If unspecified, this will be set to your project default. type: string parameterMode: description: Immutable. Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query. type: string priority: description: 'Immutable. Specifies a priority for the query. Default value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' type: string query: description: |- Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. type: string schemaUpdateOptions: description: |- Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: type: string type: array scriptOptions: description: Immutable. Options controlling the execution of scripts. properties: keyResultStatement: description: |- Immutable. Determines which statement in the script represents the "key result", used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. type: string statementByteBudget: description: Immutable. Limit on the number of bytes billed per statement. Exceeding this budget results in an error. type: string statementTimeoutMs: description: Immutable. Timeout period for each statement in a script. type: string type: object useLegacySql: description: |- Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. If set to false, the query will use BigQuery's standard SQL. type: boolean useQueryCache: description: |- Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. The default value is true. type: boolean userDefinedFunctionResources: description: Immutable. Describes user-defined function resources used in the query. items: properties: inlineCode: description: |- Immutable. An inline resource that contains code for a user-defined function (UDF). Providing a inline code resource is equivalent to providing a URI for a file containing the same code. type: string resourceUri: description: Immutable. A code resource to load from a Google Cloud Storage URI (gs://bucket/path). type: string type: object type: array writeDisposition: description: |- Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. Each action is atomic and only occurs if BigQuery is able to complete the job successfully. Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string required: - query type: object resourceID: description: Immutable. Optional. The jobId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array jobType: description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer status: description: The status of this job. Examine this value when polling an asynchronous job to see if the job is complete. items: properties: errorResult: description: Final error result of the job. If present, indicates that the job has completed and was unsuccessful. items: properties: location: description: Specifies where the error occurred, if present. type: string message: description: A human-readable description of the error. type: string reason: description: A short error code that summarizes the error. type: string type: object type: array errors: description: |- The first errors encountered during the running of the job. The final message includes the number of errors that caused the process to stop. Errors here do not necessarily mean that the job has not completed or was unsuccessful. items: properties: location: description: Specifies where the error occurred, if present. type: string message: description: A human-readable description of the error. type: string reason: description: A short error code that summarizes the error. type: string type: object type: array state: description: Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'. type: string type: object type: array userEmail: description: Email address of the user who ran the job. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryReservationReservation plural: bigqueryreservationreservations shortNames: - gcpbigqueryreservationreservation - gcpbigqueryreservationreservations singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoscale: description: The configuration parameters for the auto scaling feature. properties: currentSlots: description: The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots]. type: integer maxSlots: description: Number of slots to be scaled when needed. type: integer type: object concurrency: description: Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size. type: integer edition: description: Immutable. The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS. type: string ignoreIdleSlots: description: |- If false, any query using this reservation will use idle slots from other reservations within the same admin project. If true, a query using this reservation will execute with the slot capacity specified above at most. type: boolean location: description: |- Immutable. The geographic location where the transfer config should reside. Examples: US, EU, asia-northeast1. The default value is US. type: string multiRegionAuxiliary: description: |- Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string slotCapacity: description: |- Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. type: integer required: - location - projectRef - slotCapacity type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigqueryroutines.bigquery.cnrm.cloud.google.com spec: group: bigquery.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryRoutine plural: bigqueryroutines shortNames: - gcpbigqueryroutine - gcpbigqueryroutines singular: bigqueryroutine preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: arguments: description: Input/output argument of a function or a stored procedure. items: properties: argumentKind: description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string dataType: description: |- A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. ~>**NOTE**: Because this field expects a JSON string, any changes to the string will create a diff, even if the JSON itself hasn't changed. If the API returns a different value for the same schema, e.g. it switched the order of values or replaced STRUCT field type with RECORD field type, we currently cannot suppress the recurring diff this causes. As a workaround, we recommend using the schema as returned by the API. type: string mode: description: 'Specifies whether the argument is input or output. Can be set for procedures only. Possible values: ["IN", "OUT", "INOUT"].' type: string name: description: The name of this argument. Can be absent for function return argument. type: string type: object type: array datasetRef: description: The ID of the dataset containing this routine. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object definitionBody: description: |- The body of the routine. For functions, this is the expression in the AS clause. If language=SQL, it is the substring inside (but excluding) the parentheses. type: string description: description: The description of the routine if defined. type: string determinismLevel: description: 'The determinism level of the JavaScript UDF if defined. Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", "NOT_DETERMINISTIC"].' type: string importedLibraries: description: |- Optional. If language = "JAVASCRIPT", this field stores the path of the imported JAVASCRIPT libraries. items: type: string type: array language: description: 'The language of the routine. Possible values: ["SQL", "JAVASCRIPT"].' type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The routineId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string returnTableType: description: |- Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". If absent, the return table type is inferred from definitionBody at query time in each query that references this routine. If present, then the columns in the evaluated table result will be cast to match the column types specificed in return table type, at query time. type: string returnType: description: |- A JSON schema for the return type. Optional if language = "SQL"; required otherwise. If absent, the return type is inferred from definitionBody at query time in each query that references this routine. If present, then the evaluated result will be cast to the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON string, any changes to the string will create a diff, even if the JSON itself hasn't changed. If the API returns a different value for the same schema, e.g. it switche d the order of values or replaced STRUCT field type with RECORD field type, we currently cannot suppress the recurring diff this causes. As a workaround, we recommend using the schema as returned by the API. type: string routineType: description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", "PROCEDURE", "TABLE_VALUED_FUNCTION"].' type: string required: - datasetRef - definitionBody - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTime: description: |- The time when this routine was created, in milliseconds since the epoch. type: integer lastModifiedTime: description: |- The time when this routine was modified, in milliseconds since the epoch. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigquerytables.bigquery.cnrm.cloud.google.com spec: group: bigquery.cnrm.cloud.google.com names: categories: - gcp kind: BigQueryTable plural: bigquerytables shortNames: - gcpbigquerytable - gcpbigquerytables singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clustering: description: Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order. items: type: string type: array datasetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: The field description. type: string encryptionConfiguration: description: Immutable. Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user. properties: kmsKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyVersion: description: The self link or full name of the kms key version used to encrypt this table. type: string required: - kmsKeyRef type: object expirationTime: description: The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed. type: integer externalDataConfiguration: description: Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table. properties: autodetect: description: Let BigQuery try to autodetect the schema and format of the table. type: boolean avroOptions: description: Additional options if source_format is set to "AVRO". properties: useAvroLogicalTypes: description: If sourceFormat is set to "AVRO", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER). type: boolean required: - useAvroLogicalTypes type: object compression: description: The compression type of the data source. Valid values are "NONE" or "GZIP". type: string connectionId: description: The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string csvOptions: description: Additional properties to set if source_format is set to "CSV". properties: allowJaggedRows: description: Indicates if BigQuery should accept rows that are missing trailing optional columns. type: boolean allowQuotedNewlines: description: Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false. type: boolean encoding: description: The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. type: string fieldDelimiter: description: The separator for fields in a CSV file. type: string quote: type: string skipLeadingRows: description: The number of rows at the top of a CSV file that BigQuery will skip when reading the data. type: integer required: - quote type: object googleSheetsOptions: description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: range: description: 'Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" For example: "sheet1!A1:B20".' type: string skipLeadingRows: description: The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set. type: integer type: object hivePartitioningOptions: description: When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification. properties: mode: description: When set, what mode of hive partitioning to use when reading data. type: string requirePartitionFilter: description: If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. type: boolean sourceUriPrefix: description: When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins. type: string type: object ignoreUnknownValues: description: Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false. type: boolean maxBadRecords: description: The maximum number of bad records that BigQuery can ignore when reading data. type: integer referenceFileSchemaUri: description: 'When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.' type: string schema: description: Immutable. A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables. type: string sourceFormat: description: ' Please see sourceFormat under ExternalDataConfiguration in Bigquery''s public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' type: string sourceUris: description: A list of the fully-qualified URIs that point to your data in Google Cloud. items: type: string type: array required: - autodetect - sourceFormat - sourceUris type: object friendlyName: description: A descriptive name for the table. type: string materializedView: description: If specified, configures this table as a materialized view. properties: enableRefresh: description: Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true. type: boolean query: description: Immutable. A query whose result is persisted. type: string refreshIntervalMs: description: Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000. type: integer required: - query type: object rangePartitioning: description: If specified, configures range-based partitioning for this table. properties: field: description: Immutable. The field used to determine how to create a range-based partition. type: string range: description: Information required to partition based on ranges. Structure is documented below. properties: end: description: End of the range partitioning, exclusive. type: integer interval: description: The width of each range within the partition. type: integer start: description: Start of the range partitioning, inclusive. type: integer required: - end - interval - start type: object required: - field - range type: object resourceID: description: Immutable. Optional. The tableId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string schema: description: A JSON schema for the table. type: string timePartitioning: description: If specified, configures time-based partitioning for this table. properties: expirationMs: description: Number of milliseconds for which to keep the storage for a partition. type: integer field: description: Immutable. The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time. type: string requirePartitionFilter: description: If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. type: boolean type: description: The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively. type: string required: - type type: object view: description: If specified, configures this table as a view. properties: query: description: A query that BigQuery executes when the view is referenced. type: string useLegacySql: description: Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL. type: boolean required: - query type: object required: - datasetRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTime: description: The time when this table was created, in milliseconds since the epoch. type: integer etag: description: A hash of the resource. type: string lastModifiedTime: description: The time when this table was last modified, in milliseconds since the epoch. type: integer location: description: The geographic location where the table resides. This value is inherited from the dataset. type: string numBytes: description: The geographic location where the table resides. This value is inherited from the dataset. type: integer numLongTermBytes: description: The number of bytes in the table that are considered "long-term storage". type: integer numRows: description: The number of rows of data in this table, excluding any data in the streaming buffer. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string type: description: Describes the table type. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: group: bigtable.cnrm.cloud.google.com names: categories: - gcp kind: BigtableAppProfile plural: bigtableappprofiles shortNames: - gcpbigtableappprofile - gcpbigtableappprofiles singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Long form description of the use case for this app profile. type: string instanceRef: description: The instance to create the app profile within. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object multiClusterRoutingClusterIds: description: The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible. items: type: string type: array multiClusterRoutingUseAny: description: |- If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes consistency to improve availability. type: boolean resourceID: description: Immutable. Optional. The appProfileId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string singleClusterRouting: description: Use a single-cluster routing policy. properties: allowTransactionalWrites: description: |- If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. It is unsafe to send these requests to the same table/row/column in multiple clusters. type: boolean clusterId: description: The cluster to which read/write requests should be routed. type: string required: - clusterId type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The unique name of the requested app profile. Values are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: group: bigtable.cnrm.cloud.google.com names: categories: - gcp kind: BigtableGCPolicy plural: bigtablegcpolicies shortNames: - gcpbigtablegcpolicy - gcpbigtablegcpolicies singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: columnFamily: description: Immutable. The name of the column family. type: string deletionPolicy: description: "The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\"." type: string gcRules: description: Serialized JSON string for garbage collection policy. Conflicts with "mode", "max_age" and "max_version". type: string instanceRef: description: The name of the Bigtable instance. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object maxAge: description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.' items: properties: days: description: DEPRECATED. Deprecated in favor of duration. Immutable. Number of days before applying GC policy. type: integer duration: description: Immutable. Duration before applying GC policy. type: string type: object type: array maxVersion: description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.' items: properties: number: description: Immutable. Number of version before applying the GC policy. type: integer required: - number type: object type: array mode: description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.' type: string tableRef: description: The name of the table. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigtableTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - columnFamily - instanceRef - tableRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: group: bigtable.cnrm.cloud.google.com names: categories: - gcp kind: BigtableInstance plural: bigtableinstances shortNames: - gcpbigtableinstance - gcpbigtableinstances singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cluster: description: A block of cluster configuration options. This can be specified at least once. items: properties: autoscalingConfig: description: A list of Autoscaling configurations. Only one element is used and allowed. properties: cpuTarget: description: The target CPU utilization for autoscaling. Value must be between 10 and 80. type: integer maxNodes: description: The maximum number of nodes for autoscaling. type: integer minNodes: description: The minimum number of nodes for autoscaling. type: integer storageTarget: description: The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters. type: integer required: - cpuTarget - maxNodes - minNodes type: object clusterId: description: The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers. type: string kmsKeyRef: description: |- Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key access to this encryption key. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object numNodes: description: The number of nodes in your Cloud Bigtable cluster. Required, with a minimum of 1 for each cluster in an instance. type: integer storageType: description: The storage type to use. One of "SSD" or "HDD". Defaults to "SSD". type: string zone: description: The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page. type: string required: - clusterId - zone type: object type: array deletionProtection: description: DEPRECATED. This field no longer serves any function and is intended to be dropped in a later version of the resource. type: boolean displayName: description: The human-readable display name of the Bigtable instance. Defaults to the instance name. type: string instanceType: description: DEPRECATED. It is recommended to leave this field unspecified since the distinction between "DEVELOPMENT" and "PRODUCTION" instances is going away, and all instances will become "PRODUCTION" instances. This means that new and existing "DEVELOPMENT" instances will be converted to "PRODUCTION" instances. It is recommended for users to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" instance is functionally identical to a "DEVELOPMENT" instance, but without the accompanying restrictions. The instance type to create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: bigtabletables.bigtable.cnrm.cloud.google.com spec: group: bigtable.cnrm.cloud.google.com names: categories: - gcp kind: BigtableTable plural: bigtabletables shortNames: - gcpbigtabletable - gcpbigtabletables singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: columnFamily: description: A group of columns within a table which share a common configuration. This can be specified multiple times. items: properties: family: description: The name of the column family. type: string required: - family type: object type: array deletionProtection: description: A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value. type: string instanceRef: description: The name of the Bigtable instance. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string splitKeys: items: type: string type: array required: - instanceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp kind: BillingBudgetsBudget plural: billingbudgetsbudgets shortNames: - gcpbillingbudgetsbudget - gcpbillingbudgetsbudgets singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: allUpdatesRule: description: Optional. Rules to apply to notifications sent based on budget spend and thresholds. properties: disableDefaultIamRecipients: description: Optional. When set to true, disables default notifications sent when a threshold is exceeded. Default notifications are sent to those with Billing Account Administrator and Billing Account User IAM roles for the target account. type: boolean monitoringNotificationChannels: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `MonitoringNotificationChannel` resource (format: `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array pubsubTopicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object schemaVersion: description: Optional. Required when NotificationsRule.pubsub_topic is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. Only "1.0" is accepted. It represents the JSON schema as defined in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. type: string type: object amount: description: Required. Budgeted amount. properties: lastPeriodAmount: description: Use the last period's actual spend as the budget for the present period. LastPeriodAmount can only be set when the budget's time period is a . type: object x-kubernetes-preserve-unknown-fields: true specifiedAmount: description: A specified amount to use as the budget. `currency_code` is optional. If specified when creating a budget, it must match the currency of the billing account. If specified when updating a budget, it must match the currency_code of the existing budget. The `currency_code` is provided on output. properties: currencyCode: description: Immutable. The three-letter currency code defined in ISO 4217. type: string nanos: description: Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. format: int64 type: integer units: description: The whole units of the amount. For example if `currencyCode` is `"USD"`, then 1 unit is one US dollar. format: int64 type: integer type: object type: object billingAccountRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The billing account of the resource Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: description: |- [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object budgetFilter: description: Optional. Filters that define which resources are used to compute the actual spend against the budget amount, such as projects, services, and the budget's time period, as well as other filters. properties: calendarPeriod: description: 'Optional. Specifies to track usage for recurring calendar period. For example, assume that CalendarPeriod.QUARTER is set. The budget will track usage from April 1 to June 30, when the current calendar month is April, May, June. After that, it will track usage from July 1 to September 30 when the current calendar month is July, August, September, so on. Possible values: CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' type: string creditTypes: description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, this is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values. If Filter.credit_types_treatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. items: type: string type: array creditTypesTreatment: description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. type: string customPeriod: description: Optional. Specifies to track usage from any start date (required) to any end date (optional). This time period is static, it does not recur. properties: endDate: description: Immutable. Optional. The end date of the time period. Budgets with elapsed end date won't be processed. If unset, specifies to track all usage incurred since the start_date. properties: day: description: Immutable. Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Immutable. Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Immutable. Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object startDate: description: Immutable. Required. The start date must be after January 1, 2017. properties: day: description: Immutable. Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Immutable. Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Immutable. Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object required: - startDate type: object labels: additionalProperties: properties: values: description: Immutable. The values of the label items: type: string type: array type: object description: Optional. A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. Currently, multiple entries or multiple values per entry are not allowed. If omitted, the report will include all labeled and unlabeled usage. type: object projects: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array services: description: 'Optional. A set of services of the form `services/{service_id}`, specifying that usage from only this set of services should be included in the budget. If omitted, the report will include usage for all the services. The service names are available through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' items: type: string type: array subaccounts: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: type: string name: description: |- [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object displayName: description: User data for display name in UI. The name must be less than or equal to 60 characters. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string thresholdRules: description: Optional. Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of the budget. items: properties: spendBasis: description: 'Optional. The type of basis used to determine if spend has passed the threshold. Behavior defaults to CURRENT_SPEND if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, FORECASTED_SPEND' type: string thresholdPercent: description: 'Required. Send an alert when this threshold is exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: non-negative number.' format: double type: number required: - thresholdPercent type: object type: array required: - amount - billingAccountRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: Optional. Etag to validate that the object is unchanged for a read-modify-write operation. An empty etag will cause an update to overwrite other changes. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com spec: group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp kind: BinaryAuthorizationAttestor plural: binaryauthorizationattestors shortNames: - gcpbinaryauthorizationattestor - gcpbinaryauthorizationattestors singular: binaryauthorizationattestor preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string userOwnedDrydockNote: description: This specifies how an attestation will be read, and how it will be used during policy enforcement. properties: noteRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publicKeys: description: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. items: properties: asciiArmoredPgpPublicKey: description: ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. type: string comment: description: Optional. A descriptive comment. This field may be updated. type: string id: description: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. type: string pkixPublicKey: description: 'A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.' properties: publicKeyPem: description: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 type: string signatureAlgorithm: description: 'The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' type: string type: object type: object type: array required: - noteRef type: object required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. Time when the attestor was last updated. format: date-time type: string userOwnedDrydockNote: properties: delegationServiceAccountEmail: description: Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. type: string type: object type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp kind: BinaryAuthorizationPolicy plural: binaryauthorizationpolicies shortNames: - gcpbinaryauthorizationpolicy - gcpbinaryauthorizationpolicies singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: admissionWhitelistPatterns: description: Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. items: properties: namePattern: description: An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` as a wildcard, but this is allowed only in text after the `registry/` part. type: string type: object type: array clusterAdmissionRules: additionalProperties: properties: enforcementMode: description: 'Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string evaluationMode: description: 'Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string requireAttestationsBy: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - enforcementMode - evaluationMode type: object description: 'Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' type: object defaultAdmissionRule: description: Required. Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule. properties: enforcementMode: description: 'Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string evaluationMode: description: 'Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string requireAttestationsBy: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - enforcementMode - evaluationMode type: object description: description: Optional. A descriptive comment. type: string globalPolicyEvaluationMode: description: 'Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, ENABLE, DISABLE' type: string istioServiceIdentityAdmissionRules: additionalProperties: properties: enforcementMode: description: 'Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string evaluationMode: description: 'Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string requireAttestationsBy: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - enforcementMode - evaluationMode type: object description: 'Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default' type: object kubernetesNamespaceAdmissionRules: additionalProperties: properties: enforcementMode: description: 'Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string evaluationMode: description: 'Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string requireAttestationsBy: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - enforcementMode - evaluationMode type: object description: 'Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' type: object kubernetesServiceAccountAdmissionRules: additionalProperties: properties: enforcementMode: description: 'Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string evaluationMode: description: 'Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string requireAttestationsBy: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - enforcementMode - evaluationMode type: object description: 'Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project of the resource. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - defaultAdmissionRule - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project. type: string updateTime: description: Output only. Time when the policy was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp kind: CertificateManagerCertificateMapEntry plural: certificatemanagercertificatemapentries shortNames: - gcpcertificatemanagercertificatemapentry - gcpcertificatemanagercertificatemapentries singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: certificates: description: |- A set of Certificates defines for the given hostname. There can be defined up to fifteen certificates in each Certificate Map Entry. Each certificate must match pattern projects/*/locations/*/certificates/*. items: type: string type: array description: description: A human-readable description of the resource. type: string hostname: description: |- Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for selecting a proper certificate. type: string map: description: Immutable. A map entry that is inputted into the cetrificate map. type: string matcher: description: Immutable. A predefined matcher for particular cases, other than SNI selection. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - certificates - map - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: A serving state of this Certificate Map Entry. type: string updateTime: description: |- Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com spec: group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp kind: CertificateManagerCertificateMap plural: certificatemanagercertificatemaps shortNames: - gcpcertificatemanagercertificatemap - gcpcertificatemanagercertificatemaps singular: certificatemanagercertificatemap preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description of the resource. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string gclbTargets: description: A list of target proxies that use this Certificate Map. items: properties: ipConfigs: description: An IP configuration where this Certificate Map is serving. items: properties: ipAddress: description: An external IP address. type: string ports: description: A list of ports. items: type: integer type: array type: object type: array targetHttpsProxy: description: |- Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or 'targetSslProxy' may be set. type: string targetSslProxy: description: |- Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or 'targetSslProxy' may be set. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: |- Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, accurate to nanoseconds with up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com spec: group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp kind: CertificateManagerCertificate plural: certificatemanagercertificates shortNames: - gcpcertificatemanagercertificate - gcpcertificatemanagercertificates singular: certificatemanagercertificate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description of the resource. type: string location: description: The Certificate Manager location. If not specified, "global" is used. type: string managed: description: |- Immutable. Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. properties: authorizationAttemptInfo: description: |- Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. items: properties: details: description: |- Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string domain: description: Domain name of the authorization attempt. type: string failureReason: description: Reason for failure of the authorization attempt for the domain. type: string state: description: State of the domain for managed certificate issuance. type: string type: object type: array dnsAuthorizations: description: Immutable. Authorizations that will be used for performing domain authorization. items: type: string type: array domains: description: |- Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution. items: type: string type: array provisioningIssue: description: Information about issues with provisioning this Managed Certificate. items: properties: details: description: |- Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use 'reason' field. type: string reason: description: Reason for provisioning failures. type: string type: object type: array state: description: A state of this Managed Certificate. type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string scope: description: |- Immutable. The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates. type: string selfManaged: description: |- Immutable. Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. properties: certificatePem: description: |- DEPRECATED. Deprecated in favor of `pem_certificate`. Immutable. **Deprecated** The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object pemCertificate: description: |- Immutable. The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. type: string pemPrivateKey: description: Immutable. The private key of the leaf certificate in PEM-encoded form. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object privateKeyPem: description: DEPRECATED. Deprecated in favor of `pem_private_key`. Immutable. **Deprecated** The private key of the leaf certificate in PEM-encoded form. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object type: object required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com spec: group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp kind: CertificateManagerDNSAuthorization plural: certificatemanagerdnsauthorizations shortNames: - gcpcertificatemanagerdnsauthorization - gcpcertificatemanagerdnsauthorizations singular: certificatemanagerdnsauthorization preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description of the resource. type: string domain: description: |- Immutable. A domain which is being authorized. A DnsAuthorization resource covers a single domain and its wildcard, e.g. authorization for "example.com" can be used to issue certificates for "example.com" and "*.example.com". type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - domain - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array dnsResourceRecord: description: |- The structure describing the DNS Resource Record that needs to be added to DNS configuration for the authorization to be usable by certificate. items: properties: data: description: Data of the DNS Resource Record. type: string name: description: |- Fully qualified name of the DNS Resource Record. E.g. '_acme-challenge.example.com'. type: string type: description: Type of the DNS Resource Record. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com spec: group: cloudasset.cnrm.cloud.google.com names: categories: - gcp kind: CloudAssetFolderFeed plural: cloudassetfolderfeeds shortNames: - gcpcloudassetfolderfeed - gcpcloudassetfolderfeeds singular: cloudassetfolderfeed preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: assetNames: description: |- A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. items: type: string type: array assetTypes: description: |- A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types. items: type: string type: array billingProject: description: |- Immutable. The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing. type: string condition: description: |- A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, expression field must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of condition are optional. properties: description: description: |- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: |- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: |- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string required: - expression type: object contentType: description: 'Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string feedId: description: Immutable. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. type: string feedOutputConfig: description: Output configuration for asset feed destination. properties: pubsubDestination: description: Destination on Cloud Pubsub. properties: topic: description: Destination on Cloud Pubsub topic. type: string required: - topic type: object required: - pubsubDestination type: object folder: description: Immutable. The folder this feed should be created in. type: string folderRef: description: The folder that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - billingProject - feedId - feedOutputConfig - folder - folderRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array folderId: description: |- The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] and folders/[FOLDER_NUMBER] are accepted. type: string name: description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: group: cloudasset.cnrm.cloud.google.com names: categories: - gcp kind: CloudAssetOrganizationFeed plural: cloudassetorganizationfeeds shortNames: - gcpcloudassetorganizationfeed - gcpcloudassetorganizationfeeds singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: assetNames: description: |- A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. items: type: string type: array assetTypes: description: |- A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types. items: type: string type: array billingProject: description: |- Immutable. The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing. type: string condition: description: |- A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, expression field must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of condition are optional. properties: description: description: |- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: |- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: |- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string required: - expression type: object contentType: description: 'Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string feedId: description: Immutable. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. type: string feedOutputConfig: description: Output configuration for asset feed destination. properties: pubsubDestination: description: Destination on Cloud Pubsub. properties: topic: description: Destination on Cloud Pubsub topic. type: string required: - topic type: object required: - pubsubDestination type: object organizationRef: description: The organization that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - billingProject - feedId - feedOutputConfig - organizationRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com spec: group: cloudasset.cnrm.cloud.google.com names: categories: - gcp kind: CloudAssetProjectFeed plural: cloudassetprojectfeeds shortNames: - gcpcloudassetprojectfeed - gcpcloudassetprojectfeeds singular: cloudassetprojectfeed preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: assetNames: description: |- A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. items: type: string type: array assetTypes: description: |- A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types. items: type: string type: array billingProject: description: |- Immutable. The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing. If not specified, the resource's project will be used. type: string condition: description: |- A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, expression field must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of condition are optional. properties: description: description: |- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: |- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: |- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string required: - expression type: object contentType: description: 'Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string feedId: description: Immutable. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. type: string feedOutputConfig: description: Output configuration for asset feed destination. properties: pubsubDestination: description: Destination on Cloud Pubsub. properties: topic: description: Destination on Cloud Pubsub topic. type: string required: - topic type: object required: - pubsubDestination type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - feedId - feedOutputConfig - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp kind: CloudBuildTrigger plural: cloudbuildtriggers shortNames: - gcpcloudbuildtrigger - gcpcloudbuildtriggers singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: approvalConfig: description: |- Configuration for manual approval to start a build invocation of this BuildTrigger. Builds created by this trigger will require approval before they execute. Any user with a Cloud Build Approver role for the project can approve a build. properties: approvalRequired: description: |- Whether or not approval is needed. If this is set on a build, it will become pending when run, and will need to be explicitly approved to start. type: boolean type: object bitbucketServerTriggerConfig: description: BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received. properties: bitbucketServerConfigResourceRef: description: |- Only `external` field is supported to configure the reference. The full resource name of the bitbucket server config. Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectKey: description: 'Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is "TEST".' type: string pullRequest: description: Filter to match changes in pull requests. properties: branch: description: |- Regex of branches to match. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string commentControl: description: 'Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' type: string invertRegex: description: If true, branches that do NOT match the git_ref will trigger a build. type: boolean required: - branch type: object push: description: Filter to match changes in refs like branches, tags. properties: branch: description: Regex of branches to match. Specify only one of branch or tag. type: string invertRegex: description: When true, only trigger a build if the revision regex does NOT match the gitRef regex. type: boolean tag: description: Regex of tags to match. Specify only one of branch or tag. type: string type: object repoSlug: description: |- Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string required: - bitbucketServerConfigResourceRef - projectKey - repoSlug type: object build: description: Contents of the build template. Either a filename or build template must be provided. properties: artifacts: description: Artifacts produced by the build that should be uploaded upon successful completion of all build steps. properties: images: description: |- A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE. items: type: string type: array objects: description: |- A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE. properties: location: description: |- Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix. type: string paths: description: Path globs used to match files in the build's workspace. items: type: string type: array timing: description: Output only. Stores timing information for pushing all artifact objects. items: properties: endTime: description: |- End of time span. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string startTime: description: |- Start of time span. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object type: array type: object type: object availableSecrets: description: Secrets and secret environment variables. properties: secretManager: description: Pairs a secret environment variable with a SecretVersion in Secret Manager. items: properties: env: description: |- Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. type: string versionRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SecretManagerSecretVersion` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - env - versionRef type: object type: array required: - secretManager type: object images: description: |- A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE. items: type: string type: array logsBucketRef: description: |- Google Cloud Storage bucket where logs should be written. Logs file names will be of the format ${logsBucket}/log-${build_id}.txt. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `url` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object options: description: Special options for this build. properties: diskSizeGb: description: |- Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 1000GB; builds that request more than the maximum are rejected with an error. type: integer dynamicSubstitutions: description: |- Option to specify whether or not to apply bash style string operations to the substitutions. NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. type: boolean env: description: |- A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". items: type: string type: array logStreamingOption: description: 'Option to define build log streaming behavior to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", "STREAM_ON", "STREAM_OFF"].' type: string logging: description: 'Option to specify the logging mode, which determines if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", "NONE"].' type: string machineType: description: 'Compute Engine machine type on which to run the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' type: string requestedVerifyOption: description: 'Requested verifiability options. Possible values: ["NOT_VERIFIED", "VERIFIED"].' type: string secretEnv: description: |- A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's Secret. These variables will be available to all build steps in this build. items: type: string type: array sourceProvenanceHash: description: 'Requested hash for SourceProvenance. Possible values: ["NONE", "SHA256", "MD5"].' items: type: string type: array substitutionOption: description: |- Option to specify behavior when there is an error in the substitution checks. NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. type: string volumes: description: |- Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration. items: properties: name: description: |- Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps. type: string path: description: |- Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths. type: string type: object type: array workerPool: description: |- Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} This field is experimental. type: string type: object queueTtl: description: |- TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be EXPIRED. The TTL starts ticking from createTime. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string secret: description: Secrets to decrypt using Cloud Key Management Service. items: properties: kmsKeyRef: description: KMS crypto key to use to decrypt these envs. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object secretEnv: additionalProperties: type: string description: |- Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets. type: object required: - kmsKeyRef type: object type: array source: description: |- The location of the source files to build. One of 'storageSource' or 'repoSource' must be provided. properties: repoSource: description: Location of the source in a Google Cloud Source Repository. properties: branchName: description: |- Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string commitSha: description: Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided. type: string dir: description: |- Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution. type: string invertRegex: description: Only trigger a build if the revision regex does NOT match the revision regex. type: boolean projectId: description: |- ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed. type: string repoRef: description: |- The desired Cloud Source Repository. If omitted, "default" is assumed. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SourceRepoRepository` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object substitutions: additionalProperties: type: string description: Substitutions to use in a triggered build. Should only be used with triggers.run. type: object tagName: description: |- Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string required: - repoRef type: object storageSource: description: Location of the source in an archive file in Google Cloud Storage. properties: bucketRef: description: Google Cloud Storage bucket containing the source. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object generation: description: |- Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used. type: string object: description: |- Google Cloud Storage object containing the source. This object must be a gzipped archive file (.tar.gz) containing source to build. type: string required: - bucketRef - object type: object type: object step: description: The operations to be performed on the workspace. items: properties: allowExitCodes: description: |- Allow this build step to fail without failing the entire build if and only if the exit code is one of the specified codes. If 'allowFailure' is also specified, this field will take precedence. items: type: integer type: array allowFailure: description: |- Allow this build step to fail without failing the entire build. If false, the entire build will fail if this step fails. Otherwise, the build will succeed, but this step will still have a failure status. Error information will be reported in the 'failureDetail' field. 'allowExitCodes' takes precedence over this field. type: boolean args: description: |- A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the args are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments. items: type: string type: array dir: description: |- Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a 'volume' for that path is specified. If the build specifies a 'RepoSource' with 'dir' and a step with a 'dir', which specifies an absolute path, the 'RepoSource' 'dir' is ignored for the step's execution. type: string entrypoint: description: |- Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used. type: string env: description: |- A list of environment variable definitions to be used when running a step. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". items: type: string type: array id: description: |- Unique identifier for this build step, used in 'wait_for' to reference this build step as a dependency. type: string name: description: |- The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders for images and examples). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step. type: string script: description: |- A shell script to be executed in the step. When script is provided, the user cannot specify the entrypoint or args. type: string secretEnv: description: |- A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's 'Secret'. items: type: string type: array timeout: description: |- Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out. type: string timing: description: |- Output only. Stores timing information for executing this build step. type: string volumes: description: |- List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration. items: properties: name: description: |- Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps. type: string path: description: |- Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths. type: string required: - name - path type: object type: array waitFor: description: |- The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in 'wait_for' have completed successfully. If 'wait_for' is empty, this build step will start when all previous build steps in the 'Build.Steps' list have completed successfully. items: type: string type: array required: - name type: object type: array substitutions: additionalProperties: type: string description: Substitutions data for Build resource. type: object tags: description: Tags for annotation of a Build. These are not docker tags. items: type: string type: array timeout: description: |- Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s). type: string required: - step type: object description: description: Human-readable description of the trigger. type: string disabled: description: Whether the trigger is disabled or not. If true, the trigger will never result in a build. type: boolean filename: description: |- Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided. Set this only when using trigger_template or github. When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. type: string filter: description: A Common Expression Language string. Used only with Pub/Sub and Webhook. type: string gitFileSource: description: The file source describing the local or remote Build template. properties: githubEnterpriseConfigRef: description: |- Only `external` field is supported to configure the reference. The full resource name of the github enterprise config. Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object path: description: The path of the file, with the repo root as the root of the path. type: string repoType: description: |- The type of the repo, since it may not be explicit from the repo field (e.g from a URL). Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. type: string repositoryRef: description: |- Only `external` field is supported to configure the reference. The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository. If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object revision: description: |- The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. type: string uri: description: |- The URI of the repo (optional). If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path. type: string required: - path - repoType type: object github: description: |- Describes the configuration of a trigger that creates a build whenever a GitHub event is received. One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. properties: enterpriseConfigResourceNameRef: description: |- Only `external` field is supported to configure the reference. The full resource name of the github enterprise config. Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object name: description: |- Name of the repository. For example: The name for https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string owner: description: |- Owner of the repository. For example: The owner for https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". type: string pullRequest: description: filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'. properties: branch: description: Regex of branches to match. type: string commentControl: description: 'Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. Possible values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' type: string invertRegex: description: If true, branches that do NOT match the git_ref will trigger a build. type: boolean required: - branch type: object push: description: filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'. properties: branch: description: Regex of branches to match. Specify only one of branch or tag. type: string invertRegex: description: When true, only trigger a build if the revision regex does NOT match the git_ref regex. type: boolean tag: description: Regex of tags to match. Specify only one of branch or tag. type: string type: object type: object ignoredFiles: description: |- ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for '**'. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build. items: type: string type: array includeBuildLogs: description: |- Build logs will be sent back to GitHub as part of the checkrun result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. type: string includedFiles: description: |- ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for '**'. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build. items: type: string type: array location: description: |- Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. If not specified, "global" is used. type: string pubsubConfig: description: |- PubsubConfig describes the configuration of a trigger that creates a build whenever a Pub/Sub message is published. One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. properties: serviceAccountRef: description: Service account that will make the push request. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object state: description: |- Potential issues with the underlying Pub/Sub subscription configuration. Only populated on get requests. type: string subscription: description: Output only. Name of the subscription. type: string topicRef: description: |- The name of the topic from which this subscription is receiving messages. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - topicRef type: object repositoryEventConfig: description: The configuration of a trigger that creates a build whenever an event from Repo API is received. properties: pullRequest: description: Contains filter properties for matching Pull Requests. properties: branch: description: |- Regex of branches to match. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string commentControl: description: 'Configure builds to run whether a repository owner or collaborator need to comment ''/gcbrun''. Possible values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' type: string invertRegex: description: If true, branches that do NOT match the git_ref will trigger a build. type: boolean type: object push: description: Contains filter properties for matching git pushes. properties: branch: description: |- Regex of branches to match. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string invertRegex: description: If true, only trigger a build if the revision regex does NOT match the git_ref regex. type: boolean tag: description: |- Regex of tags to match. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. type: string type: object repository: description: The resource name of the Repo API resource. type: string type: object serviceAccountRef: description: |- The service account used for all user-controlled operations including triggers.patch, triggers.run, builds.create, and builds.cancel. If no service account is set, then the standard Cloud Build service account ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. When populating via the external field, the following format is supported: projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceToBuild: description: |- The repo and ref of the repository from which to build. This field is used only for those triggers that do not respond to SCM events. Triggers that respond to such events build source at whatever commit caused the event. This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. properties: githubEnterpriseConfigRef: description: |- Only `external` field is supported to configure the reference. The full resource name of the github enterprise config. Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object ref: description: The branch or tag to use. Must start with "refs/" (required). type: string repoType: description: |- The type of the repo, since it may not be explicit from the repo field (e.g from a URL). Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. type: string repositoryRef: description: |- Only `external` field is supported to configure the reference. The qualified resource name of the Repo API repository. Either uri or repository can be specified and is required. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object uri: description: The URI of the repo. type: string required: - ref - repoType type: object substitutions: additionalProperties: type: string description: Substitutions data for Build resource. type: object tags: description: Tags for annotation of a BuildTrigger. items: type: string type: array triggerTemplate: description: |- Template describing the types of source changes to trigger a build. Branch and tag names in trigger templates are interpreted as regular expressions. Any branch or tag change that matches that regular expression will trigger a build. One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. properties: branchName: description: |- Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. This field is a regular expression. type: string commitSha: description: Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided. type: string dir: description: |- Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution. type: string invertRegex: description: Only trigger a build if the revision regex does NOT match the revision regex. type: boolean repoRef: description: |- The Cloud Source Repository to build. If omitted, the repo with name "default" is assumed. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SourceRepoRepository` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tagName: description: |- Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. This field is a regular expression. type: string type: object webhookConfig: description: |- WebhookConfig describes the configuration of a trigger that creates a build whenever a webhook is sent to a trigger's webhook URL. One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. properties: secretRef: description: The secret required oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object state: description: |- Potential issues with the underlying Pub/Sub subscription configuration. Only populated on get requests. type: string required: - secretRef type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time when the trigger was created. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer triggerId: description: The unique identifier for the trigger. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp kind: CloudFunctions2Function plural: cloudfunctions2functions shortNames: - gcpcloudfunctions2function - gcpcloudfunctions2functions singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: buildConfig: description: |- Describes the Build step of the function that builds a container from the given source. properties: build: description: |- The Cloud Build name of the latest successful deployment of the function. type: string dockerRepository: description: User managed repository created in Artifact Registry optionally with a customer managed encryption key. type: string entryPoint: description: |- The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location. type: string environmentVariables: additionalProperties: type: string description: User-provided build-time environment variables for the function. type: object runtime: description: |- The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. type: string source: description: The location of the function source code. properties: repoSource: description: If provided, get the source from this location in a Cloud Source Repository. properties: branchName: description: Regex matching branches to build. type: string commitSha: description: Regex matching tags to build. type: string dir: description: Directory, relative to the source root, in which to run the build. type: string invertRegex: description: |- Only trigger a build if the revision regex does NOT match the revision regex. type: boolean projectId: description: |- Immutable. ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed. type: string repoName: description: Name of the Cloud Source Repository. type: string tagName: description: Regex matching tags to build. type: string type: object storageSource: description: If provided, get the source from this location in Google Cloud Storage. properties: bucket: description: Google Cloud Storage bucket containing the source. type: string generation: description: |- Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used. type: integer object: description: Google Cloud Storage object containing the source. type: string type: object type: object workerPool: description: Name of the Cloud Build Custom Worker Pool that should be used to build the function. type: string type: object description: description: User-provided description of a function. type: string eventTrigger: description: |- An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. properties: eventFilters: description: Criteria used to filter events. items: properties: attribute: description: |- 'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. type: string operator: description: |- Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is 'match-path-pattern'. [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. type: string value: description: |- Required. The value for the attribute. If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. type: string required: - attribute - value type: object type: array eventType: description: Required. The type of event to observe. type: string pubsubTopic: description: |- The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery. type: string retryPolicy: description: |- Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. type: string serviceAccountEmail: description: The email of the service account for this function. type: string trigger: description: Output only. The resource name of the Eventarc trigger. type: string triggerRegion: description: |- The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function. type: string type: object location: description: Immutable. The location of this cloud function. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceConfig: description: Describes the Service being deployed. properties: allTrafficOnLatestRevision: description: Whether 100% of traffic is routed to the latest revision. Defaults to true. type: boolean availableCpu: description: The number of CPUs used in a single container instance. Default value is calculated from available memory. type: string availableMemory: description: |- The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes. type: string environmentVariables: additionalProperties: type: string description: Environment variables that shall be available during function execution. type: object gcfUri: description: URIs of the Service deployed. type: string ingressSettings: description: 'Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value: "ALLOW_ALL" Possible values: ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' type: string maxInstanceCount: description: |- The limit on the maximum number of function instances that may coexist at a given time. type: integer maxInstanceRequestConcurrency: description: Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1. type: integer minInstanceCount: description: |- The limit on the minimum number of function instances that may coexist at a given time. type: integer secretEnvironmentVariables: description: Secret environment variables configuration. items: properties: key: description: Name of the environment variable. type: string projectId: description: Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. type: string secret: description: Name of the secret in secret manager (not the full resource name). type: string version: description: Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start. type: string required: - key - projectId - secret - version type: object type: array secretVolumes: description: Secret volumes configuration. items: properties: mountPath: description: 'The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets.' type: string projectId: description: Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. type: string secret: description: Name of the secret in secret manager (not the full resource name). type: string versions: description: List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'. items: properties: path: description: Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo. type: string version: description: Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately. type: string required: - path - version type: object type: array required: - mountPath - projectId - secret type: object type: array service: description: Name of the service associated with a Function. type: string serviceAccountEmail: description: The email of the service account for this function. type: string timeoutSeconds: description: |- The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds. type: integer uri: description: URI of the Service deployed. type: string vpcConnector: description: The Serverless VPC Access connector that this cloud function can connect to. type: string vpcConnectorEgressSettings: description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' type: string type: object required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array environment: description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: Describes the current state of the function. type: string updateTime: description: The last update timestamp of a Cloud Function. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp kind: CloudFunctionsFunction plural: cloudfunctionsfunctions shortNames: - gcpcloudfunctionsfunction - gcpcloudfunctionsfunctions singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: availableMemoryMb: description: 'Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' format: int64 type: integer description: description: User-provided description of a function. type: string entryPoint: description: |- Immutable. The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`. type: string environmentVariables: additionalProperties: type: string description: Environment variables that shall be available during function execution. type: object eventTrigger: description: Immutable. A source that fires events in response to a condition in another service. properties: eventType: description: |- Immutable. Required. The type of event to observe. For example: `providers/cloud.storage/eventTypes/object.change` and `providers/cloud.pubsub/eventTypes/topic.publish`. Event types match pattern `providers/*/eventTypes/*.*`. The pattern contains: 1. namespace: For example, `cloud.storage` and `google.firebase.analytics`. 2. resource type: The type of resource on which event occurs. For example, the Google Cloud Storage API includes the type `object`. 3. action: The action that generates the event. For example, action for a Google Cloud Storage Object is 'change'. These parts are lower case. type: string failurePolicy: description: Immutable. Specifies policy for failed executions. type: boolean resourceRef: description: Immutable. oneOf: - not: required: - external required: - name - kind - not: anyOf: - required: - name - required: - namespace - required: - kind required: - external properties: external: description: |- Required. The resource(s) from which to observe events, for example, `projects/_/buckets/myBucket`. Not all syntactically correct values are accepted by all services. For example: 1. The authorization model must support it. Google Cloud Functions only allows EventTriggers to be deployed that observe resources in the same project as the `Function`. 2. The resource type must match the pattern expected for an `event_type`. For example, an `EventTrigger` that has an `event_type` of "google.pubsub.topic.publish" should have a resource that matches Google Cloud Pub/Sub topics. Additionally, some services may support short names when creating an `EventTrigger`. These will always be returned in the normalized "long" format. See each *service's* documentation for supported formats. Allowed values: * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). type: string kind: description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object service: description: |- Immutable. The hostname of the service that should be observed. If no string is provided, the default service implementing the API will be used. For example, `storage.googleapis.com` is the default for all event types in the `google.storage` namespace. type: string required: - eventType - resourceRef type: object httpsTrigger: description: Immutable. An HTTPS endpoint type of source that can be triggered via URL. properties: securityLevel: description: 'Immutable. Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, SECURE_ALWAYS, SECURE_OPTIONAL' type: string type: object ingressSettings: description: |- The ingress settings for the function, controlling what traffic can reach it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB type: string maxInstances: description: |- The limit on the maximum number of function instances that may coexist at a given time. format: int64 type: integer projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project id of the function. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The name of the Cloud Functions region of the function. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: description: | The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. For a complete list of possible choices, see the [`gcloud` command reference](/sdk/gcloud/reference/functions/deploy#--runtime). type: string serviceAccountRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The email of the function's service account. If empty, defaults to `{project_id}@appspot.gserviceaccount.com`. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceArchiveUrl: description: Immutable. The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function. type: string sourceRepository: description: Immutable. Represents parameters related to source repository where a function is hosted. properties: url: description: |- Immutable. The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats: To refer to a specific commit: `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` To refer to a moveable alias (branch): `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` In particular, to refer to HEAD use `master` moveable alias. To refer to a specific fixed alias (tag): `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` You may omit `paths/*` if you want to use the main directory. type: string required: - url type: object timeout: description: |- The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds. type: string vpcConnectorEgressSettings: description: |- The egress settings for the connector, controlling what traffic is diverted through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string vpcConnectorRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is `projects/*/locations/*/connectors/*` Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - projectRef - region - runtime type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array httpsTrigger: properties: url: description: Output only. The deployed url for the function. type: string type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer sourceRepository: properties: deployedUrl: description: |- Output only. The URL pointing to the hosted repository where the function were defined at the time of deployment. It always points to a specific commit in the format described above. type: string type: object status: description: 'Output only. Status of the function deployment. Possible values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, DELETE_IN_PROGRESS, UNKNOWN' type: string updateTime: description: Output only. The last update timestamp of a Cloud Function in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits. type: string versionId: description: |- Output only. The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created. format: int64 type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp kind: CloudIdentityGroup plural: cloudidentitygroups shortNames: - gcpcloudidentitygroup - gcpcloudidentitygroups singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- An extended description to help users determine the purpose of a Group. Must not be longer than 4,096 characters. type: string displayName: description: The display name of the Group. type: string groupKey: description: Immutable. EntityKey of the Group. properties: id: description: |- Immutable. The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace. type: string namespace: description: |- Immutable. The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of 'identitysources/{identity_source_id}'. type: string required: - id type: object initialGroupConfig: description: |- Immutable. The initial configuration options for creating a Group. See the [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string labels: additionalProperties: type: string description: |- One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object parent: description: |- Immutable. The resource name of the entity under which this Group resides in the Cloud Identity resource hierarchy. Must be of the form identitysources/{identity_source_id} for external-identity-mapped groups or customers/{customer_id} for Google Groups. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - groupKey - labels - parent type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time when the Group was created. type: string name: description: |- Resource name of the Group in the format: groups/{group_id}, where group_id is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The time when the Group was last updated. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp kind: CloudIdentityMembership plural: cloudidentitymemberships shortNames: - gcpcloudidentitymembership - gcpcloudidentitymemberships singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: groupRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The group for the resource Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object memberKey: description: Immutable. The `EntityKey` of the member. Either `member_key` or `preferred_member_key` must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned. properties: id: description: The ID of the entity. For Google-managed entities, the `id` must be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`. type: string namespace: description: The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`. type: string type: object preferredMemberKey: description: Immutable. Required. Immutable. The `EntityKey` of the member. properties: id: description: Immutable. The ID of the entity. For Google-managed entities, the `id` must be the email address of a group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`. type: string namespace: description: Immutable. The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`. type: string required: - id type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string roles: description: The `MembershipRole`s that apply to the `Membership`. If unspecified, defaults to a single `MembershipRole` with `name` `MEMBER`. Must not contain duplicate `MembershipRole`s with the same `name`. items: properties: expiryDetail: description: The expiry details of the `MembershipRole`. Expiry details are only supported for `MEMBER` `MembershipRoles`. May be set if `name` is `MEMBER`. Must not be set if `name` is any other value. properties: expireTime: description: The time at which the `MembershipRole` will expire. format: date-time type: string type: object name: type: string restrictionEvaluations: description: Evaluations of restrictions applied to parent group on this membership. properties: memberRestrictionEvaluation: description: Evaluation of the member restriction applied to this membership. Empty if the user lacks permission to view the restriction evaluation. properties: state: description: 'Output only. The current state of the restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' type: string type: object type: object required: - name type: object type: array required: - groupRef - preferredMemberKey - roles type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time when the `Membership` was created. format: date-time type: string deliverySetting: description: 'Output only. Delivery setting associated with the membership. Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, DAILY, NONE, DISABLED' type: string displayName: description: Output only. The display name of this member, if available properties: familyName: description: Output only. Member's family name type: string fullName: description: Output only. Localized UTF-16 full name for the member. Localization is done based on the language in the request and the language of the stored display name. type: string givenName: description: Output only. Member's given name type: string type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: description: 'Output only. The type of the membership. Possible values: OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string updateTime: description: Output only. The time when the `Membership` was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: group: cloudids.cnrm.cloud.google.com names: categories: - gcp kind: CloudIDSEndpoint plural: cloudidsendpoints shortNames: - gcpcloudidsendpoint - gcpcloudidsendpoints singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of the endpoint. type: string location: description: Immutable. The location for the endpoint. type: string network: description: Immutable. Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string severity: description: 'Immutable. The minimum alert severity level that is reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"].' type: string threatExceptions: description: 'Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.' items: type: string type: array required: - location - network - projectRef - severity type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Creation timestamp in RFC 3339 text format. type: string endpointForwardingRule: description: URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring. type: string endpointIp: description: Internal IP address of the endpoint's network entry point. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Last update timestamp in RFC 3339 text format. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: group: cloudiot.cnrm.cloud.google.com names: categories: - gcp kind: CloudIOTDevice plural: cloudiotdevices shortNames: - gcpcloudiotdevice - gcpcloudiotdevices singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: blocked: description: If a device is blocked, connections or requests from this device will fail. type: boolean credentials: description: The credentials used to authenticate this device. items: properties: expirationTime: description: The time at which this credential becomes invalid. type: string publicKey: description: A public key used to verify the signature of JSON Web Tokens (JWTs). properties: format: description: 'The format of the key. Possible values: ["RSA_PEM", "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' type: string key: description: The key data. type: string required: - format - key type: object required: - publicKey type: object type: array gatewayConfig: description: Gateway-related configuration and state. properties: gatewayAuthMethod: description: 'Indicates whether the device is a gateway. Possible values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string gatewayType: description: 'Immutable. Indicates whether the device is a gateway. Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string lastAccessedGatewayId: description: The ID of the gateway the device accessed most recently. type: string lastAccessedGatewayTime: description: The most recent time at which the device accessed the gateway specified in last_accessed_gateway. type: string type: object logLevel: description: 'The logging verbosity for device activity. Possible values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string metadata: additionalProperties: type: string description: The metadata key-value pairs assigned to the device. type: object registry: description: Immutable. The name of the device registry where this device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - registry type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array config: description: The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. items: properties: binaryData: description: The device configuration data. type: string cloudUpdateTime: description: The time at which this configuration version was updated in Cloud IoT Core. type: string deviceAckTime: description: |- The time at which Cloud IoT Core received the acknowledgment from the device, indicating that the device has received this configuration version. type: string version: description: The version of this update. type: string type: object type: array lastConfigAckTime: description: The last time a cloud-to-device config version acknowledgment was received from the device. type: string lastConfigSendTime: description: The last time a cloud-to-device config version was sent to the device. type: string lastErrorStatus: description: The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. items: properties: details: description: A list of messages that carry the error details. items: type: object x-kubernetes-preserve-unknown-fields: true type: array message: description: A developer-facing error message, which should be in English. type: string number: description: The status code, which should be an enum value of google.rpc.Code. type: integer type: object type: array lastErrorTime: description: The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub. type: string lastEventTime: description: The last time a telemetry event was received. type: string lastHeartbeatTime: description: The last time an MQTT PINGREQ was received. type: string lastStateTime: description: The last time a state event was received. type: string numId: description: |- A server-defined unique numeric ID for the device. This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: The state most recently received from the device. items: properties: binaryData: description: The device state data. type: string updateTime: description: The time at which this state version was updated in Cloud IoT Core. type: string type: object type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp kind: CloudSchedulerJob plural: cloudschedulerjobs shortNames: - gcpcloudschedulerjob - gcpcloudschedulerjobs singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: appEngineHttpTarget: description: App Engine HTTP target. properties: appEngineRouting: description: App Engine Routing setting for the job. properties: instance: description: App instance. By default, the job is sent to an instance which is available when the job is attempted. Requests can only be sent to a specific instance if [manual scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). App Engine Flex does not support instances. For more information, see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string service: description: App service. By default, the job is sent to the service which is the default service when the job is attempted. type: string version: description: App version. By default, the job is sent to the version which is the default version when the job is attempted. type: string type: object body: description: Body. HTTP request body. A request body is allowed only if the HTTP method is POST or PUT. It will result in invalid argument error to set a body on a job with an incompatible HttpMethod. type: string headers: additionalProperties: type: string description: 'HTTP request headers. This map contains the header field names and values. Headers can be set when the job is created. Cloud Scheduler sets some headers to default values: * `User-Agent`: By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. This header can be modified, but Cloud Scheduler will append `"App Engine-Google; (+http://code.google.com/appengine)"` to the modified `User-Agent`. * `X-CloudScheduler`: This header will be set to true. The headers below are output only. They cannot be set or overridden: * `X-Google-*`: For Google internal use only. * `X-App Engine-*`: For Google internal use only. In addition, some App Engine headers, which contain job-specific information, are also be sent to the job handler.' type: object httpMethod: description: 'The HTTP method to use for the request. PATCH and OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' type: string relativeUri: description: The relative URI. The relative URL must begin with "/" and must be a valid HTTP relative URL. It can contain a path, query string arguments, and `#` fragments. If the relative URL is empty, then the root path "/" will be used. No spaces are allowed, and the maximum length allowed is 2083 characters. type: string type: object attemptDeadline: description: 'The deadline for job attempts. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. The allowed duration for this deadline is: * For HTTP targets, between 15 seconds and 30 minutes. * For App Engine HTTP targets, between 15 seconds and 24 hours.' type: string description: description: Optionally caller-specified in CreateJob or UpdateJob. A human-readable description for the job. This string must not contain more than 500 characters. type: string httpTarget: description: HTTP target. properties: body: description: HTTP request body. A request body is allowed only if the HTTP method is POST, PUT, or PATCH. It is an error to set body on a job with an incompatible HttpMethod. type: string headers: additionalProperties: type: string description: 'The user can specify HTTP request headers to send with the job''s HTTP request. This map contains the header field names and values. Repeated headers are not supported, but a header value can contain commas. These headers represent a subset of the headers that will accompany the job''s HTTP request. Some HTTP request headers will be ignored or replaced. A partial list of headers that will be ignored or replaced is below: - Host: This will be computed by Cloud Scheduler and derived from uri. * `Content-Length`: This will be computed by Cloud Scheduler. * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. * `X-Google-*`: Google internal use only. * `X-appengine-*`: Google internal use only. The total size of headers must be less than 80KB.' type: object httpMethod: description: 'Which HTTP method to use for the request. Possible values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' type: string oauthToken: description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) will be generated and attached as an `Authorization` header in the HTTP request. This type of authorization should generally only be used when calling Google APIs hosted on *.googleapis.com. properties: scope: description: OAuth scope to be used for generating OAuth access token. If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object oidcToken: description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) token will be generated and attached as an `Authorization` header in the HTTP request. This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. properties: audience: description: Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object uri: description: 'Required. The full URI path that the request will be sent to. This string must begin with either "http://" or "https://". Some examples of valid values for uri are: `http://acme.com` and `https://acme.com/sales:8080`. Cloud Scheduler will encode some characters for safety and compatibility. The maximum allowed URL length is 2083 characters after encoding.' type: string required: - uri type: object location: description: Immutable. The location for the resource type: string pubsubTarget: description: Pub/Sub target. properties: attributes: additionalProperties: type: string description: Attributes for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute. type: object data: description: The message payload for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute. type: string topicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - topicRef type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retryConfig: description: Settings that determine the retry behavior. properties: maxBackoffDuration: description: The maximum amount of time to wait before retrying a job after it fails. The default value of this field is 1 hour. type: string maxDoublings: description: The time between retries will double `max_doublings` times. A job's retry interval starts at min_backoff_duration, then doubles `max_doublings` times, then increases linearly, and finally retries at intervals of max_backoff_duration up to retry_count times. For example, if min_backoff_duration is 10s, max_backoff_duration is 300s, and `max_doublings` is 3, then the a job will first be retried in 10s. The retry interval will double three times, and then increase linearly by 2^3 * 10s. Finally, the job will retry at intervals of max_backoff_duration until the job has been attempted retry_count times. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, .... The default value of this field is 5. format: int64 type: integer maxRetryDuration: description: The time limit for retrying a failed job, measured from time when an execution was first attempted. If specified with retry_count, the job will be retried until both limits are reached. The default value for max_retry_duration is zero, which means retry duration is unlimited. type: string minBackoffDuration: description: The minimum amount of time to wait before retrying a job after it fails. The default value of this field is 5 seconds. type: string retryCount: description: The number of attempts that the system will make to run a job using the exponential backoff procedure described by max_doublings. The default value of retry_count is zero. If retry_count is zero, a job attempt will *not* be retried if it fails. Instead the Cloud Scheduler system will wait for the next scheduled execution time. If retry_count is set to a non-zero number then Cloud Scheduler will retry failed attempts, using exponential backoff, retry_count times, or until the next scheduled execution time, whichever comes first. Values greater than 5 and negative values are not allowed. format: int64 type: integer type: object schedule: description: 'Required, except when used with UpdateJob. Describes the schedule on which the job will be executed. The schedule can be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) As a general rule, execution `n + 1` of a job will not begin until execution `n` has finished. Cloud Scheduler will never allow two simultaneously outstanding executions. For example, this implies that if the `n+1`th execution is scheduled to run at 16:00 but the `n`th execution takes until 16:15, the `n+1`th execution will not start until `16:15`. A scheduled start time will be delayed if the previous execution has not ended when its scheduled time occurs. If retry_count > 0 and a job attempt fails, the job will be tried a total of retry_count times, with exponential backoff, until the next scheduled start time.' type: string timeZone: description: Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). Note that some time zones include a provision for daylight savings time. The rules for daylight saving time are determined by the chosen tz. For UTC use the string "utc". If a time zone is not specified, the default will be in UTC (also known as GMT). type: string required: - location type: object status: properties: appEngineHttpTarget: properties: appEngineRouting: properties: host: description: 'Output only. The host that the job is sent to. For more information about how App Engine requests are routed, see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). The host is constructed as: * `host = [application_domain_name]` `| [service] + ''.'' + [application_domain_name]` `| [version] + ''.'' + [application_domain_name]` `| [version_dot_service]+ ''.'' + [application_domain_name]` `| [instance] + ''.'' + [application_domain_name]` `| [instance_dot_service] + ''.'' + [application_domain_name]` `| [instance_dot_version] + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + ''.'' + [application_domain_name]` * `application_domain_name` = The domain name of the app, for example .appspot.com, which is associated with the job''s project ID. * `service =` service * `version =` version * `version_dot_service =` version `+ ''.'' +` service * `instance =` instance * `instance_dot_service =` instance `+ ''.'' +` service * `instance_dot_version =` instance `+ ''.'' +` version * `instance_dot_version_dot_service =` instance `+ ''.'' +` version `+ ''.'' +` service If service is empty, then the job will be sent to the service which is the default service when the job is attempted. If version is empty, then the job will be sent to the version which is the default version when the job is attempted. If instance is empty, then the job will be sent to an instance which is available when the job is attempted. If service, version, or instance is invalid, then the job will be sent to the default version of the default service when the job is attempted.' type: string type: object type: object conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array lastAttemptTime: description: Output only. The time the last job attempt started. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer scheduleTime: description: Output only. The next time the job is scheduled. Note that this may be a retry of a previously failed attempt or the next execution time according to the schedule. format: date-time type: string state: description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, ENABLED, PAUSED, DISABLED, UPDATE_FAILED' type: string status: description: Output only. The response from the target for the last attempted execution. properties: code: description: The status code, which should be an enum value of google.rpc.Code. format: int64 type: integer details: description: A list of messages that carry the error details. There is a common set of message types for APIs to use. items: properties: typeUrl: description: 'A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL''s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading "." is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a google.protobuf.Type value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.' type: string value: description: Must be a valid serialized protocol buffer of the above specified type. type: string type: object type: array message: description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. type: string type: object userUpdateTime: description: Output only. The creation time of the job. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp kind: CloudTasksQueue plural: cloudtasksqueues shortNames: - gcpcloudtasksqueue - gcpcloudtasksqueues singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: appEngineRoutingOverride: description: |- Overrides for task-level appEngineRouting. These settings apply only to App Engine tasks in this queue. properties: host: description: The host that the task is sent to. type: string instance: description: |- App instance. By default, the task is sent to an instance which is available when the task is attempted. type: string service: description: |- App service. By default, the task is sent to the service which is the default service when the task is attempted. type: string version: description: |- App version. By default, the task is sent to the version which is the default version when the task is attempted. type: string type: object location: description: Immutable. The location of the queue. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rateLimits: description: |- Rate limits for task dispatches. The queue's actual dispatch rate is the result of: * Number of tasks in the queue * User-specified throttling: rateLimits, retryConfig, and the queue's state. * System throttling due to 429 (Too Many Requests) or 503 (Service Unavailable) responses from the worker, high error rates, or to smooth sudden large traffic spikes. properties: maxBurstSize: description: |- The max burst size. Max burst size limits how fast tasks in queue are processed when many tasks are in the queue and the rate is high. This field allows the queue to have a high rate so processing starts shortly after a task is enqueued, but still limits resource usage when many tasks are enqueued in a short period of time. type: integer maxConcurrentDispatches: description: |- The maximum number of concurrent tasks that Cloud Tasks allows to be dispatched for this queue. After this threshold has been reached, Cloud Tasks stops dispatching tasks until the number of concurrent requests decreases. type: integer maxDispatchesPerSecond: description: |- The maximum rate at which tasks are dispatched from this queue. If unspecified when the queue is created, Cloud Tasks will pick the default. type: number type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retryConfig: description: Settings that determine the retry behavior. properties: maxAttempts: description: |- Number of attempts per task. Cloud Tasks will attempt the task maxAttempts times (that is, if the first attempt fails, then there will be maxAttempts - 1 retries). Must be >= -1. If unspecified when the queue is created, Cloud Tasks will pick the default. -1 indicates unlimited attempts. type: integer maxBackoff: description: |- A task will be scheduled for retry between minBackoff and maxBackoff duration after it fails, if the queue's RetryConfig specifies that the task should be retried. type: string maxDoublings: description: |- The time between retries will double maxDoublings times. A task's retry interval starts at minBackoff, then doubles maxDoublings times, then increases linearly, and finally retries retries at intervals of maxBackoff up to maxAttempts times. type: integer maxRetryDuration: description: |- If positive, maxRetryDuration specifies the time limit for retrying a failed task, measured from when the task was first attempted. Once maxRetryDuration time has passed and the task has been attempted maxAttempts times, no further attempts will be made and the task will be deleted. If zero, then the task age is unlimited. type: string minBackoff: description: |- A task will be scheduled for retry between minBackoff and maxBackoff duration after it fails, if the queue's RetryConfig specifies that the task should be retried. type: string type: object stackdriverLoggingConfig: description: Configuration options for writing logs to Stackdriver Logging. properties: samplingRatio: description: |- Specifies the fraction of operations to write to Stackdriver Logging. This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the default and means that no operations are logged. type: number required: - samplingRatio type: object required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeaddresses.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeAddress plural: computeaddresses shortNames: - gcpcomputeaddress - gcpcomputeaddresses singular: computeaddress preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: address: description: |- Immutable. The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any. Set by the API if undefined. type: string addressType: description: |- Immutable. The type of address to reserve. Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. type: string description: description: Immutable. An optional description of this resource. type: string ipVersion: description: 'Immutable. The IP Version that will be used by this address. The default value is ''IPV4''. Possible values: ["IPV4", "IPV6"]. This field can only be specified for a global address.' type: string location: description: 'Location represents the geographical location of the ComputeAddress. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string networkRef: description: |- The network in which to reserve the address. If global, the address must be within the RFC1918 IP space. The network cannot be deleted if there are any reserved IP ranges referring to it. This field can only be used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkTier: description: |- Immutable. The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. type: string prefixLength: description: Immutable. The prefix length if the resource represents an IP range. type: integer purpose: description: |- Immutable. The purpose of this resource, which can be one of the following values. * GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, load balancers, and similar resources. * SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. * IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect configuration. These addresses are regional resources. * PRIVATE_SERVICE_CONNECT for a private network address that is used to configure Private Service Connect. Only global internal addresses can use this purpose. This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subnetworkRef: description: |- The subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string users: description: The URLs of the resources that are using this address. items: type: string type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeautoscalers.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeAutoscaler plural: computeautoscalers shortNames: - gcpcomputeautoscaler - gcpcomputeautoscalers singular: computeautoscaler preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoscalingPolicy: description: |- The configuration parameters for the autoscaling algorithm. You can define one or more of the policies for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization. If none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%. properties: cooldownPeriod: description: |- The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process. type: integer cpuUtilization: description: |- Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group. properties: predictiveMethod: description: |- Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. type: string target: description: |- The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization. type: number required: - target type: object loadBalancingUtilization: description: Configuration parameters of autoscaling based on a load balancer. properties: target: description: |- Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8. type: number required: - target type: object maxReplicas: description: |- The maximum number of instances that the autoscaler can scale up to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas. type: integer metric: description: Configuration parameters of autoscaling based on a custom metric. items: properties: filter: description: |- A filter string to be used as the filter string for a Stackdriver Monitoring TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. You can only use the AND operator for joining selectors. You can only use direct equality comparison operator (=) without any functions for each selector. You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a per-group metric for the purpose of autoscaling. If not specified, the type defaults to gce_instance. You should provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value. type: string name: description: |- The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE. type: string singleInstanceAssignment: description: |- If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. The autoscaler will keep the number of instances proportional to the value of this metric, the metric itself should not change value due to group resizing. For example, a good metric to use with the target is 'pubsub.googleapis.com/subscription/num_undelivered_messages' or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead. type: number target: description: |- The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilizationTarget is www.googleapis.com/compute/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances. type: number type: description: |- Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. type: string required: - name type: object type: array minReplicas: description: |- The minimum number of replicas that the autoscaler can scale down to. This cannot be less than 0. If not provided, autoscaler will choose a default value depending on maximum number of instances allowed. type: integer mode: description: 'Defines operating mode for this policy. Default value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' type: string scaleDownControl: description: |- Defines scale down controls to reduce the risk of response latency and outages due to abrupt scale-in events. properties: maxScaledDownReplicas: description: A nested object resource. properties: fixed: description: |- Specifies a fixed number of VM instances. This must be a positive integer. type: integer percent: description: |- Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. type: integer type: object timeWindowSec: description: |- How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. type: integer type: object scaleInControl: description: |- Defines scale in controls to reduce the risk of response latency and outages due to abrupt scale-in events. properties: maxScaledInReplicas: description: A nested object resource. properties: fixed: description: |- Specifies a fixed number of VM instances. This must be a positive integer. type: integer percent: description: |- Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. type: integer type: object timeWindowSec: description: |- How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. type: integer type: object scalingSchedules: description: Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. items: properties: description: description: A description of a scaling schedule. type: string disabled: description: A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. type: boolean durationSec: description: The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. type: integer minRequiredReplicas: description: Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. type: integer name: type: string schedule: description: The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). type: string timeZone: description: 'The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' type: string required: - durationSec - minRequiredReplicas - name - schedule type: object type: array required: - maxReplicas - minReplicas type: object description: description: An optional description of this resource. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string targetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object zone: description: Immutable. URL of the zone where the instance group resides. type: string required: - autoscalingPolicy - projectRef - targetRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeBackendBucket plural: computebackendbuckets shortNames: - gcpcomputebackendbucket - gcpcomputebackendbuckets singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bucketRef: description: Reference to the bucket. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object cdnPolicy: description: Cloud CDN configuration for this Backend Bucket. properties: bypassCacheOnRequestHeaders: description: Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. items: properties: headerName: description: The header field name to match on when bypassing cache. Values are case-insensitive. type: string type: object type: array cacheKeyPolicy: description: The CacheKeyPolicy for this CdnPolicy. properties: includeHttpHeaders: description: |- Allows HTTP request headers (by name) to be used in the cache key. items: type: string type: array queryStringWhitelist: description: |- Names of query string parameters to include in cache keys. Default parameters are always included. '&' and '=' will be percent encoded and not treated as delimiters. items: type: string type: array type: object cacheMode: description: |- Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string clientTtl: description: Specifies the maximum allowed TTL for cached content served by this origin. type: integer defaultTtl: description: |- Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). type: integer maxTtl: description: Specifies the maximum allowed TTL for cached content served by this origin. type: integer negativeCaching: description: Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. type: boolean negativeCachingPolicy: description: |- Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: code: description: |- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once. type: integer ttl: description: |- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. type: integer type: object type: array requestCoalescing: description: If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin. type: boolean serveWhileStale: description: Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. type: integer signedUrlCacheMaxAgeSec: description: |- Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. type: integer type: object compressionMode: description: 'Compress text responses using Brotli or gzip compression, based on the client''s Accept-Encoding header. Possible values: ["AUTOMATIC", "DISABLED"].' type: string customResponseHeaders: description: Headers that the HTTP/S load balancer should add to proxied responses. items: type: string type: array description: description: |- An optional textual description of the resource; provided by the client when the resource is created. type: string edgeSecurityPolicy: description: The security policy associated with this backend bucket. type: string enableCdn: description: If true, enable Cloud CDN for this BackendBucket. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - bucketRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeBackendBucketSignedURLKey plural: computebackendbucketsignedurlkeys shortNames: - gcpcomputebackendbucketsignedurlkey - gcpcomputebackendbucketsignedurlkeys singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backendBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object keyValue: description: |- Immutable. 128-bit key value used for signing the URL. The key value must be a valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - backendBucketRef - keyValue - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeBackendService plural: computebackendservices shortNames: - gcpcomputebackendservice - gcpcomputebackendservices singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: affinityCookieTtlSec: description: |- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used. type: integer backend: description: The set of backends that serve this BackendService. items: properties: balancingMode: description: |- Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL). See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. type: string capacityScaler: description: |- A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0]. type: number description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string failover: description: |- This field designates whether this is a failover backend. More than one failover backend can be configured for a given RegionBackendService. type: boolean group: description: |- Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. When the 'load_balancing_scheme' is INTERNAL, only instance groups are supported. oneOf: - required: - instanceGroupRef - required: - networkEndpointGroupRef properties: instanceGroupRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkEndpointGroupRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetworkEndpointGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object maxConnections: description: |- The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set. type: integer maxConnectionsPerEndpoint: description: |- The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set. type: integer maxConnectionsPerInstance: description: |- The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set. type: integer maxRate: description: |- The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set. type: integer maxRatePerEndpoint: description: |- The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set. type: number maxRatePerInstance: description: |- The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set. type: number maxUtilization: description: |- Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0]. type: number required: - group type: object type: array cdnPolicy: description: Cloud CDN configuration for this BackendService. properties: bypassCacheOnRequestHeaders: description: |- Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. items: properties: headerName: description: The header field name to match on when bypassing cache. Values are case-insensitive. type: string required: - headerName type: object type: array cacheKeyPolicy: description: The CacheKeyPolicy for this CdnPolicy. properties: includeHost: description: If true requests to different hosts will be cached separately. type: boolean includeHttpHeaders: description: |- Allows HTTP request headers (by name) to be used in the cache key. items: type: string type: array includeNamedCookies: description: Names of cookies to include in cache keys. items: type: string type: array includeProtocol: description: If true, http and https requests will be cached separately. type: boolean includeQueryString: description: |- If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely. type: boolean queryStringBlacklist: description: |- Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. items: type: string type: array queryStringWhitelist: description: |- Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. items: type: string type: array type: object cacheMode: description: |- Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string clientTtl: description: Specifies the maximum allowed TTL for cached content served by this origin. type: integer defaultTtl: description: |- Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). type: integer maxTtl: description: Specifies the maximum allowed TTL for cached content served by this origin. type: integer negativeCaching: description: Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. type: boolean negativeCachingPolicy: description: |- Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: code: description: |- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once. type: integer ttl: description: |- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. type: integer type: object type: array serveWhileStale: description: Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. type: integer signedUrlCacheMaxAgeSec: description: |- Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. type: integer type: object circuitBreakers: description: |- Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: connectTimeout: description: The timeout for new network connections to hosts. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object maxConnections: description: |- The maximum number of connections to the backend cluster. Defaults to 1024. type: integer maxPendingRequests: description: |- The maximum number of pending requests to the backend cluster. Defaults to 1024. type: integer maxRequests: description: |- The maximum number of parallel requests to the backend cluster. Defaults to 1024. type: integer maxRequestsPerConnection: description: |- Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. type: integer maxRetries: description: |- The maximum number of parallel retries to the backend cluster. Defaults to 3. type: integer type: object compressionMode: description: 'Compress text responses using Brotli or gzip compression, based on the client''s Accept-Encoding header. Possible values: ["AUTOMATIC", "DISABLED"].' type: string connectionDrainingTimeoutSec: description: |- Time for which instance will be drained (not accept new connections, but still work to finish started). type: integer connectionTrackingPolicy: description: |- Connection Tracking configuration for this BackendService. This is available only for Layer 4 Internal Load Balancing and Network Load Balancing. properties: connectionPersistenceOnUnhealthyBackends: description: |- Specifies connection persistence when backends are unhealthy. If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on unhealthy backends only for connection-oriented protocols (TCP and SCTP) and only if the Tracking Mode is PER_CONNECTION (default tracking mode) or the Session Affinity is configured for 5-tuple. They do not persist for UDP. If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing connections on the unhealthy backend are never persisted on the unhealthy backend. They are always diverted to newly selected healthy backends (unless all backends are unhealthy). If set to 'ALWAYS_PERSIST', existing connections always persist on unhealthy backends regardless of protocol and session affinity. It is generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string idleTimeoutSec: description: |- Specifies how long to keep a Connection Tracking entry while there is no matching traffic (in seconds). For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. type: integer trackingMode: description: |- Specifies the key used for connection tracking. There are two options: 'PER_CONNECTION': The Connection Tracking is performed as per the Connection Key (default Hash Method) for the specific protocol. 'PER_SESSION': The Connection Tracking is performed as per the configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object consistentHash: description: |- Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. properties: httpCookie: description: |- Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. properties: name: description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: Lifetime of the cookie. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object type: object httpHeaderName: description: |- The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string minimumRingSize: description: |- The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024. type: integer type: object customRequestHeaders: description: |- Headers that the HTTP/S load balancer should add to proxied requests. items: type: string type: array customResponseHeaders: description: |- Headers that the HTTP/S load balancer should add to proxied responses. items: type: string type: array description: description: An optional description of this resource. type: string edgeSecurityPolicyRef: description: |- The resource URL for the edge security policy associated with this backend service. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object enableCdn: description: If true, enable Cloud CDN for this BackendService. type: boolean failoverPolicy: description: Policy for failovers. properties: disableConnectionDrainOnFailover: description: |- On failover or failback, this field indicates whether connection drain will be honored. Setting this to true has the following effect: connections to the old active pool are not drained. Connections to the new active pool use the timeout of 10 min (currently fixed). Setting to false has the following effect: both old and new connections will have a drain timeout of 10 min. This can be set to true only if the protocol is TCP. The default is false. type: boolean dropTrafficIfUnhealthy: description: |- This option is used only when no healthy VMs are detected in the primary and backup instance groups. When set to true, traffic is dropped. When set to false, new connections are sent across all VMs in the primary group. The default is false. type: boolean failoverRatio: description: |- The value of the field must be in [0, 1]. If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover backend. In case where 'failoverRatio' is not set or all the VMs in the backup backend are unhealthy, the traffic will be directed back to the primary backend in the "force" mode, where traffic will be spread to the healthy VMs with the best effort, or to all VMs when no VM is healthy. This field is only used with l4 load balancing. type: number type: object healthChecks: items: description: |- The health check resources for health checking this ComputeBackendService. Currently at most one health check can be specified, and a health check is required. oneOf: - required: - healthCheckRef - required: - httpHealthCheckRef properties: healthCheckRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object httpHealthCheckRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array iap: description: Settings for enabling Cloud Identity Aware Proxy. oneOf: - required: - oauth2ClientId - required: - oauth2ClientIdRef properties: oauth2ClientId: description: DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` instead. type: string oauth2ClientIdRef: description: OAuth2 Client ID for IAP. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object oauth2ClientSecret: description: OAuth2 Client Secret for IAP. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - key - name type: object type: object type: object oauth2ClientSecretSha256: description: OAuth2 Client Secret SHA-256 for IAP. type: string type: object loadBalancingScheme: description: |- Immutable. Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. type: string localityLbPolicies: description: |- A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. items: properties: customPolicy: description: |- The configuration for a custom policy implemented by the user and deployed with the client. properties: data: description: |- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation. type: string name: description: |- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected. type: string required: - name type: object policy: description: The configuration for a built-in load balancing policy. properties: name: description: |- The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are: * 'ROUND_ROBIN': This is a simple policy in which each healthy backend is selected in round robin order. * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. * 'RING_HASH': The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. * 'RANDOM': The load balancer selects a random healthy host. * 'ORIGINAL_DESTINATION': Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string required: - name type: object type: object type: array localityLbPolicy: description: |- The load balancing algorithm used within the scope of the locality. The possible values are: * 'ROUND_ROBIN': This is a simple policy in which each healthy backend is selected in round robin order. * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. * 'RING_HASH': The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. * 'RANDOM': The load balancer selects a random healthy host. * 'ORIGINAL_DESTINATION': Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This field is applicable to either: * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED. * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string location: description: 'Location represents the geographical location of the ComputeBackendService. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string logConfig: description: |- This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. properties: enable: description: Whether to enable logging for the load balancer traffic served by this backend service. type: boolean sampleRate: description: |- This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0. type: number type: object networkRef: description: |- The network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object outlierDetection: description: |- Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: baseEjectionTime: description: |- The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object consecutiveErrors: description: |- Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. type: integer consecutiveGatewayFailure: description: |- The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5. type: integer enforcingConsecutiveErrors: description: |- The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. type: integer enforcingConsecutiveGatewayFailure: description: |- The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. type: integer enforcingSuccessRate: description: |- The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. type: integer interval: description: |- Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object maxEjectionPercent: description: |- Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%. type: integer successRateMinimumHosts: description: |- The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5. type: integer successRateRequestVolume: description: |- The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100. type: integer successRateStdevFactor: description: |- This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. type: integer type: object portName: description: |- Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL. type: string protocol: description: |- The protocol this BackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string securityPolicyRef: description: The security policy associated with this backend service. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object securitySettings: description: |- The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. properties: clientTLSPolicyRef: description: |- ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object subjectAltNames: description: |- A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. items: type: string type: array required: - clientTLSPolicyRef - subjectAltNames type: object sessionAffinity: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. type: string subsetting: description: Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing. properties: policy: description: 'The algorithm used for subsetting. Possible values: ["CONSISTENT_HASH_SUBSETTING"].' type: string required: - policy type: object timeoutSec: description: |- How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400]. type: integer required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string fingerprint: description: |- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. type: string generatedId: description: The unique identifier for the resource. This identifier is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeBackendServiceSignedURLKey plural: computebackendservicesignedurlkeys shortNames: - gcpcomputebackendservicesignedurlkey - gcpcomputebackendservicesignedurlkeys singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backendServiceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object keyValue: description: |- Immutable. 128-bit key value used for signing the URL. The key value must be a valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - backendServiceRef - keyValue - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeDiskResourcePolicyAttachment plural: computediskresourcepolicyattachments shortNames: - gcpcomputediskresourcepolicyattachment - gcpcomputediskresourcepolicyattachments singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: diskRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. A reference to the zone where the disk resides. type: string required: - diskRef - projectRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeDisk plural: computedisks shortNames: - gcpcomputedisk - gcpcomputedisks singular: computedisk preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: asyncPrimaryDisk: description: Immutable. A nested object resource. properties: diskRef: description: Immutable. Primary disk for asynchronous disk replication. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - diskRef type: object description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string diskEncryptionKey: description: |- Immutable. Encrypts the disk using a customer-supplied encryption key. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. properties: kmsKeyRef: description: |- The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - key - name type: object type: object type: object rsaEncryptedKey: description: |- Immutable. Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string type: object guestOsFeatures: description: |- Immutable. A list of features to enable on the guest operating system. Applicable only for bootable disks. items: properties: type: description: 'Immutable. The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: ["MULTI_IP_SUBNET", "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' type: string required: - type type: object type: array imageRef: description: The image from which to initialize this disk. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object interface: description: DEPRECATED. This field is no longer in use, disk interfaces will be automatically determined on attachment. To resolve this issue, remove this field from your config. Immutable. Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. type: string licenses: description: Immutable. Any applicable license URI. items: type: string type: array location: description: 'Location represents the geographical location of the ComputeDisk. Specify a region name or a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string multiWriter: description: Immutable. Indicates whether or not the disk can be read/write attached to more than one instance. type: boolean physicalBlockSizeBytes: description: |- Immutable. Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. Currently supported sizes are 4096 and 16384, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project. type: integer projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object provisionedIops: description: Immutable. Indicates how many IOPS must be provisioned for the disk. type: integer replicaZones: description: Immutable. URLs of the zones where the disk should be replicated to. items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourcePolicies: items: description: Resource policies applied to this disk for automatic snapshot creations. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array size: description: |- Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the 'image' or 'snapshot' parameter, or specify it alone to create an empty persistent disk. If you specify this field along with 'image' or 'snapshot', the value must not be less than the size of the image or the size of the snapshot. Upsizing the disk is mutable, but downsizing the disk requires re-creating the resource. type: integer snapshotRef: description: The source snapshot used to create this disk. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceDiskRef: description: The source disk used to create this disk. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceImageEncryptionKey: description: |- Immutable. The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. properties: kmsKeyRef: description: |- The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. type: string sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string type: object sourceSnapshotEncryptionKey: description: |- Immutable. The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. properties: kmsKeyRef: description: |- The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. type: string sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string type: object type: description: |- Immutable. URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk. type: string required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string lastAttachTimestamp: description: Last attach timestamp in RFC3339 text format. type: string lastDetachTimestamp: description: Last detach timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string sourceDiskId: description: |- The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name. type: string sourceImageId: description: |- The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used. type: string sourceSnapshotId: description: |- The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used. type: string users: description: |- Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance. items: type: string type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeExternalVPNGateway plural: computeexternalvpngateways shortNames: - gcpcomputeexternalvpngateway - gcpcomputeexternalvpngateways singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string interface: description: Immutable. A list of interfaces on this external VPN gateway. items: properties: id: description: |- Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type of this external VPN gateway * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' * '0, 1 - TWO_IPS_REDUNDANCY' * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. type: integer ipAddress: description: |- Immutable. IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. type: string type: object type: array redundancyType: description: 'Immutable. Indicates the redundancy type of this external VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", "TWO_IPS_REDUNDANCY"].' type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeFirewallPolicy plural: computefirewallpolicies shortNames: - gcpcomputefirewallpolicy - gcpcomputefirewallpolicies singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - folderRef - required: - organizationRef properties: description: description: An optional description of this resource. Provide this property when you create the resource. type: string folderRef: description: Immutable. The Folder that this resource belongs to. Only one of [folderRef, organizationRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [folderRef, organizationRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string shortName: description: Immutable. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. type: string required: - shortName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string fingerprint: description: Fingerprint of the resource. This field is used internally during updates of this resource. type: string id: description: The unique identifier for the resource. This identifier is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer ruleTupleCount: description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. format: int64 type: integer selfLink: description: Server-defined URL for the resource. type: string selfLinkWithId: description: Server-defined URL for this resource with the resource id. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeFirewallPolicyAssociation plural: computefirewallpolicyassociations shortNames: - gcpcomputefirewallpolicyassociation - gcpcomputefirewallpolicyassociations singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attachmentTargetRef: description: Immutable. oneOf: - not: required: - external required: - name - kind - not: anyOf: - required: - name - required: - namespace - required: - kind required: - external properties: external: description: |- The target that the firewall policy is attached to. Allowed values: * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string kind: description: 'Kind of the referent. Allowed values: Folder' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object firewallPolicyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The firewall policy ID of the association. Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - attachmentTargetRef - firewallPolicyRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer shortName: description: The short name of the firewall policy of the association. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeFirewallPolicyRule plural: computefirewallpolicyrules shortNames: - gcpcomputefirewallpolicyrule - gcpcomputefirewallpolicyrules singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: action: description: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next". type: string description: description: An optional description for this resource. type: string direction: description: 'The direction in which this rule applies. Possible values: INGRESS, EGRESS' type: string disabled: description: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. type: boolean enableLogging: description: 'Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' type: boolean firewallPolicyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The firewall policy of the resource. Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object match: description: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. properties: destAddressGroups: description: Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. items: type: string type: array destFqdns: description: Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. items: type: string type: array destIPRanges: description: CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256. items: type: string type: array destRegionCodes: description: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. items: type: string type: array destThreatIntelligences: description: Name of the Google Cloud Threat Intelligence list. items: type: string type: array layer4Configs: description: Pairs of IP protocols and ports that the rule should match. items: properties: ipProtocol: description: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number. type: string ports: description: 'An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.' items: type: string type: array required: - ipProtocol type: object type: array srcAddressGroups: description: Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. items: type: string type: array srcFqdns: description: Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. items: type: string type: array srcIPRanges: description: CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256. items: type: string type: array srcRegionCodes: description: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. items: type: string type: array srcThreatIntelligences: description: Name of the Google Cloud Threat Intelligence list. items: type: string type: array required: - layer4Configs type: object priority: description: Immutable. An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. format: int64 type: integer targetResources: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array targetServiceAccounts: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - action - direction - firewallPolicyRef - match - priority type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array kind: description: Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer ruleTupleCount: description: Calculation of the complexity of a single firewall policy rule. format: int64 type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeFirewall plural: computefirewalls shortNames: - gcpcomputefirewall - gcpcomputefirewalls singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: allow: description: |- The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection. items: properties: ports: description: |- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. items: type: string type: array protocol: description: |- The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip, all), or the IP protocol number. type: string required: - protocol type: object type: array deny: description: |- The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection. items: properties: ports: description: |- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. items: type: string type: array protocol: description: |- The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip, all), or the IP protocol number. type: string required: - protocol type: object type: array description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string destinationRanges: description: |- If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. items: type: string type: array direction: description: |- Immutable. Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string disabled: description: |- Denotes whether the firewall rule is disabled, i.e not applied to the network it is associated with. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled. type: boolean enableLogging: description: DEPRECATED. Deprecated in favor of log_config. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver. type: boolean logConfig: description: |- This field denotes the logging options for a particular firewall rule. If defined, logging is enabled, and logs will be exported to Cloud Logging. properties: metadata: description: 'This field denotes whether to include or exclude metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA"].' type: string required: - metadata type: object networkRef: description: The network to attach this firewall to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object priority: description: |- Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority. type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceRanges: description: |- If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. items: type: string type: array sourceServiceAccounts: items: description: |- If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sourceTags: description: |- If source tags are specified, the firewall will apply only to traffic with source IP that belongs to a tag listed in source tags. Source tags cannot be used to control traffic to an instance's external IP address. Because tags are associated with an instance, not an IP address. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. For INGRESS traffic, one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. items: type: string type: array targetServiceAccounts: items: description: |- A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array targetTags: description: |- A list of instance tags indicating sets of instances located in the network that may make network connections as specified in allowed[]. If no targetTags are specified, the firewall rule applies to all instances on the specified network. items: type: string type: array required: - networkRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeForwardingRule plural: computeforwardingrules shortNames: - gcpcomputeforwardingrule - gcpcomputeforwardingrules singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: allPorts: description: |- Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The 'ports', 'port_range', and 'allPorts' fields are mutually exclusive. type: boolean allowGlobalAccess: description: |- This field is used along with the 'backend_service' field for internal load balancing or with the 'target' field for internal TargetInstance. If the field is set to 'TRUE', clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. type: boolean allowPscGlobalAccess: description: Immutable. This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. type: boolean backendServiceRef: description: |- A ComputeBackendService to receive the matched traffic. This is used only for internal load balancing. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string ipAddress: description: |- The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule. oneOf: - required: - addressRef - required: - ip properties: addressRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object ip: type: string type: object ipProtocol: description: |- Immutable. The IP protocol to which this rule applies. For protocol forwarding, valid options are 'TCP', 'UDP', 'ESP', 'AH', 'SCTP', 'ICMP' and 'L3_DEFAULT'. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]. type: string ipVersion: description: 'Immutable. The IP Version that will be used by this global forwarding rule. Possible values: ["IPV4", "IPV6"].' type: string isMirroringCollector: description: |- Immutable. Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a 'PacketMirroring' rule applies to them. This can only be set to true for load balancers that have their 'loadBalancingScheme' set to 'INTERNAL'. type: boolean loadBalancingScheme: description: |- Immutable. Specifies the forwarding rule type. For more information about forwarding rules, refer to [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED"]. type: string location: description: 'Location represents the geographical location of the ComputeForwardingRule. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string metadataFilters: description: |- Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: description: |- Immutable. The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. items: properties: name: description: |- Immutable. Name of the metadata label. The length must be between 1 and 1024 characters, inclusive. type: string value: description: |- Immutable. The value that the label must match. The value has a maximum length of 1024 characters. type: string required: - name - value type: object type: array filterMatchCriteria: description: |- Immutable. Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]. type: string required: - filterLabels - filterMatchCriteria type: object type: array networkRef: description: |- This field is not used for external load balancing. For internal load balancing, this field identifies the network that the load balanced IP should belong to for this forwarding rule. If this field is not specified, the default network will be used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkTier: description: |- Immutable. This signifies the networking tier used for configuring this load balancer and can only take the following values: 'PREMIUM', 'STANDARD'. For regional ForwardingRule, the valid values are 'PREMIUM' and 'STANDARD'. For GlobalForwardingRule, the valid value is 'PREMIUM'. If this field is not specified, it is assumed to be 'PREMIUM'. If 'IPAddress' is specified, this value must be equal to the networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"]. type: string portRange: description: |- Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) for details. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The 'ports' and 'port_range' fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot have overlapping 'portRange's. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot have overlapping 'portRange's. type: string ports: description: |- Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding. You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot share any values defined in 'ports'. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot share any values defined in 'ports'. The 'ports' and 'port_range' fields are mutually exclusive. items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceDirectoryRegistrations: description: |- Immutable. Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. items: properties: namespace: description: Immutable. Service Directory namespace to register the forwarding rule under. type: string service: description: Immutable. Service Directory service to register the forwarding rule under. type: string type: object type: array serviceLabel: description: |- Immutable. An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. type: string sourceIpRanges: description: Immutable. If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). items: type: string type: array subnetworkRef: description: |- The subnetwork that the load balanced IP should belong to for this forwarding rule. This field is only used for internal load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object target: description: |- The target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid. oneOf: - required: - targetGRPCProxyRef - required: - targetHTTPProxyRef - required: - targetHTTPSProxyRef - required: - targetSSLProxyRef - required: - targetTCPProxyRef - required: - targetVPNGatewayRef properties: targetGRPCProxyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object targetHTTPProxyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object targetHTTPSProxyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object targetSSLProxyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object targetTCPProxyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object targetVPNGatewayRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object required: - location type: object status: properties: baseForwardingRule: description: '[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.' type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer pscConnectionId: description: The PSC connection id of the PSC Forwarding Rule. type: string pscConnectionStatus: description: 'The PSC connection status of the PSC Forwarding Rule. Possible values: ''STATUS_UNSPECIFIED'', ''PENDING'', ''ACCEPTED'', ''REJECTED'', ''CLOSED''.' type: string selfLink: type: string serviceName: description: |- The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeGlobalNetworkEndpointGroup plural: computeglobalnetworkendpointgroups shortNames: - gcpcomputeglobalnetworkendpointgroup - gcpcomputeglobalnetworkendpointgroups singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: defaultPort: description: |- Immutable. The default port used if the port number is not specified in the network endpoint. type: integer description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string networkEndpointType: description: 'Immutable. Type of network endpoints in this network endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - networkEndpointType - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeGlobalNetworkEndpoint plural: computeglobalnetworkendpoints shortNames: - gcpcomputeglobalnetworkendpoint - gcpcomputeglobalnetworkendpoints singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: fqdn: description: |- Immutable. Fully qualified domain name of network endpoint. This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. type: string globalNetworkEndpointGroup: description: Immutable. The global network endpoint group this endpoint is part of. type: string ipAddress: description: Immutable. IPv4 address external endpoint. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - globalNetworkEndpointGroup - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeHealthCheck plural: computehealthchecks shortNames: - gcpcomputehealthcheck - gcpcomputehealthchecks singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: checkIntervalSec: description: |- How often (in seconds) to send a health check. The default value is 5 seconds. type: integer description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string grpcHealthCheck: description: A nested object resource. properties: grpcServiceName: description: |- The gRPC service name for the health check. The value of grpcServiceName has the following meanings by convention: - Empty serviceName means the overall status of all services at the backend. - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. The grpcServiceName can only be ASCII. type: string port: description: |- The port number for the health check request. Must be specified if portName and portSpecification are not set or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, gRPC health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object healthyThreshold: description: |- A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. type: integer http2HealthCheck: description: A nested object resource. properties: host: description: |- The value of the host header in the HTTP2 health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. type: string port: description: |- The TCP port number for the HTTP2 health check request. The default value is 443. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP2 health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string requestPath: description: |- The request path of the HTTP2 health check request. The default value is /. type: string response: description: |- The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. type: string type: object httpHealthCheck: description: A nested object resource. properties: host: description: |- The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. type: string port: description: |- The TCP port number for the HTTP health check request. The default value is 80. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string requestPath: description: |- The request path of the HTTP health check request. The default value is /. type: string response: description: |- The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. type: string type: object httpsHealthCheck: description: A nested object resource. properties: host: description: |- The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. type: string port: description: |- The TCP port number for the HTTPS health check request. The default value is 443. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTPS health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string requestPath: description: |- The request path of the HTTPS health check request. The default value is /. type: string response: description: |- The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. type: string type: object location: description: 'Location represents the geographical location of the ComputeHealthCheck. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string logConfig: description: Configure logging on this health check. properties: enable: description: |- Indicates whether or not to export logs. This is false by default, which means no health check logging will be done. type: boolean type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sslHealthCheck: description: A nested object resource. properties: port: description: |- The TCP port number for the SSL health check request. The default value is 443. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, SSL health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string request: description: |- The application data to send once the SSL connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII. type: string response: description: |- The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. type: string type: object tcpHealthCheck: description: A nested object resource. properties: port: description: |- The TCP port number for the TCP health check request. The default value is 443. type: integer portName: description: |- Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence. type: string portSpecification: description: |- Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, TCP health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string request: description: |- The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII. type: string response: description: |- The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII. type: string type: object timeoutSec: description: |- How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. type: integer unhealthyThreshold: description: |- A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. type: integer required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: description: The type of the health check. One of HTTP, HTTPS, TCP, or SSL. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeHTTPHealthCheck plural: computehttphealthchecks shortNames: - gcpcomputehttphealthcheck - gcpcomputehttphealthchecks singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: checkIntervalSec: description: |- How often (in seconds) to send a health check. The default value is 5 seconds. type: integer description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string healthyThreshold: description: |- A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. type: integer host: description: |- The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. type: string port: description: |- The TCP port number for the HTTP health check request. The default value is 80. type: integer requestPath: description: |- The request path of the HTTP health check request. The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string timeoutSec: description: |- How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. type: integer unhealthyThreshold: description: |- A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. type: integer type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeHTTPSHealthCheck plural: computehttpshealthchecks shortNames: - gcpcomputehttpshealthcheck - gcpcomputehttpshealthchecks singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: checkIntervalSec: description: |- How often (in seconds) to send a health check. The default value is 5 seconds. type: integer description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string healthyThreshold: description: |- A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2. type: integer host: description: |- The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used. type: string port: description: |- The TCP port number for the HTTPS health check request. The default value is 443. type: integer requestPath: description: |- The request path of the HTTPS health check request. The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string timeoutSec: description: |- How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. type: integer unhealthyThreshold: description: |- A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2. type: integer type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeImage plural: computeimages shortNames: - gcpcomputeimage - gcpcomputeimages singular: computeimage preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string diskRef: description: |- The source disk to create this image based on. You must provide either this property or the rawDisk.source property but not both to create an image. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object diskSizeGb: description: Immutable. Size of the image when restored onto a persistent disk (in GB). type: integer family: description: |- Immutable. The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035. type: string guestOsFeatures: description: |- Immutable. A list of features to enable on the guest operating system. Applicable only for bootable images. items: properties: type: description: 'Immutable. The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: ["MULTI_IP_SUBNET", "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' type: string required: - type type: object type: array imageEncryptionKey: description: |- Immutable. Encrypts the image using a customer-supplied encryption key. After you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image). properties: kmsKeySelfLinkRef: description: |- The self link of the encryption key that is stored in Google Cloud KMS. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object licenses: description: Immutable. Any applicable license URI. items: type: string type: array rawDisk: description: Immutable. The parameters of the raw disk image. properties: containerType: description: |- Immutable. The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created. Default value: "TAR" Possible values: ["TAR"]. type: string sha1: description: |- Immutable. An optional SHA1 checksum of the disk image before unpackaging. This is provided by the client when the disk image is created. type: string source: description: |- Immutable. The full Google Cloud Storage URL where disk storage is stored You must provide either this property or the sourceDisk property but not both. type: string required: - source type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceImageRef: description: The source image used to create this image. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceSnapshotRef: description: The source snapshot used to create this image. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object storageLocations: description: |- Immutable. Cloud Storage bucket storage location of the image (regional or multi-regional). Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images. items: type: string type: array type: object status: properties: archiveSizeBytes: description: |- Size of the image tar.gz archive stored in Google Cloud Storage (in bytes). type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInstanceGroupManager plural: computeinstancegroupmanagers shortNames: - gcpcomputeinstancegroupmanager - gcpcomputeinstancegroupmanagers singular: computeinstancegroupmanager preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoHealingPolicies: description: The autohealing policy for this managed instance group. You can specify only one value. items: properties: healthCheckRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL for the health check that signals autohealing. Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object initialDelaySec: description: The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. This initial delay allows instances to initialize and run their startup scripts before the instance group determines that they are UNHEALTHY. This prevents the managed instance group from recreating its instances prematurely. This value must be from range [0, 3600]. format: int64 type: integer type: object type: array baseInstanceName: description: The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string description: description: Immutable. An optional description of this resource. type: string distributionPolicy: description: Policy specifying the intended distribution of managed instances across zones in a regional managed instance group. properties: targetShape: description: 'The distribution shape to which the group converges either proactively or on resize events (depending on the value set in `updatePolicy.instanceRedistributionType`). Possible values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' type: string zones: description: Immutable. Zones where the regional managed instance group will create and manage its instances. items: properties: zone: description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). The zone must exist in the region where the managed instance group is located. type: string type: object type: array type: object failoverAction: description: 'The action to perform in case of zone failure. Only one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. Possible values: UNKNOWN, NO_FAILOVER' type: string instanceTemplateRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: Immutable. The location of this resource. type: string namedPorts: description: Immutable. Named ports configured for the Instance Groups complementary to this Instance Group Manager. items: properties: name: description: Immutable. The name for this named port. The name must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string port: description: Immutable. The port number, which can be a value between 1 and 65535. format: int64 type: integer type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object statefulPolicy: description: Stateful configuration for this Instanced Group Manager properties: preservedState: properties: disks: additionalProperties: properties: autoDelete: description: 'These stateful disks will never be deleted during autohealing, update or VM instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION' type: string type: object description: Disks created on the instances that will be preserved on instance delete, update, etc. This map is keyed with the device names of the disks. type: object externalIps: additionalProperties: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION' type: string type: object description: External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. type: object internalIps: additionalProperties: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION' type: string type: object description: Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. type: object type: object type: object targetPools: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array targetSize: description: The target number of running instances for this managed instance group. You can reduce this number by using the instanceGroupManager deleteInstances or abandonInstances methods. Resizing the group also changes this number. format: int64 type: integer updatePolicy: description: The update policy for this managed instance group. properties: instanceRedistributionType: description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) for regional managed instance groups. Valid values are: - `PROACTIVE` (default): The group attempts to maintain an even distribution of VM instances across zones in the region. - `NONE`: For non-autoscaled groups, proactive redistribution is disabled.' type: string maxSurge: description: The maximum number of instances that can be created above the specified `targetSize` during the update process. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for `maxSurge` is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either `maxSurge` or `maxUnavailable` must be greater than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). properties: fixed: description: Specifies a fixed number of VM instances. This must be a positive integer. format: int64 type: integer percent: description: Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%. format: int64 type: integer type: object maxUnavailable: description: 'The maximum number of instances that can be unavailable during the update process. An instance is considered available if all of the following conditions are satisfied: - The instance''s [status](/compute/docs/instances/checking-instance-status) is `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) on the instance group, the instance''s health check status must be `HEALTHY` at least once. If there is no health check on the group, then the instance only needs to have a status of `RUNNING` to be considered available. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for `maxUnavailable` is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either `maxSurge` or `maxUnavailable` must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: fixed: description: Specifies a fixed number of VM instances. This must be a positive integer. format: int64 type: integer percent: description: Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%. format: int64 type: integer type: object minReadySec: description: Minimum number of seconds to wait for after a newly created instance becomes available. This value must be from range [0, 3600]. format: int64 type: integer minimalAction: description: Minimal action to be taken on an instance. You can specify either `RESTART` to restart existing instances or `REPLACE` to delete and create new instances from the target template. If you specify a `RESTART`, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action. type: string mostDisruptiveAllowedAction: description: Most disruptive action that is allowed to be taken on an instance. You can specify either `NONE` to forbid any actions, `REFRESH` to allow actions that do not need instance restart, `RESTART` to allow actions that can be applied without instance replacing or `REPLACE` to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all. type: string replacementMethod: description: 'What action should be used to replace instances. See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' type: string type: description: The type of update process. You can specify either `PROACTIVE` so that the instance group manager proactively executes actions in order to bring instances to their target versions or `OPPORTUNISTIC` so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or `recreateInstances` calls). type: string type: object versions: description: Specifies the instance templates used by this managed instance group to create instances. Each version is defined by an `instanceTemplate` and a `name`. Every version can appear at most once per instance group. This field overrides the top-level `instanceTemplate` field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). Exactly one `version` must leave the `targetSize` field unset. That version will be applied to all remaining instances. For more information, read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). items: properties: instanceTemplateRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object name: description: Name of the version. Unique among all versions in the scope of this managed instance group. type: string targetSize: description: 'Specifies the intended number of instances to be created from the `instanceTemplate`. The final number of instances created from the template will be equal to: - If expressed as a fixed number, the minimum of either `targetSize.fixed` or `instanceGroupManager.targetSize` is used. - if expressed as a `percent`, the `targetSize` would be `(targetSize.percent/100 * InstanceGroupManager.targetSize)` If there is a remainder, the number is rounded. If unset, this version will update any remaining instances not updated by another `version`. Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) for more information.' properties: calculated: description: '[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.' format: int64 type: integer fixed: description: Specifies a fixed number of VM instances. This must be a positive integer. format: int64 type: integer percent: description: Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%. format: int64 type: integer type: object type: object type: array required: - projectRef - targetSize type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: The creation timestamp for this managed instance group in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. type: string currentActions: description: '[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions.' properties: abandoning: description: '[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.' format: int64 type: integer creating: description: '[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the `creatingWithoutRetries` field will be populated.' format: int64 type: integer creatingWithoutRetries: description: '[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group''s `targetSize` value accordingly.' format: int64 type: integer deleting: description: '[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.' format: int64 type: integer none: description: '[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.' format: int64 type: integer recreating: description: '[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.' format: int64 type: integer refreshing: description: '[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.' format: int64 type: integer restarting: description: '[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.' format: int64 type: integer verifying: description: '[Output Only] The number of instances in the managed instance group that are being verified. See the `managedInstances[].currentAction` property in the `listManagedInstances` method documentation.' format: int64 type: integer type: object fingerprint: description: Fingerprint of this resource. This field may be used in optimistic locking. It will be ignored when inserting an InstanceGroupManager. An up-to-date fingerprint must be provided in order to update the InstanceGroupManager, otherwise the request will fail with error `412 conditionNotMet`. To see the latest fingerprint, make a `get()` request to retrieve an InstanceGroupManager. type: string id: description: '[Output Only] A unique identifier for this resource type. The server generates this identifier.' format: int64 type: integer instanceGroup: description: '[Output Only] The URL of the Instance Group resource.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer region: description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) where the managed instance group resides (for regional resources).' type: string selfLink: description: '[Output Only] The URL for this managed instance group. The server defines this URL.' type: string status: description: '[Output Only] The status of this managed instance group.' properties: autoscaler: description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) that targets this instance group manager.' type: string isStable: description: '[Output Only] A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.' type: boolean stateful: description: '[Output Only] Stateful status of the given Instance Group Manager.' properties: hasStatefulConfig: description: '[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.' type: boolean isStateful: description: '[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. This field is deprecated in favor of has_stateful_config.' type: boolean perInstanceConfigs: description: '[Output Only] Status of per-instance configs on the instance.' properties: allEffective: description: A bit indicating if all of the group's per-instance configs (listed in the output of a listPerInstanceConfigs API call) have status `EFFECTIVE` or there are no per-instance-configs. type: boolean type: object type: object versionTarget: description: '[Output Only] A status of consistency of Instances'' versions with their target version specified by `version` field on Instance Group Manager.' properties: isReached: description: '[Output Only] A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances'' target version are specified by `version` field on Instance Group Manager.' type: boolean type: object type: object updatePolicy: properties: maxSurge: properties: calculated: description: '[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.' format: int64 type: integer type: object maxUnavailable: properties: calculated: description: '[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.' format: int64 type: integer type: object type: object zone: description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) where the managed instance group is located (for zonal resources).' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInstanceGroupNamedPort plural: computeinstancegroupnamedports shortNames: - gcpcomputeinstancegroupnamedport - gcpcomputeinstancegroupnamedports singular: computeinstancegroupnamedport preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: groupRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object port: description: Immutable. The port number, which can be a value between 1 and 65535. type: integer projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. The zone of the instance group. type: string required: - groupRef - port - projectRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeinstancegroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInstanceGroup plural: computeinstancegroups shortNames: - gcpcomputeinstancegroup - gcpcomputeinstancegroups singular: computeinstancegroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional textual description of the instance group. type: string instances: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array namedPort: description: The named port configuration. items: properties: name: description: The name which the port will be mapped to. type: string port: description: The port number to map the name to. type: integer required: - name - port type: object type: array networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. The zone that this instance group should be created in. type: string required: - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string size: description: The number of instances in the group. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeinstances.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInstance plural: computeinstances shortNames: - gcpcomputeinstance - gcpcomputeinstances singular: computeinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: anyOf: - required: - bootDisk - machineType - networkInterface - zone - required: - instanceTemplateRef - zone properties: advancedMachineFeatures: description: Controls for advanced machine-related behavior features. properties: enableNestedVirtualization: description: Whether to enable nested virtualization or not. type: boolean threadsPerCore: description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. type: integer visibleCoreCount: description: The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\'s nominal CPU count and the underlying platform\'s SMT width. type: integer type: object attachedDisk: description: List of disks attached to the instance. items: properties: deviceName: description: Name with which the attached disk is accessible under /dev/disk/by-id/. type: string diskEncryptionKeyRaw: description: A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object diskEncryptionKeySha256: description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string kmsKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object mode: description: Read/write mode for the disk. One of "READ_ONLY" or "READ_WRITE". type: string sourceDiskRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - sourceDiskRef type: object type: array bootDisk: description: Immutable. The boot disk for the instance. properties: autoDelete: description: Immutable. Whether the disk will be auto-deleted when the instance is deleted. type: boolean deviceName: description: Immutable. Name with which attached disk will be accessible under /dev/disk/by-id/. type: string diskEncryptionKeyRaw: description: Immutable. A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object diskEncryptionKeySha256: description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string initializeParams: description: Immutable. Parameters with which a disk was created alongside the instance. properties: labels: description: Immutable. A set of key/value label pairs assigned to the disk. type: object x-kubernetes-preserve-unknown-fields: true size: description: Immutable. The size of the image in gigabytes. type: integer sourceImageRef: description: Immutable. The image from which to initialize this disk. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: description: Immutable. The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced. type: string type: object kmsKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object mode: description: Immutable. Read/write mode for the disk. One of "READ_ONLY" or "READ_WRITE". type: string sourceDiskRef: description: Immutable. The source disk used to create this disk. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object canIpForward: description: Whether sending and receiving of packets with non-matching source or destination IPs is allowed. type: boolean confidentialInstanceConfig: description: Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create. properties: enableConfidentialCompute: description: Defines whether the instance should have confidential compute enabled. type: boolean required: - enableConfidentialCompute type: object deletionProtection: description: Whether deletion protection is enabled on this instance. type: boolean description: description: Immutable. A brief description of the resource. type: string desiredStatus: description: Desired status of the instance. Either "RUNNING" or "TERMINATED". type: string enableDisplay: description: Whether the instance has virtual displays enabled. type: boolean guestAccelerator: description: Immutable. List of the type and count of accelerator cards attached to the instance. items: properties: count: description: Immutable. The number of the guest accelerator cards exposed to this instance. type: integer type: description: Immutable. The accelerator type resource exposed to this instance. E.g. nvidia-tesla-k80. type: string required: - count - type type: object type: array hostname: description: Immutable. A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created. type: string instanceTemplateRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: The machine type to create. type: string metadata: items: properties: key: type: string value: type: string required: - key - value type: object type: array metadataStartupScript: description: Immutable. Metadata startup scripts made available within the instance. type: string minCpuPlatform: description: The minimum CPU platform specified for the VM instance. type: string networkInterface: description: Immutable. The networks attached to the instance. items: not: required: - networkIp - networkIpRef properties: accessConfig: description: Access configurations, i.e. IPs via which this instance can be accessed via the Internet. items: properties: natIpRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkTier: description: The networking tier used for configuring this instance. One of PREMIUM or STANDARD. type: string publicPtrDomainName: description: The DNS domain name for the public PTR record. type: string type: object type: array aliasIpRange: description: An array of alias IP ranges for this network interface. items: properties: ipCidrRange: description: The IP CIDR range represented by this alias IP range. type: string subnetworkRangeName: description: The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. type: string required: - ipCidrRange type: object type: array ipv6AccessConfig: description: An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. items: properties: externalIpv6: description: The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically. type: string externalIpv6PrefixLength: description: The prefix length of the external IPv6 range. type: string networkTier: description: The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6. type: string publicPtrDomainName: description: The domain name to be used when creating DNSv6 records for the external IPv6 ranges. type: string required: - networkTier type: object type: array ipv6AccessType: description: One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. type: string name: description: The name of the interface. type: string networkIp: description: DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` instead. type: string networkIpRef: oneOf: - not: required: - external required: - name - kind - not: anyOf: - required: - name - required: - namespace - required: - kind required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string kind: description: 'Kind of the referent. Allowed values: ComputeAddress' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nicType: description: Immutable. The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET. type: string queueCount: description: Immutable. The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. type: integer stackType: description: The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. type: string subnetworkProject: description: The project in which the subnetwork belongs. type: string subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array networkPerformanceConfig: description: Immutable. Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration. properties: totalEgressBandwidthTier: description: Immutable. The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT. type: string required: - totalEgressBandwidthTier type: object reservationAffinity: description: Immutable. Specifies the reservations that this instance can consume from. properties: specificReservation: description: Immutable. Specifies the label selector for the reservation to use. properties: key: description: Immutable. Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value. type: string values: description: Immutable. Corresponds to the label values of a reservation resource. items: type: string type: array required: - key - values type: object type: description: Immutable. The type of reservation from which this instance can consume resources. type: string required: - type type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourcePolicies: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array scheduling: description: The scheduling strategy being used by the instance. properties: automaticRestart: description: Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user). type: boolean instanceTerminationAction: description: Specifies the action GCE should take when SPOT VM is preempted. type: string maintenanceInterval: description: 'Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.' type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. properties: nanos: description: |- Immutable. Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Immutable. Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object minNodeCpus: type: integer nodeAffinities: items: properties: value: type: object x-kubernetes-preserve-unknown-fields: true type: object type: array onHostMaintenance: description: Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,. type: string preemptible: description: Immutable. Whether the instance is preemptible. type: boolean provisioningModel: description: Immutable. Whether the instance is spot. If this is set as SPOT. type: string type: object scratchDisk: description: Immutable. The scratch disks attached to the instance. items: properties: interface: description: The disk interface used for attaching this disk. One of SCSI or NVME. type: string size: description: Immutable. The size of the disk in gigabytes. One of 375 or 3000. type: integer required: - interface type: object type: array serviceAccount: description: The service account to attach to the instance. properties: scopes: description: A list of service scopes. items: type: string type: array serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - scopes type: object shieldedInstanceConfig: description: The shielded vm config being used by the instance. properties: enableIntegrityMonitoring: description: Whether integrity monitoring is enabled for the instance. type: boolean enableSecureBoot: description: Whether secure boot is enabled for the instance. type: boolean enableVtpm: description: Whether the instance uses vTPM. type: boolean type: object tags: description: The list of tags attached to the instance. items: type: string type: array zone: description: Immutable. The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array cpuPlatform: description: The CPU platform used by this instance. type: string currentStatus: description: "\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle)." type: string instanceId: description: The server-assigned unique identifier of this instance. type: string labelFingerprint: description: The unique fingerprint of the labels. type: string metadataFingerprint: description: The unique fingerprint of the metadata. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string tagsFingerprint: description: The unique fingerprint of the tags. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeinstancetemplates.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInstanceTemplate plural: computeinstancetemplates shortNames: - gcpcomputeinstancetemplate - gcpcomputeinstancetemplates singular: computeinstancetemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: advancedMachineFeatures: description: Immutable. Controls for advanced machine-related behavior features. properties: enableNestedVirtualization: description: Immutable. Whether to enable nested virtualization or not. type: boolean threadsPerCore: description: Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. type: integer visibleCoreCount: description: Immutable. The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\'s nominal CPU count and the underlying platform\'s SMT width. type: integer type: object canIpForward: description: Immutable. Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. type: boolean confidentialInstanceConfig: description: Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create. properties: enableConfidentialCompute: description: Immutable. Defines whether the instance should have confidential compute enabled. type: boolean required: - enableConfidentialCompute type: object description: description: Immutable. A brief description of this resource. type: string disk: description: Immutable. Disks to attach to instances created from this template. This can be specified multiple times for multiple disks. items: properties: autoDelete: description: Immutable. Whether or not the disk should be auto-deleted. This defaults to true. type: boolean boot: description: Immutable. Indicates that this is a boot disk. type: boolean deviceName: description: Immutable. A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk. type: string diskEncryptionKey: description: Immutable. Encrypts or decrypts a disk using a customer-supplied encryption key. properties: kmsKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeyRef type: object diskName: description: Immutable. Name of the disk. When not provided, this defaults to the name of the instance. type: string diskSizeGb: description: Immutable. The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB. type: integer diskType: description: Immutable. The Google Compute Engine disk type. Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". type: string interface: description: Immutable. Specifies the disk interface to use for attaching this disk. type: string labels: additionalProperties: type: string description: Immutable. A set of key/value label pairs to assign to disks,. type: object mode: description: Immutable. The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. type: string resourcePolicies: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sourceDiskRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceImageEncryptionKey: description: |- Immutable. The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys. properties: kmsKeySelfLinkRef: description: |- The self link of the encryption key that is stored in Google Cloud KMS. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeySelfLinkRef type: object sourceImageRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sourceSnapshotEncryptionKey: description: Immutable. The customer-supplied encryption key of the source snapshot. properties: kmsKeySelfLinkRef: description: |- The self link of the encryption key that is stored in Google Cloud KMS. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeySelfLinkRef type: object sourceSnapshotRef: description: |- The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot, initializeParams.sourceImage, or disks.source is required except for local SSD. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: description: Immutable. The type of Google Compute Engine disk, can be either "SCRATCH" or "PERSISTENT". type: string type: object type: array enableDisplay: description: 'Immutable. Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true in order to update this field.' type: boolean guestAccelerator: description: Immutable. List of the type and count of accelerator cards attached to the instance. items: properties: count: description: Immutable. The number of the guest accelerator cards exposed to this instance. type: integer type: description: Immutable. The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. type: string required: - count - type type: object type: array instanceDescription: description: Immutable. A description of the instance. type: string machineType: description: Immutable. The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM. type: string metadata: items: properties: key: type: string value: type: string required: - key - value type: object type: array metadataStartupScript: description: Immutable. An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously. type: string minCpuPlatform: description: Immutable. Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake. type: string namePrefix: description: Immutable. Creates a unique name beginning with the specified prefix. Conflicts with name. type: string networkInterface: description: Immutable. Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. items: properties: accessConfig: items: properties: natIpRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkTier: description: 'Immutable. The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.' type: string publicPtrDomainName: description: The DNS domain name for the public PTR record.The DNS domain name for the public PTR record. type: string type: object type: array aliasIpRange: description: Immutable. An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. items: properties: ipCidrRange: description: Immutable. The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error. type: string subnetworkRangeName: description: Immutable. The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. type: string required: - ipCidrRange type: object type: array ipv6AccessConfig: description: An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. items: properties: externalIpv6: description: The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically. type: string externalIpv6PrefixLength: description: The prefix length of the external IPv6 range. type: string networkTier: description: The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6. type: string publicPtrDomainName: description: The domain name to be used when creating DNSv6 records for the external IPv6 ranges. type: string required: - networkTier type: object type: array ipv6AccessType: description: One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. type: string name: description: The name of the network_interface. type: string networkIp: description: Immutable. The private IP address to assign to the instance. If empty, the address will be automatically assigned. type: string networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nicType: description: Immutable. The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET. type: string queueCount: description: Immutable. The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. type: integer stackType: description: The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. type: string subnetworkProject: description: Immutable. The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. type: string subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array networkPerformanceConfig: description: Immutable. Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration. properties: totalEgressBandwidthTier: description: Immutable. The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT. type: string required: - totalEgressBandwidthTier type: object region: description: Immutable. An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given. type: string reservationAffinity: description: Immutable. Specifies the reservations that this instance can consume from. properties: specificReservation: description: Immutable. Specifies the label selector for the reservation to use. properties: key: description: Immutable. Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value. type: string values: description: Immutable. Corresponds to the label values of a reservation resource. items: type: string type: array required: - key - values type: object type: description: Immutable. The type of reservation from which this instance can consume resources. type: string required: - type type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourcePolicies: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array scheduling: description: Immutable. The scheduling strategy to use. properties: automaticRestart: description: Immutable. Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. type: boolean instanceTerminationAction: description: Immutable. Specifies the action GCE should take when SPOT VM is preempted. type: string maintenanceInterval: description: 'Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.' type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. properties: nanos: description: |- Immutable. Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Immutable. Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: integer required: - seconds type: object minNodeCpus: description: Minimum number of cpus for the instance. type: integer nodeAffinities: items: properties: value: type: object x-kubernetes-preserve-unknown-fields: true type: object type: array onHostMaintenance: description: Immutable. Defines the maintenance behavior for this instance. type: string preemptible: description: Immutable. Allows instance to be preempted. This defaults to false. type: boolean provisioningModel: description: Immutable. Whether the instance is spot. If this is set as SPOT. type: string type: object serviceAccount: description: Immutable. Service account to attach to the instance. properties: scopes: description: Immutable. A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope. items: type: string type: array serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - scopes type: object shieldedInstanceConfig: description: 'Immutable. Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.' properties: enableIntegrityMonitoring: description: Immutable. Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true. type: boolean enableSecureBoot: description: Immutable. Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false. type: boolean enableVtpm: description: Immutable. Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true. type: boolean type: object tags: description: Immutable. Tags to attach to the instance. items: type: string type: array required: - disk - machineType type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array metadataFingerprint: description: The unique fingerprint of the metadata. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string selfLinkUnique: description: A special URI of the created resource that uniquely identifies this instance template. type: string tagsFingerprint: description: The unique fingerprint of the tags. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeinterconnectattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeInterconnectAttachment plural: computeinterconnectattachments shortNames: - gcpcomputeinterconnectattachment - gcpcomputeinterconnectattachments singular: computeinterconnectattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: adminEnabled: description: |- Whether the VLAN attachment is enabled or disabled. When using PARTNER type this will Pre-Activate the interconnect attachment. type: boolean bandwidth: description: |- Provisioned bandwidth capacity for the interconnect attachment. For attachments of type DEDICATED, the user can set the bandwidth. For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. type: string candidateSubnets: description: |- Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment. All prefixes must be within link-local address space (169.254.0.0/16) and must be /29 or shorter (/28, /27, etc). Google will attempt to select an unused /29 from the supplied candidate prefix(es). The request will fail if all possible /29s are in use on Google's edge. If not supplied, Google will randomly select an unused /29 from all of link-local space. items: type: string type: array description: description: An optional description of this resource. type: string edgeAvailabilityDomain: description: |- Immutable. Desired availability domain for the attachment. Only available for type PARTNER, at creation time. For improved reliability, customers should configure a pair of attachments with one per availability domain. The selected availability domain will be provided to the Partner via the pairing key so that the provisioned circuit will lie in the specified domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. type: string encryption: description: |- Immutable. Indicates the user-supplied encryption option of this interconnect attachment. Can only be specified at attachment creation for PARTNER or DEDICATED attachments. * NONE - This is the default value, which means that the VLAN attachment carries unencrypted traffic. VMs are able to send traffic to, or receive traffic from, such a VLAN attachment. * IPSEC - The VLAN attachment carries only encrypted traffic that is encrypted by an IPsec device, such as an HA VPN gateway or third-party IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. type: string interconnect: description: |- Immutable. URL of the underlying Interconnect object that this attachment's traffic will traverse through. Required if type is DEDICATED, must not be set if type is PARTNER. type: string ipsecInternalAddresses: items: description: |- Immutable. The addresses that have been reserved for the interconnect attachment. Used only for interconnect attachment that has the encryption option as IPSEC. The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway over the interconnect attachment, if the attachment is configured to use an RFC 1918 IP address, then the VPN gateway's IP address will be allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this interconnect attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this interconnect attachment. If this field is not specified for interconnect attachment that has encryption option as IPSEC, later on when creating HA VPN gateway on this interconnect attachment, the HA VPN gateway's IP address will be allocated from regional external IP address pool. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array mtu: description: |- Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. type: string region: description: Region where the regional interconnect attachment resides. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerRef: description: |- The Cloud Router to be used for dynamic routing. This router must be in the same region as this ComputeInterconnectAttachment. The ComputeInterconnectAttachment will automatically connect the interconnect to the network & region within which the Cloud Router is configured. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeRouter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: description: |- Immutable. The type of InterconnectAttachment you wish to create. Defaults to DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. type: string vlanTag8021q: description: |- Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When using PARTNER type this will be managed upstream. type: integer required: - region - routerRef type: object status: properties: cloudRouterIpAddress: description: |- IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string customerRouterIpAddress: description: |- IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment. type: string googleReferenceId: description: |- Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer pairingKey: description: |- [Output only for type PARTNER. Not present for DEDICATED]. The opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. Of the form "XXXXX/region/domain". type: string partnerAsn: description: |- [Output only for type PARTNER. Not present for DEDICATED]. Optional BGP ASN for the router that should be supplied by a layer 3 Partner if they configured BGP on behalf of the customer. type: string privateInterconnectInfo: description: |- Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED. properties: tag8021q: description: |- 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region. type: integer type: object selfLink: type: string state: description: '[Output Only] The current state of this attachment''s functionality.' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computemachineimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeMachineImage plural: computemachineimages shortNames: - gcpcomputemachineimage - gcpcomputemachineimages singular: computemachineimage preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. A text description of the resource. type: string guestFlush: description: |- Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). type: boolean machineImageEncryptionKey: description: |- Immutable. Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image with a customer-supplied key, you must provide the same key if you use the machine image later (e.g. to create a instance from the image). properties: kmsKeyName: description: Immutable. The name of the encryption key that is stored in Google Cloud KMS. type: string kmsKeyServiceAccount: description: |- Immutable. The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. type: string rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. type: string sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceInstanceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - projectRef - sourceInstanceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string storageLocations: description: The regional or multi-regional Cloud Storage bucket location where the machine image is stored. items: type: string type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computemanagedsslcertificates.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeManagedSSLCertificate plural: computemanagedsslcertificates shortNames: - gcpcomputemanagedsslcertificate - gcpcomputemanagedsslcertificates singular: computemanagedsslcertificate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: certificateId: description: The unique identifier for the resource. type: integer description: description: Immutable. An optional description of this resource. type: string managed: description: |- Immutable. Properties relevant to a managed certificate. These will be used if the certificate is managed (as indicated by a value of 'MANAGED' in 'type'). properties: domains: description: |- Immutable. Domains for which a managed SSL certificate will be valid. Currently, there can be up to 100 domains in this list. items: type: string type: array required: - domains type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: |- Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string expireTime: description: Expire time of the certificate in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string subjectAlternativeNames: description: Domains associated with the certificate via Subject Alternative Name. items: type: string type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNetworkEndpointGroup plural: computenetworkendpointgroups shortNames: - gcpcomputenetworkendpointgroup - gcpcomputenetworkendpointgroups singular: computenetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: defaultPort: description: |- Immutable. The default port used if the port number is not specified in the network endpoint. type: integer description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string location: description: 'Location represents the geographical location of the ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string networkEndpointType: description: |- Immutable. Type of network endpoints in this network endpoint group. NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or CONNECTION balancing modes. Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. type: string networkRef: description: |- The network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subnetworkRef: description: Optional subnetwork to which all network endpoints in the NEG belong. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location - networkRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string size: description: Number of network endpoints in the network endpoint group. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNetworkEndpoint plural: computenetworkendpoints shortNames: - gcpcomputenetworkendpoint - gcpcomputenetworkendpoints singular: computenetworkendpoint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: instanceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object ipAddress: description: |- Immutable. IPv4 address of network endpoint. The IP address must belong to a VM in GCE (either the primary IP or as part of an aliased IP range). type: string networkEndpointGroupRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. Zone where the containing network endpoint group is located. type: string required: - ipAddress - networkEndpointGroupRef - projectRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNetworkPeeringRoutesConfig plural: computenetworkpeeringroutesconfigs shortNames: - gcpcomputenetworkpeeringroutesconfig - gcpcomputenetworkpeeringroutesconfigs singular: computenetworkpeeringroutesconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: exportCustomRoutes: description: Whether to export the custom routes to the peer network. type: boolean importCustomRoutes: description: Whether to import the custom routes to the peer network. type: boolean networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The peering of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - exportCustomRoutes - importCustomRoutes - networkRef - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenetworkpeerings.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNetworkPeering plural: computenetworkpeerings shortNames: - gcpcomputenetworkpeering - gcpcomputenetworkpeerings singular: computenetworkpeering preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: exportCustomRoutes: description: Whether to export the custom routes to the peer network. Defaults to false. type: boolean exportSubnetRoutesWithPublicIp: description: Immutable. type: boolean importCustomRoutes: description: Whether to export the custom routes from the peer network. Defaults to false. type: boolean importSubnetRoutesWithPublicIp: description: Immutable. type: boolean networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object peerNetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string stackType: description: 'Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: ["IPV4_ONLY", "IPV4_IPV6"].' type: string required: - networkRef - peerNetworkRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network. type: string stateDetails: description: Details about the current state of the peering. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenetworks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNetwork plural: computenetworks shortNames: - gcpcomputenetwork - gcpcomputenetworks singular: computenetwork preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoCreateSubnetworks: description: |- Immutable. When set to 'true', the network is created in "auto subnet mode" and it will create a subnet for each region automatically across the '10.128.0.0/9' address range. When set to 'false', the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources. type: boolean deleteDefaultRoutesOnCreate: description: |- If set to 'true', default routes ('0.0.0.0/0') will be deleted immediately after network creation. Defaults to 'false'. type: boolean description: description: |- Immutable. An optional description of this resource. The resource must be recreated to modify this field. type: string enableUlaInternalIpv6: description: |- Immutable. Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. type: boolean internalIpv6Range: description: |- Immutable. When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. type: string mtu: description: |- Immutable. Maximum Transmission Unit in bytes. The default value is 1460 bytes. The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped with an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs with varying MTUs. type: integer networkFirewallPolicyEnforcementOrder: description: 'Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", "AFTER_CLASSIC_FIREWALL"].' type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routingMode: description: |- The network-wide routing mode to use. If set to 'REGIONAL', this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to 'GLOBAL', this network's cloud routers will advertise routes with all subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array gatewayIpv4: description: |- The gateway address for default routing out of the network. This value is selected by GCP. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenodegroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNodeGroup plural: computenodegroups shortNames: - gcpcomputenodegroup - gcpcomputenodegroups singular: computenodegroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoscalingPolicy: description: |- Immutable. If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups. properties: maxNodes: description: |- Immutable. Maximum size of the node group. Set to a value less than or equal to 100 and greater than or equal to min-nodes. type: integer minNodes: description: |- Immutable. Minimum size of the node group. Must be less than or equal to max-nodes. The default value is 0. type: integer mode: description: |- Immutable. The autoscaling mode. Set to one of the following: - OFF: Disables the autoscaler. - ON: Enables scaling in and scaling out. - ONLY_SCALE_OUT: Enables only scaling out. You must use this mode if your node groups are configured to restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. type: string type: object description: description: Immutable. An optional textual description of the resource. type: string initialSize: description: Immutable. The initial number of nodes in the node group. One of 'initial_size' or 'size' must be specified. type: integer maintenancePolicy: description: 'Immutable. Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.' type: string maintenanceWindow: description: Immutable. contains properties for the timeframe of maintenance. properties: startTime: description: Immutable. instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid. type: string required: - startTime type: object nodeTemplateRef: description: The node template to which this node group belongs. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string shareSettings: description: Immutable. Share settings for the node group. properties: projectMap: description: Immutable. A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. items: properties: idRef: description: The key of this project config in the parent map. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectIdRef: description: |- The project id/number should be the same as the key of this project config in the project map. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - idRef - projectIdRef type: object type: array shareType: description: 'Immutable. Node group sharing type. Possible values: ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' type: string required: - shareType type: object size: description: Immutable. The total number of nodes in the node group. One of 'initial_size' or 'size' must be specified. type: integer zone: description: Immutable. Zone where this node group is located. type: string required: - nodeTemplateRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computenodetemplates.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeNodeTemplate plural: computenodetemplates shortNames: - gcpcomputenodetemplate - gcpcomputenodetemplates singular: computenodetemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cpuOvercommitType: description: 'Immutable. CPU overcommit. Default value: "NONE" Possible values: ["ENABLED", "NONE"].' type: string description: description: Immutable. An optional textual description of the resource. type: string nodeType: description: |- Immutable. Node type to use for nodes group that are created from this template. Only one of nodeTypeFlexibility and nodeType can be specified. type: string nodeTypeFlexibility: description: |- Immutable. Flexible properties for the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. Only one of nodeTypeFlexibility and nodeType can be specified. properties: cpus: description: Immutable. Number of virtual CPUs to use. type: string localSsd: description: Use local SSD. type: string memory: description: Immutable. Physical memory available to the node, defined in MB. type: string type: object region: description: |- Immutable. Region where nodes using the node template will be created. If it is not provided, the provider region is used. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serverBinding: description: |- Immutable. The server binding policy for nodes using this template. Determines where the nodes should restart following a maintenance event. properties: type: description: |- Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', nodes using this template will restart on any physical server following a maintenance event. If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template will restart on the same physical server following a maintenance event, instead of being live migrated to or restarted on a new physical server. This option may be useful if you are using software licenses tied to the underlying server characteristics such as physical sockets or cores, to avoid the need for additional licenses when maintenance occurs. However, VMs on such nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. type: string required: - type type: object required: - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeOrganizationSecurityPolicy plural: computeorganizationsecuritypolicies shortNames: - gcpcomputeorganizationsecuritypolicy - gcpcomputeorganizationsecuritypolicies singular: computeorganizationsecuritypolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A textual description for the organization security policy. type: string displayName: description: Immutable. A textual name of the security policy. type: string parent: description: |- Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}. type: string resourceID: description: Immutable. Optional. The policyId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: |- Immutable. The type indicates the intended use of the security policy. For organization security policies, the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. type: string required: - displayName - parent type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array fingerprint: description: |- Fingerprint of this resource. This field is used internally during updates of this resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer policyId: description: The unique identifier for the resource. This identifier is defined by the server. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeOrganizationSecurityPolicyAssociation plural: computeorganizationsecuritypolicyassociations shortNames: - gcpcomputeorganizationsecuritypolicyassociation - gcpcomputeorganizationsecuritypolicyassociations singular: computeorganizationsecuritypolicyassociation preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attachmentId: description: Immutable. The resource that the security policy is attached to. type: string policyId: description: Immutable. The security policy ID of the association. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - attachmentId - policyId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array displayName: description: The display name of the security policy of the association. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeOrganizationSecurityPolicyRule plural: computeorganizationsecuritypolicyrules shortNames: - gcpcomputeorganizationsecuritypolicyrule - gcpcomputeorganizationsecuritypolicyrules singular: computeorganizationsecuritypolicyrule preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: action: description: |- The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next". type: string description: description: A description of the rule. type: string direction: description: 'The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' type: string enableLogging: description: |- Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. type: boolean match: description: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. properties: config: description: The configuration options for matching the rule. properties: destIpRanges: description: |- Destination IP address range in CIDR format. Required for EGRESS rules. items: type: string type: array layer4Config: description: Pairs of IP protocols and ports that the rule should match. items: properties: ipProtocol: description: |- The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. type: string ports: description: |- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. items: type: string type: array required: - ipProtocol type: object type: array srcIpRanges: description: |- Source IP address range in CIDR format. Required for INGRESS rules. items: type: string type: array required: - layer4Config type: object description: description: A description of the rule. type: string versionedExpr: description: |- Preconfigured versioned expression. For organization security policy rules, the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. type: string required: - config type: object policyId: description: Immutable. The ID of the OrganizationSecurityPolicy this rule applies to. type: string preview: description: If set to true, the specified action is not enforced. type: boolean resourceID: description: Immutable. Optional. The priority of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string targetResources: description: |- A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. items: type: string type: array targetServiceAccounts: description: |- A list of service accounts indicating the sets of instances that are applied with this rule. items: type: string type: array required: - action - match - policyId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computepacketmirrorings.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputePacketMirroring plural: computepacketmirrorings shortNames: - gcpcomputepacketmirroring - gcpcomputepacketmirrorings singular: computepacketmirroring preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: collectorIlb: description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` that will be used as collector for mirrored traffic. The specified forwarding rule must have `isMirroringCollector` set to true. properties: urlRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - urlRef type: object description: description: An optional description of this resource. Provide this property when you create the resource. type: string enable: description: Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE. type: string filter: description: Filter for mirrored traffic. If unspecified, all traffic is mirrored. properties: cidrRanges: description: IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored. items: type: string type: array direction: description: Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH. type: string ipProtocols: description: Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored. items: type: string type: array type: object location: description: Immutable. The location for the resource type: string mirroredResources: description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored. properties: instances: description: A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances. items: properties: canonicalUrl: description: Immutable. Output only. Unique identifier for the instance; defined by the server. type: string urlRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Resource URL to the virtual machine instance which is being mirrored. Allowed value: The `selfLink` field of a `ComputeInstance` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array subnetworks: description: Immutable. A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks. items: properties: canonicalUrl: description: Immutable. Output only. Unique identifier for the subnetwork; defined by the server. type: string urlRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array tags: description: A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored. items: type: string type: array type: object network: description: Immutable. Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network. properties: urlRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- URL of the network resource. Allowed value: The `selfLink` field of a `ComputeNetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - urlRef type: object priority: description: The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535. format: int64 type: integer projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - collectorIlb - location - mirroredResources - network - projectRef type: object status: properties: collectorIlb: properties: canonicalUrl: description: Output only. Unique identifier for the forwarding rule; defined by the server. type: string type: object conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array id: description: Output only. The unique identifier for the resource. This identifier is defined by the server. format: int64 type: integer network: properties: canonicalUrl: description: Output only. Unique identifier for the network; defined by the server. type: string type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer region: description: URI of the region where the packetMirroring resides. type: string selfLink: description: Server-defined URL for the resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeperinstanceconfigs.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputePerInstanceConfig plural: computeperinstanceconfigs shortNames: - gcpcomputeperinstanceconfig - gcpcomputeperinstanceconfigs singular: computeperinstanceconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: instanceGroupManagerRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object minimalAction: description: |- The minimal action to perform on the instance during an update. Default is 'NONE'. Possible values are: * REPLACE * RESTART * REFRESH * NONE. type: string mostDisruptiveAllowedAction: description: |- The most disruptive action to perform on the instance during an update. Default is 'REPLACE'. Possible values are: * REPLACE * RESTART * REFRESH * NONE. type: string preservedState: description: The preserved state for this instance. properties: disk: description: Stateful disks for the instance. items: properties: deleteRule: description: |- A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. type: string deviceName: description: A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. type: string mode: description: 'The mode of the disk. Default value: "READ_WRITE" Possible values: ["READ_ONLY", "READ_WRITE"].' type: string source: description: |- The URI of an existing persistent disk to attach under the specified device-name in the format 'projects/project-id/zones/zone/disks/disk-name'. type: string required: - deviceName - source type: object type: array externalIp: description: Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. items: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' type: string interfaceName: type: string ipAddress: description: Ip address representation. properties: address: description: The URL of the reservation for this IP address. type: string type: object required: - interfaceName type: object type: array internalIp: description: Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. items: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' type: string interfaceName: type: string ipAddress: description: Ip address representation. properties: address: description: The URL of the reservation for this IP address. type: string type: object required: - interfaceName type: object type: array metadata: additionalProperties: type: string description: Preserved metadata defined for this instance. This is a list of key->value pairs. type: object type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. When false, deleting this config will *not* immediately remove any state from the underlying instance. State will be removed on the next instance recreation or update. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. Zone where the containing instance group manager is located. type: string required: - instanceGroupManagerRef - projectRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeprojectmetadatas.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeProjectMetadata plural: computeprojectmetadatas shortNames: - gcpcomputeprojectmetadata - gcpcomputeprojectmetadatas singular: computeprojectmetadata preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: metadata: additionalProperties: type: string description: A series of key value pairs. type: object required: - metadata type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeregionautoscalers.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRegionAutoscaler plural: computeregionautoscalers shortNames: - gcpcomputeregionautoscaler - gcpcomputeregionautoscalers singular: computeregionautoscaler preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoscalingPolicy: description: |- The configuration parameters for the autoscaling algorithm. You can define one or more of the policies for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization. If none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%. properties: cooldownPeriod: description: |- The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process. type: integer cpuUtilization: description: |- Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group. properties: predictiveMethod: description: |- Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. type: string target: description: |- The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization. type: number required: - target type: object loadBalancingUtilization: description: Configuration parameters of autoscaling based on a load balancer. properties: target: description: |- Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8. type: number required: - target type: object maxReplicas: description: |- The maximum number of instances that the autoscaler can scale up to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas. type: integer metric: description: Configuration parameters of autoscaling based on a custom metric. items: properties: filter: description: |- A filter string to be used as the filter string for a Stackdriver Monitoring TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. You can only use the AND operator for joining selectors. You can only use direct equality comparison operator (=) without any functions for each selector. You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a per-group metric for the purpose of autoscaling. If not specified, the type defaults to gce_instance. You should provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value. type: string name: description: |- The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE. type: string singleInstanceAssignment: description: |- If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. The autoscaler will keep the number of instances proportional to the value of this metric, the metric itself should not change value due to group resizing. For example, a good metric to use with the target is 'pubsub.googleapis.com/subscription/num_undelivered_messages' or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead. type: number target: description: |- The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilizationTarget is www.googleapis.com/compute/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances. type: number type: description: |- Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. type: string required: - name type: object type: array minReplicas: description: |- The minimum number of replicas that the autoscaler can scale down to. This cannot be less than 0. If not provided, autoscaler will choose a default value depending on maximum number of instances allowed. type: integer mode: description: 'Defines operating mode for this policy. Default value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' type: string scaleDownControl: description: |- Defines scale down controls to reduce the risk of response latency and outages due to abrupt scale-in events. properties: maxScaledDownReplicas: description: A nested object resource. properties: fixed: description: |- Specifies a fixed number of VM instances. This must be a positive integer. type: integer percent: description: |- Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. type: integer type: object timeWindowSec: description: |- How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. type: integer type: object scaleInControl: description: |- Defines scale in controls to reduce the risk of response latency and outages due to abrupt scale-in events. properties: maxScaledInReplicas: description: A nested object resource. properties: fixed: description: |- Specifies a fixed number of VM instances. This must be a positive integer. type: integer percent: description: |- Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. type: integer type: object timeWindowSec: description: |- How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. type: integer type: object scalingSchedules: description: Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. items: properties: description: description: A description of a scaling schedule. type: string disabled: description: A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. type: boolean durationSec: description: The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. type: integer minRequiredReplicas: description: Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. type: integer name: type: string schedule: description: The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). type: string timeZone: description: 'The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' type: string required: - durationSec - minRequiredReplicas - name - schedule type: object type: array required: - maxReplicas - minReplicas type: object description: description: An optional description of this resource. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. URL of the region where the instance group resides. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string target: description: URL of the managed instance group that this autoscaler will scale. type: string required: - autoscalingPolicy - projectRef - region - target type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRegionDiskResourcePolicyAttachment plural: computeregiondiskresourcepolicyattachments shortNames: - gcpcomputeregiondiskresourcepolicyattachment - gcpcomputeregiondiskresourcepolicyattachments singular: computeregiondiskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: diskRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. A reference to the region where the disk resides. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - diskRef - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRegionNetworkEndpointGroup plural: computeregionnetworkendpointgroups shortNames: - gcpcomputeregionnetworkendpointgroup - gcpcomputeregionnetworkendpointgroups singular: computeregionnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cloudFunction: description: |- Immutable. Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. properties: functionRef: description: |- Immutable. A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: "func1". oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object urlMask: description: |- Immutable. A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" can be backed by the same Serverless NEG with URL mask "/". The URL mask will parse them to { function = "function1" } and { function = "function2" } respectively. type: string type: object cloudRun: description: |- Immutable. Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. properties: serviceRef: description: |- Immutable. Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: "run-service". oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `RunService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tag: description: |- Immutable. Cloud Run tag represents the "named-revision" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: "revision-0010". type: string urlMask: description: |- Immutable. A template to parse service and tag fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" an be backed by the same Serverless Network Endpoint Group (NEG) with URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } and { service="bar2", tag="foo2" } respectively. type: string type: object description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string networkEndpointType: description: 'Immutable. Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' type: string networkRef: description: |- Immutable. This field is only used for PSC. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object pscTargetService: description: |- Immutable. The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. type: string region: description: Immutable. A reference to the region where the Serverless NEGs Reside. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subnetworkRef: description: |- Immutable. This field is only used for PSC. Optional URL of the subnetwork to which all network endpoints in the NEG belong. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRegionPerInstanceConfig plural: computeregionperinstanceconfigs shortNames: - gcpcomputeregionperinstanceconfig - gcpcomputeregionperinstanceconfigs singular: computeregionperinstanceconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: minimalAction: description: |- The minimal action to perform on the instance during an update. Default is 'NONE'. Possible values are: * REPLACE * RESTART * REFRESH * NONE. type: string mostDisruptiveAllowedAction: description: |- The most disruptive action to perform on the instance during an update. Default is 'REPLACE'. Possible values are: * REPLACE * RESTART * REFRESH * NONE. type: string preservedState: description: The preserved state for this instance. properties: disk: description: Stateful disks for the instance. items: properties: deleteRule: description: |- A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. type: string deviceName: description: A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. type: string mode: description: 'The mode of the disk. Default value: "READ_WRITE" Possible values: ["READ_ONLY", "READ_WRITE"].' type: string source: description: |- The URI of an existing persistent disk to attach under the specified device-name in the format 'projects/project-id/zones/zone/disks/disk-name'. type: string required: - deviceName - source type: object type: array externalIp: description: Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. items: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' type: string interfaceName: type: string ipAddress: description: Ip address representation. properties: address: description: The URL of the reservation for this IP address. type: string type: object required: - interfaceName type: object type: array internalIp: description: Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. items: properties: autoDelete: description: 'These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' type: string interfaceName: type: string ipAddress: description: Ip address representation. properties: address: description: The URL of the reservation for this IP address. type: string type: object required: - interfaceName type: object type: array metadata: additionalProperties: type: string description: Preserved metadata defined for this instance. This is a list of key->value pairs. type: object type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. Region where the containing instance group manager is located. type: string regionInstanceGroupManagerRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object removeInstanceStateOnDestroy: description: |- When true, deleting this config will immediately remove any specified state from the underlying instance. When false, deleting this config will *not* immediately remove any state from the underlying instance. State will be removed on the next instance recreation or update. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef - region - regionInstanceGroupManagerRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computereservations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeReservation plural: computereservations shortNames: - gcpcomputereservation - gcpcomputereservations singular: computereservation preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string specificReservation: description: Reservation for instances with specific machine shapes. properties: count: description: The number of resources that are allocated. type: integer inUseCount: description: How many instances are in use. type: integer instanceProperties: description: Immutable. The instance properties for the reservation. properties: guestAccelerators: description: Immutable. Guest accelerator type and count. items: properties: acceleratorCount: description: |- Immutable. The number of the guest accelerator cards exposed to this instance. type: integer acceleratorType: description: |- Immutable. The full or partial URL of the accelerator type to attach to this instance. For example: 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' If you are creating an instance template, specify only the accelerator name. type: string required: - acceleratorCount - acceleratorType type: object type: array localSsds: description: |- Immutable. The amount of local ssd to reserve with each instance. This reserves disks of type 'local-ssd'. items: properties: diskSizeGb: description: Immutable. The size of the disk in base-2 GB. type: integer interface: description: 'Immutable. The disk interface to use for attaching this disk. Default value: "SCSI" Possible values: ["SCSI", "NVME"].' type: string required: - diskSizeGb type: object type: array machineType: description: Immutable. The name of the machine type to reserve. type: string minCpuPlatform: description: |- Immutable. The minimum CPU platform for the reservation. For example, '"Intel Skylake"'. See the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) for information on available CPU platforms. type: string required: - machineType type: object required: - count - instanceProperties type: object specificReservationRequired: description: |- Immutable. When set to true, only VMs that target this reservation by name can consume this reservation. Otherwise, it can be consumed by VMs with affinity for any reservation. Defaults to false. type: boolean zone: description: Immutable. The zone where the reservation is made. type: string required: - specificReservation - zone type: object status: properties: commitment: description: |- Full or partial URL to a parent commitment. This field displays for reservations that are tied to a commitment. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string status: description: The status of the reservation. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeresourcepolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeResourcePolicy plural: computeresourcepolicies shortNames: - gcpcomputeresourcepolicy - gcpcomputeresourcepolicies singular: computeresourcepolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. Provide this property when you create the resource. type: string diskConsistencyGroupPolicy: description: Immutable. Replication consistency group for asynchronous disk replication. properties: enabled: description: Immutable. Enable disk consistency on the resource policy. type: boolean required: - enabled type: object groupPlacementPolicy: description: Immutable. Resource policy for instances used for placement configuration. properties: availabilityDomainCount: description: |- Immutable. The number of availability domains instances will be spread across. If two instances are in different availability domain, they will not be put in the same low latency network. type: integer collocation: description: |- Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]. type: string maxDistance: description: Immutable. Specifies the number of max logical switches. type: integer vmCount: description: |- Immutable. Number of VMs in this placement group. Google does not recommend that you use this field unless you use a compact policy and you want your policy to work only if it contains this exact number of VMs. type: integer type: object instanceSchedulePolicy: description: Immutable. Resource policy for scheduling instance operations. properties: expirationTime: description: Immutable. The expiration time of the schedule. The timestamp is an RFC3339 string. type: string startTime: description: Immutable. The start time of the schedule. The timestamp is an RFC3339 string. type: string timeZone: description: |- Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. type: string vmStartSchedule: description: Immutable. Specifies the schedule for starting instances. properties: schedule: description: Immutable. Specifies the frequency for the operation, using the unix-cron format. type: string required: - schedule type: object vmStopSchedule: description: Immutable. Specifies the schedule for stopping instances. properties: schedule: description: Immutable. Specifies the frequency for the operation, using the unix-cron format. type: string required: - schedule type: object required: - timeZone type: object region: description: Immutable. Region where resource policy resides. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string snapshotSchedulePolicy: description: Immutable. Policy for creating snapshots of persistent disks. properties: retentionPolicy: description: Immutable. Retention policy applied to snapshots created by this resource policy. properties: maxRetentionDays: description: Immutable. Maximum age of the snapshot that is allowed to be kept. type: integer onSourceDiskDelete: description: |- Immutable. Specifies the behavior to apply to scheduled snapshots when the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. type: string required: - maxRetentionDays type: object schedule: description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'. properties: dailySchedule: description: Immutable. The policy will execute every nth day at the specified time. properties: daysInCycle: description: Immutable. The number of days between snapshots. type: integer startTime: description: |- Immutable. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid. type: string required: - daysInCycle - startTime type: object hourlySchedule: description: Immutable. The policy will execute every nth hour starting at the specified time. properties: hoursInCycle: description: Immutable. The number of hours between snapshots. type: integer startTime: description: |- Immutable. Time within the window to start the operations. It must be in an hourly format "HH:MM", where HH : [00-23] and MM : [00] GMT. eg: 21:00. type: string required: - hoursInCycle - startTime type: object weeklySchedule: description: Immutable. Allows specifying a snapshot time for each day of the week. properties: dayOfWeeks: description: Immutable. May contain up to seven (one for each day of the week) snapshot times. items: properties: day: description: 'Immutable. The day of the week to create the snapshot. e.g. MONDAY Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' type: string startTime: description: |- Immutable. Time within the window to start the operations. It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. type: string required: - day - startTime type: object type: array required: - dayOfWeeks type: object type: object snapshotProperties: description: Immutable. Properties with which the snapshots are created, such as labels. properties: chainName: description: |- Immutable. Creates the new snapshot in the snapshot chain labeled with the specified name. The chain name must be 1-63 characters long and comply with RFC1035. type: string guestFlush: description: Immutable. Whether to perform a 'guest aware' snapshot. type: boolean labels: additionalProperties: type: string description: Immutable. A set of key-value pairs. type: object storageLocations: description: |- Immutable. Cloud Storage bucket location to store the auto snapshot (regional or multi-regional). items: type: string type: array type: object required: - schedule type: object required: - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computerouterinterfaces.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRouterInterface plural: computerouterinterfaces shortNames: - gcpcomputerouterinterface - gcpcomputerouterinterfaces singular: computerouterinterface preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: interconnectAttachmentRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object ipRange: description: Immutable. The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created. type: string privateIpAddressRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object redundantInterfaceRef: description: The interface the BGP peer is associated with. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRouterInterface` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRouter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object vpnTunnelRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - region - routerRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computerouternats.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRouterNAT plural: computerouternats shortNames: - gcpcomputerouternat - gcpcomputerouternats singular: computerouternat preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: drainNatIps: items: description: |- A list of IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array enableDynamicPortAllocation: description: |- Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping. type: boolean enableEndpointIndependentMapping: description: |- Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). type: boolean icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. type: integer logConfig: description: Configuration for logging on NAT. properties: enable: description: Indicates whether or not to export logs. type: boolean filter: description: 'Specifies the desired filtering of logs on this NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' type: string required: - enable - filter type: object maxPortsPerVm: description: |- Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled. type: integer minPortsPerVm: description: Minimum number of ports allocated to a VM from this NAT. type: integer natIpAllocateOption: description: |- How external IPs should be allocated for this NAT. Valid values are 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. type: string natIps: items: description: NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array region: description: Immutable. Region where the router and NAT reside. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerRef: description: The Cloud Router in which this NAT will be configured. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRouter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rules: description: A list of rules associated with this NAT. items: properties: action: description: The action to be enforced for traffic that matches this rule. properties: sourceNatActiveIpsRefs: items: description: |- A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sourceNatDrainIpsRefs: items: description: |- A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object description: description: An optional description of this rule. type: string match: description: |- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". type: string ruleNumber: description: |- An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. type: integer required: - match - ruleNumber type: object type: array sourceSubnetworkIpRangesToNat: description: |- How NAT should be configured per Subnetwork. If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the IP ranges in every Subnetwork are allowed to Nat. If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP ranges in every Subnetwork are allowed to Nat. 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. type: string subnetwork: description: |- One or more subnetwork NAT configurations. Only used if 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. items: properties: secondaryIpRangeNames: description: |- List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in sourceIpRangesToNat. items: type: string type: array sourceIpRangesToNat: description: |- List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', 'PRIMARY_IP_RANGE'. items: type: string type: array subnetworkRef: description: The subnetwork to NAT. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - sourceIpRangesToNat - subnetworkRef type: object type: array tcpEstablishedIdleTimeoutSec: description: |- Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. type: integer tcpTimeWaitTimeoutSec: description: |- Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set. type: integer tcpTransitoryIdleTimeoutSec: description: |- Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. type: integer udpIdleTimeoutSec: description: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. type: integer required: - natIpAllocateOption - region - routerRef - sourceSubnetworkIpRangesToNat type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computerouterpeers.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRouterPeer plural: computerouterpeers shortNames: - gcpcomputerouterpeer - gcpcomputerouterpeers singular: computerouterpeer preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: advertiseMode: description: |- User-specified flag to indicate which mode to use for advertisement. Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. type: string advertisedGroups: description: |- User-specified list of prefix groups to advertise in custom mode, which can take one of the following options: * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. Note that this field can only be populated if advertiseMode is 'CUSTOM' and overrides the list defined for the router (in the "bgp" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. items: type: string type: array advertisedIpRanges: description: |- User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is 'CUSTOM' and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges. items: properties: description: description: User-specified description for the IP range. type: string range: description: |- The IP range to advertise. The value must be a CIDR-formatted string. type: string required: - range type: object type: array advertisedRoutePriority: description: |- The priority of routes advertised to this BGP peer. Where there is more than one matching route of maximum length, the routes with the lowest priority value win. type: integer bfd: description: BFD configuration for the BGP peering. properties: minReceiveInterval: description: |- The minimum interval, in milliseconds, between BFD control packets received from the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the transmit interval of the other router. If set, this value must be between 1000 and 30000. type: integer minTransmitInterval: description: |- The minimum interval, in milliseconds, between BFD control packets transmitted to the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the corresponding receive interval of the other router. If set, this value must be between 1000 and 30000. type: integer multiplier: description: |- The number of consecutive BFD packets that must be missed before BFD declares that a peer is unavailable. If set, the value must be a value between 5 and 16. type: integer sessionInitializationMode: description: |- The BFD session initialization mode for this BGP peer. If set to 'ACTIVE', the Cloud Router will initiate the BFD session for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. type: string required: - sessionInitializationMode type: object enable: description: |- The status of the BGP peer connection. If set to false, any active session with the peer is terminated and all associated routing information is removed. If set to true, the peer connection can be established with routing information. The default is true. type: boolean enableIpv6: description: Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default. type: boolean ipAddress: description: |- IP address of the interface inside Google Cloud Platform. Only IPv4 is supported. properties: external: type: string type: object ipv6NexthopAddress: description: |- IPv6 address of the interface inside Google Cloud Platform. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. If you do not specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string peerAsn: description: |- Peer BGP Autonomous System Number (ASN). Each BGP interface may use a different value. type: integer peerIpAddress: description: |- IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported. type: string peerIpv6NexthopAddress: description: |- IPv6 address of the BGP interface outside Google Cloud Platform. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. If you do not specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string region: description: |- Immutable. Region where the router and BgpPeer reside. If it is not provided, the provider region is used. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerApplianceInstanceRef: description: |- The URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance must be located in zones contained in the same region as this Cloud Router. The VM instance is the peer side of the BGP session. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object routerInterfaceRef: description: The interface the BGP peer is associated with. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRouterInterface` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object routerRef: description: The Cloud Router in which this BGP peer will be configured. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeRouter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - peerAsn - peerIpAddress - region - routerInterfaceRef - routerRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array managementType: description: |- The resource that configures and manages this BGP peer. * 'MANAGED_BY_USER' is the default value and can be managed by you or other users * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and managed by Cloud Interconnect, specifically by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of BGP peer when the PARTNER InterconnectAttachment is created, updated, or deleted. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computerouters.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRouter plural: computerouters shortNames: - gcpcomputerouter - gcpcomputerouters singular: computerouter preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bgp: description: BGP information specific to this router. properties: advertiseMode: description: 'User-specified flag to indicate which mode to use for advertisement. Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"].' type: string advertisedGroups: description: |- User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. This enum field has the one valid value: ALL_SUBNETS. items: type: string type: array advertisedIpRanges: description: |- User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges. items: properties: description: description: User-specified description for the IP range. type: string range: description: |- The IP range to advertise. The value must be a CIDR-formatted string. type: string required: - range type: object type: array asn: description: |- Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN. type: integer keepaliveInterval: description: |- The interval in seconds between BGP keepalive messages that are sent to the peer. Hold time is three times the interval at which keepalive messages are sent, and the hold time is the maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. type: integer required: - asn type: object description: description: An optional description of this resource. type: string encryptedInterconnectRouter: description: |- Immutable. Indicates if a router is dedicated for use with encrypted VLAN attachments (interconnectAttachments). type: boolean networkRef: description: A reference to the network to which this router belongs. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. Region where the router resides. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - networkRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeroutes.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeRoute plural: computeroutes shortNames: - gcpcomputeroute - gcpcomputeroutes singular: computeroute preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. type: string destRange: description: |- Immutable. The destination range of outgoing packets that this route applies to. Only IPv4 is supported. type: string networkRef: description: The network that this route applies to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nextHopGateway: description: |- Immutable. URL to a gateway that should handle matching packets. Currently, you can only specify the internet gateway, using a full or partial valid URL: * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' * 'projects/project/global/gateways/default-internet-gateway' * 'global/gateways/default-internet-gateway' * The string 'default-internet-gateway'. type: string nextHopILBRef: description: |- A forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets. Note that this can only be used when the destinationRange is a public (non-RFC 1918) IP CIDR range. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nextHopInstanceRef: description: Instance that should handle matching packets. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nextHopIp: description: Immutable. Network IP address of an instance that should handle matching packets. type: string nextHopVPNTunnelRef: description: The ComputeVPNTunnel that should handle matching packets oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object priority: description: |- Immutable. The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535. type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string tags: description: Immutable. A list of instance tags to which this route applies. items: type: string type: array required: - destRange - networkRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array nextHopNetwork: description: URL to a Network that should handle matching packets. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesecuritypolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSecurityPolicy plural: computesecuritypolicies shortNames: - gcpcomputesecuritypolicy - gcpcomputesecuritypolicies singular: computesecuritypolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: adaptiveProtectionConfig: description: Adaptive Protection Config of this security policy. properties: autoDeployConfig: description: Auto Deploy Config of this security policy. properties: confidenceThreshold: description: Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold. type: number expirationSec: description: Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests. type: integer impactedBaselineThreshold: description: Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold. type: number loadThreshold: description: Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold. type: number type: object layer7DdosDefenseConfig: description: Layer 7 DDoS Defense Config of this security policy. properties: enable: description: If set to true, enables CAAP for L7 DDoS detection. type: boolean ruleVisibility: description: 'Rule visibility. Supported values include: "STANDARD", "PREMIUM".' type: string type: object type: object advancedOptionsConfig: description: Advanced Options Config of this security policy. properties: jsonCustomConfig: description: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD. properties: contentTypes: description: A list of custom Content-Type header values to apply the JSON parsing. items: type: string type: array required: - contentTypes type: object jsonParsing: description: 'JSON body parsing. Supported values include: "DISABLED", "STANDARD".' type: string logLevel: description: 'Logging level. Supported values include: "NORMAL", "VERBOSE".' type: string type: object description: description: An optional description of this security policy. Max size is 2048. type: string recaptchaOptionsConfig: description: reCAPTCHA configuration options to be applied for the security policy. properties: redirectSiteKeyRef: description: |- A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - redirectSiteKeyRef type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rule: description: The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. items: properties: action: description: Action to take when match matches the request. type: string description: description: An optional description of this rule. Max size is 64. type: string headerAction: description: Additional actions that are performed on headers. properties: requestHeadersToAdds: description: The list of request headers to add or overwrite if they're already present. items: properties: headerName: description: The name of the header to set. type: string headerValue: description: The value to set the named header to. type: string required: - headerName type: object type: array required: - requestHeadersToAdds type: object match: description: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. properties: config: description: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. properties: srcIpRanges: description: Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior). items: type: string type: array required: - srcIpRanges type: object expr: description: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. properties: expression: description: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. type: string required: - expression type: object versionedExpr: description: 'Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.' type: string type: object preconfiguredWafConfig: description: Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. properties: exclusion: description: An exclusion to apply during preconfigured WAF evaluation. items: properties: requestCookie: description: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. items: properties: operator: description: 'You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.' type: string value: description: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. type: string required: - operator type: object type: array requestHeader: description: Request header whose value will be excluded from inspection during preconfigured WAF evaluation. items: properties: operator: description: 'You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.' type: string value: description: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. type: string required: - operator type: object type: array requestQueryParam: description: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. items: properties: operator: description: 'You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.' type: string value: description: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. type: string required: - operator type: object type: array requestUri: description: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. items: properties: operator: description: 'You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.' type: string value: description: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. type: string required: - operator type: object type: array targetRuleIds: description: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set. items: type: string type: array targetRuleSet: description: Target WAF rule set to apply the preconfigured WAF exclusion. type: string required: - targetRuleSet type: object type: array type: object preview: description: When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such. type: boolean priority: description: An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. type: integer rateLimitOptions: description: Rate limit threshold for this security policy. Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions. properties: banDurationSec: description: Can only be specified if the action for the rule is "rate_based_ban". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. type: integer banThreshold: description: Can only be specified if the action for the rule is "rate_based_ban". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'. properties: count: description: Number of HTTP(S) requests for calculating the threshold. type: integer intervalSec: description: Interval over which the threshold is computed. type: integer required: - count - intervalSec type: object conformAction: description: Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only. type: string enforceOnKey: description: Determines the key to enforce the rateLimitThreshold on. type: string enforceOnKeyConfigs: description: Immutable. Enforce On Key Config of this security policy. items: properties: enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.' type: string enforceOnKeyType: description: Determines the key to enforce the rate_limit_threshold on. type: string type: object type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.' type: string exceedAction: description: Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are "deny()" where valid values for status are 403, 404, 429, and 502, and "redirect" where the redirect parameters come from exceedRedirectOptions below. type: string exceedRedirectOptions: description: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. properties: target: description: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. type: string type: description: Type of the redirect action. type: string required: - type type: object rateLimitThreshold: description: Threshold at which to begin ratelimiting. properties: count: description: Number of HTTP(S) requests for calculating the threshold. type: integer intervalSec: description: Interval over which the threshold is computed. type: integer required: - count - intervalSec type: object required: - conformAction - exceedAction - rateLimitThreshold type: object redirectOptions: description: Parameters defining the redirect action. Cannot be specified for any other actions. properties: target: description: Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. type: string type: description: 'Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.' type: string required: - type type: object required: - action - match - priority type: object type: array type: description: The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array fingerprint: description: Fingerprint of this resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: computeserviceattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeServiceAttachment plural: computeserviceattachments shortNames: - gcpcomputeserviceattachment - gcpcomputeserviceattachments singular: computeserviceattachment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: connectionPreference: description: 'The connection preference of service attachment. The value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service attachment is one that always accepts the connection from consumer forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, ACCEPT_AUTOMATIC, ACCEPT_MANUAL' type: string consumerAcceptLists: description: Projects that are allowed to connect to this service attachment. items: properties: connectionLimit: description: The value of the limit to set. format: int64 type: integer projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project id or number for the project to set the limit for. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - projectRef type: object type: array consumerRejectLists: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array description: description: An optional description of this resource. Provide this property when you create the resource. type: string enableProxyProtocol: description: Immutable. If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers. type: boolean location: description: Immutable. The location for the resource type: string natSubnets: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string targetServiceRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL of a service serving the endpoint identified by this service attachment. Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - connectionPreference - location - natSubnets - projectRef - targetServiceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array connectedEndpoints: description: An array of connections for all the consumers connected to this service attachment. items: properties: endpoint: description: The url of a connected endpoint. type: string pscConnectionId: description: The PSC connection id of the connected endpoint. format: int64 type: integer status: description: 'The status of a connected endpoint to this service attachment. Possible values: PENDING, RUNNING, DONE' type: string type: object type: array fingerprint: description: Fingerprint of this resource. This field is used internally during updates of this resource. type: string id: description: The unique identifier for the resource type. The server generates this identifier. format: int64 type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer pscServiceAttachmentId: description: An 128-bit global unique ID of the PSC service attachment. properties: high: format: int64 type: integer low: format: int64 type: integer type: object region: description: URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. type: string selfLink: description: Server-defined URL for the resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesharedvpchostprojects.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSharedVPCHostProject plural: computesharedvpchostprojects shortNames: - gcpcomputesharedvpchostproject - gcpcomputesharedvpchostprojects singular: computesharedvpchostproject preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSharedVPCServiceProject plural: computesharedvpcserviceprojects shortNames: - gcpcomputesharedvpcserviceproject - gcpcomputesharedvpcserviceprojects singular: computesharedvpcserviceproject preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: deletionPolicy: description: "The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\"." type: string projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesnapshots.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSnapshot plural: computesnapshots shortNames: - gcpcomputesnapshot - gcpcomputesnapshots singular: computesnapshot preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: chainName: description: |- Immutable. Creates the new snapshot in the snapshot chain labeled with the specified name. The chain name must be 1-63 characters long and comply with RFC1035. This is an uncommon option only for advanced service owners who needs to create separate snapshot chains, for example, for chargeback tracking. When you describe your snapshot resource, this field is visible only if it has a non-empty value. type: string description: description: Immutable. An optional description of this resource. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string snapshotEncryptionKey: description: |- Immutable. Encrypts the snapshot using a customer-supplied encryption key. After you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the snapshot later. For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request. Customer-supplied encryption keys do not protect access to metadata of the snapshot. If you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later. properties: kmsKeyRef: description: The encryption key that is stored in Google Cloud KMS. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object kmsKeyServiceAccountRef: description: |- The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string type: object sourceDiskEncryptionKey: description: |- Immutable. The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. properties: kmsKeyServiceAccountRef: description: |- The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object rawKey: description: |- Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object type: object sourceDiskRef: description: A reference to the disk used to create this snapshot. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeDisk` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object storageLocations: description: Immutable. Cloud Storage bucket storage location of the snapshot (regional or multi-regional). items: type: string type: array zone: description: Immutable. A reference to the zone where the disk is hosted. type: string required: - sourceDiskRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string diskSizeGb: description: Size of the snapshot, specified in GB. type: integer labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string licenses: description: |- A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image). snapshotEncryptionKey nested object Encrypts the snapshot using a customer-supplied encryption key. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string snapshotId: description: The unique identifier for the resource. type: integer storageBytes: description: |- A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesslcertificates.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSSLCertificate plural: computesslcertificates shortNames: - gcpcomputesslcertificate - gcpcomputesslcertificates singular: computesslcertificate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: certificate: description: |- Immutable. The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - key - name type: object type: object type: object description: description: Immutable. An optional description of this resource. type: string location: description: 'Location represents the geographical location of the ComputeSSLCertificate. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string privateKey: description: Immutable. The write-only private key in PEM format. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - key - name type: object type: object type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - certificate - location - privateKey type: object status: properties: certificateId: description: The unique identifier for the resource. type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string expireTime: description: Expire time of the certificate in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesslpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSSLPolicy plural: computesslpolicies shortNames: - gcpcomputesslpolicy - gcpcomputesslpolicies singular: computesslpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: customFeatures: description: |- Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', the set of SSL features to enable must be specified in the 'customFeatures' field. See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) for which ciphers are available to use. **Note**: this argument *must* be present when using the 'CUSTOM' profile. This argument *must not* be present when using any other profile. items: type: string type: array description: description: Immutable. An optional description of this resource. type: string minTlsVersion: description: |- The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. type: string profile: description: |- Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. If using 'CUSTOM', the set of SSL features to enable must be specified in the 'customFeatures' field. See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) for information on what cipher suites each profile provides. If 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string enabledFeatures: description: The list of features enabled in the SSL policy. items: type: string type: array fingerprint: description: |- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computesubnetworks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeSubnetwork plural: computesubnetworks shortNames: - gcpcomputesubnetwork - gcpcomputesubnetworks singular: computesubnetwork preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- Immutable. An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time. type: string ipCidrRange: description: |- The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. type: string ipv6AccessType: description: |- The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. type: string logConfig: description: |- Denotes the logging options for the subnetwork flow logs. If logging is enabled logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. properties: aggregationInterval: description: |- Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. type: string filterExpr: description: |- Export filter used to define which VPC flow logs should be logged, as as CEL expression. See https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. The default value is 'true', which evaluates to include everything. type: string flowSampling: description: |- Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 which means half of all collected logs are reported. type: number metadata: description: |- Can only be specified if VPC flow logging for this subnetwork is enabled. Configures whether metadata fields should be added to the reported VPC flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. type: string metadataFields: description: |- List of metadata fields that should be added to reported logs. Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. items: type: string type: array type: object networkRef: description: |- The network this subnet belongs to. Only networks that are in the distributed mode can have subnetworks. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object privateIpGoogleAccess: description: |- When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access. type: boolean privateIpv6GoogleAccess: description: The private IPv6 google access type for the VMs in this subnet. type: string purpose: description: |- Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. type: string region: description: Immutable. The GCP region for this subnetwork. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string role: description: |- The role of subnetwork. The value can be set to 'ACTIVE' or 'BACKUP'. An 'ACTIVE' subnetwork is one that is currently being used. A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. type: string secondaryIpRange: items: properties: ipCidrRange: description: |- The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. type: string rangeName: description: |- The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. type: string required: - ipCidrRange - rangeName type: object type: array stackType: description: |- The stack type for this subnet to identify whether the IPv6 feature is enabled or not. If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. type: string required: - ipCidrRange - networkRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string externalIpv6Prefix: description: The range of external IPv6 addresses that are owned by this subnetwork. type: string fingerprint: description: DEPRECATED. This field is not useful for users, and has been removed as an output. Fingerprint of this resource. This field is used internally during updates of this resource. type: string gatewayAddress: description: |- The gateway address for default routes to reach destination addresses outside this subnetwork. type: string ipv6CidrRange: description: The range of internal IPv6 addresses that are owned by this subnetwork. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargetgrpcproxies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetGRPCProxy plural: computetargetgrpcproxies shortNames: - gcpcomputetargetgrpcproxy - gcpcomputetargetgrpcproxies singular: computetargetgrpcproxy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: An optional description of this resource. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string urlMapRef: description: |- The UrlMap resource that defines the mapping from URL to the BackendService. The protocol field in the BackendService must be set to GRPC. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object validateForProxyless: description: |- Immutable. If true, indicates that the BackendServices referenced by the urlMap may be accessed by gRPC applications without using a sidecar proxy. This will enable configuration checks on urlMap and its referenced BackendServices to not allow unsupported features. A gRPC application must use "xds:///" scheme in the target URI of the service it is connecting to. If false, indicates that the BackendServices referenced by the urlMap will be accessed by gRPC applications via a sidecar proxy. In this case, a gRPC application must not use "xds:///" scheme in the target URI of the service it is connecting to. type: boolean type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string fingerprint: description: |- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a TargetGrpcProxy. An up-to-date fingerprint must be provided in order to patch/update the TargetGrpcProxy; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the TargetGrpcProxy. A base64-encoded string. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string selfLinkWithId: description: Server-defined URL with id for the resource. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargethttpproxies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetHTTPProxy plural: computetargethttpproxies shortNames: - gcpcomputetargethttpproxy - gcpcomputetargethttpproxies singular: computetargethttpproxy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string location: description: 'Location represents the geographical location of the ComputeTargetHTTPProxy. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string proxyBind: description: |- Immutable. This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string urlMapRef: description: |- A reference to the ComputeURLMap resource that defines the mapping from URL to the BackendService. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location - urlMapRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer proxyId: description: The unique identifier for the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargethttpsproxies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetHTTPSProxy plural: computetargethttpsproxies shortNames: - gcpcomputetargethttpsproxy - gcpcomputetargethttpsproxies singular: computetargethttpsproxy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: certificateMapRef: description: |- Only the `external` field is supported to configure the reference. A reference to the CertificateMap resource uri that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerCertificateMap` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Immutable. An optional description of this resource. type: string location: description: 'Location represents the geographical location of the ComputeTargetHTTPSProxy. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string proxyBind: description: |- Immutable. This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. type: boolean quicOverride: description: |- Specifies the QUIC override policy for this resource. This determines whether the load balancer will attempt to negotiate QUIC with clients or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is specified, Google manages whether QUIC is used. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sslCertificates: items: description: |- A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sslPolicyRef: description: |- A reference to the ComputeSSLPolicy resource that will be associated with the ComputeTargetHTTPSProxy resource. If not set, the ComputeTargetHTTPSProxy resource will not have any SSL policy configured. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object urlMapRef: description: |- A reference to the ComputeURLMap resource that defines the mapping from URL to the BackendService. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location - urlMapRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer proxyId: description: The unique identifier for the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargetinstances.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetInstance plural: computetargetinstances shortNames: - gcpcomputetargetinstance - gcpcomputetargetinstances singular: computetargetinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string instanceRef: description: The ComputeInstance handling traffic for this target instance. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object natPolicy: description: |- Immutable. NAT option controlling how IPs are NAT'ed to the instance. Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. type: string networkRef: description: |- The network this target instance uses to forward traffic. If not specified, the traffic will be forwarded to the network that the default network interface belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zone: description: Immutable. URL of the zone where the target instance resides. type: string required: - instanceRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargetpools.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetPool plural: computetargetpools shortNames: - gcpcomputetargetpool - gcpcomputetargetpools singular: computetargetpool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backupTargetPoolRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Immutable. Textual description field. type: string failoverRatio: description: Immutable. Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set). type: number healthChecks: items: properties: httpHealthCheckRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array instances: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array region: description: Immutable. Where the target pool resides. Defaults to project region. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sessionAffinity: description: Immutable. How to distribute load. Options are "NONE" (no affinity). "CLIENT_IP" (hash of the source/dest addresses / ports), and "CLIENT_IP_PROTO" also includes the protocol (default "NONE"). type: string required: - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargetsslproxies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetSSLProxy plural: computetargetsslproxies shortNames: - gcpcomputetargetsslproxy - gcpcomputetargetsslproxies singular: computetargetsslproxy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backendServiceRef: description: A reference to the ComputeBackendService resource. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object certificateMapRef: description: |- Only `external` field is supported to configure the reference. A reference to the CertificateMap resource uri that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. Accepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Immutable. An optional description of this resource. type: string proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sslCertificates: items: description: |- A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array sslPolicyRef: description: |- A reference to the ComputeSSLPolicy resource that will be associated with the TargetSslProxy resource. If not set, the ComputeTargetSSLProxy resource will not have any SSL policy configured. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - backendServiceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer proxyId: description: The unique identifier for the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargettcpproxies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetTCPProxy plural: computetargettcpproxies shortNames: - gcpcomputetargettcpproxy - gcpcomputetargettcpproxies singular: computetargettcpproxy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backendServiceRef: description: A reference to the ComputeBackendService resource. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Immutable. An optional description of this resource. type: string proxyBind: description: |- Immutable. This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. type: boolean proxyHeader: description: |- Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - backendServiceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer proxyId: description: The unique identifier for the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computetargetvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeTargetVPNGateway plural: computetargetvpngateways shortNames: - gcpcomputetargetvpngateway - gcpcomputetargetvpngateways singular: computetargetvpngateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string networkRef: description: The network this VPN gateway is accepting traffic for. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region this gateway should sit in. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - networkRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string gatewayId: description: The unique identifier for the resource. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computeurlmaps.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeURLMap plural: computeurlmaps shortNames: - gcpcomputeurlmap - gcpcomputeurlmaps singular: computeurlmap preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: defaultRouteAction: description: |- defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. properties: corsPolicy: description: |- The specification for allowing client side cross-origin requests. Please see [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). properties: allowCredentials: description: |- In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. Default is false. type: boolean allowHeaders: description: Specifies the content for the Access-Control-Allow-Headers header. items: type: string type: array allowMethods: description: Specifies the content for the Access-Control-Allow-Methods header. items: type: string type: array allowOriginRegexes: description: |- Specifies the regualar expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. items: type: string type: array allowOrigins: description: |- Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. items: type: string type: array disabled: description: If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. type: boolean exposeHeaders: description: Specifies the content for the Access-Control-Expose-Headers header. items: type: string type: array maxAge: description: |- Specifies how long results of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. type: integer type: object faultInjectionPolicy: description: |- The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests. timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). properties: abort: description: The specification for how client requests are aborted as part of fault injection. properties: httpStatus: description: |- The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. type: integer percentage: description: |- The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object delay: description: The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: fixedDelay: description: Specifies the value of the fixed delay interval. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. type: string type: object percentage: description: |- The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object type: object requestMirrorPolicy: description: |- Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. properties: backendServiceRef: description: |- The backend service resource being mirrored to. The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. Serverless NEG backends are not currently supported as a mirrored backend service. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object retryPolicy: description: Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. type: integer perTryTimeout: description: |- Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, will use the largest timeout among all backend services associated with the route. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. type: string type: object retryConditions: description: |- Specifies one or more conditions when this retry policy applies. Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. items: type: string type: array type: object timeout: description: |- Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. If not specified, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. properties: nanos: description: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: 'Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.' type: string type: object urlRewrite: description: |- The spec to modify the URL of the request, before forwarding the request to the matched service. urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. properties: hostRewrite: description: |- Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be from 1 to 255 characters. type: string pathPrefixRewrite: description: |- Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be from 1 to 1024 characters. type: string type: object weightedBackendServices: description: |- A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. items: properties: backendServiceRef: description: |- The default backend service resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. properties: requestHeadersToAdd: description: Headers to add to a matching request before forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. The default value is false. type: boolean type: object type: array requestHeadersToRemove: description: A list of header names for headers that need to be removed from the request before forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response before sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. The default value is false. type: boolean type: object type: array responseHeadersToRemove: description: A list of header names for headers that need to be removed from the response before sending the response back to the client. items: type: string type: array type: object weight: description: |- Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. The value must be from 0 to 1000. type: integer type: object type: array type: object defaultService: description: |- The defaultService resource to which traffic is directed if none of the hostRules match. For the Global URL Map, it should be a reference to the backend service or backend bucket. For the Regional URL Map, it should be a reference to the backend service. If defaultRouteAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of defaultService, defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. oneOf: - required: - backendBucketRef - required: - backendServiceRef properties: backendBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object backendServiceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object defaultUrlRedirect: description: |- When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. properties: hostRedirect: description: |- The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. type: string httpsRedirect: description: |- If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. type: boolean pathRedirect: description: |- The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string prefixRedirect: description: |- The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. type: string stripQuery: description: |- If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. This field is required to ensure an empty block is not set. The normal default value is false. type: boolean required: - stripQuery type: object description: description: |- An optional description of this resource. Provide this property when you create the resource. type: string headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here take effect after headerAction specified under pathMatcher. properties: requestHeadersToAdd: description: |- Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object hostRule: description: The list of HostRules to use against the URL. items: properties: description: description: |- An optional description of this HostRule. Provide this property when you create the resource. type: string hosts: description: |- The list of host patterns to match. They must be valid hostnames, except * will match any string of ([a-z0-9-.]*). In that case, * must be the first character and must be followed in the pattern by either - or .. items: type: string type: array pathMatcher: description: |- The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion. type: string required: - hosts - pathMatcher type: object type: array location: description: 'Location represents the geographical location of the ComputeURLMap. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string pathMatcher: description: The list of named PathMatchers to use against the URL. items: properties: defaultRouteAction: description: |- defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. properties: corsPolicy: description: |- The specification for allowing client side cross-origin requests. Please see [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). properties: allowCredentials: description: |- In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. type: boolean allowHeaders: description: Specifies the content for the Access-Control-Allow-Headers header. items: type: string type: array allowMethods: description: Specifies the content for the Access-Control-Allow-Methods header. items: type: string type: array allowOriginRegexes: description: |- Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. items: type: string type: array allowOrigins: description: |- Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. items: type: string type: array disabled: description: If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. type: boolean exposeHeaders: description: Specifies the content for the Access-Control-Expose-Headers header. items: type: string type: array maxAge: description: |- Specifies how long results of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. type: integer type: object faultInjectionPolicy: description: |- The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. properties: abort: description: The specification for how client requests are aborted as part of fault injection. properties: httpStatus: description: |- The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. type: integer percentage: description: |- The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object delay: description: The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: fixedDelay: description: Specifies the value of the fixed delay interval. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. type: string type: object percentage: description: |- The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object type: object requestMirrorPolicy: description: |- Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: backendServiceRef: description: Required. The backend service resource being mirrored to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - backendServiceRef type: object retryPolicy: description: Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. type: integer perTryTimeout: description: |- Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, will use the largest timeout among all backend services associated with the route. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. type: string type: object retryConditions: description: |- Specfies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, example: disconnects, reset, read timeout, * connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. items: type: string type: array type: object timeout: description: |- Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, will use the largest timeout among all backend services associated with the route. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. type: string type: object urlRewrite: description: The spec to modify the URL of the request, prior to forwarding the request to the matched service. properties: hostRewrite: description: |- Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. type: string pathPrefixRewrite: description: |- Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string type: object weightedBackendServices: description: |- A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. items: properties: backendServiceRef: description: |- The default backend service resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: requestHeadersToAdd: description: Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header to add. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header to add. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object weight: description: |- Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000. type: integer type: object type: array type: object defaultService: description: |- The default service to use if none of the pathRules defined by this PathMatcher is matched by the URL's path portion. For the Global URL Map, it should be a reference to the backend service or backend bucket. For the Regional URL Map, it should be a reference to the backend service. oneOf: - required: - backendBucketRef - required: - backendServiceRef properties: backendBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object backendServiceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object defaultUrlRedirect: description: |- When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. properties: hostRedirect: description: |- The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. type: string httpsRedirect: description: |- If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. type: boolean pathRedirect: description: |- The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string prefixRedirect: description: |- The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. type: string stripQuery: description: |- If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. This field is required to ensure an empty block is not set. The normal default value is false. type: boolean required: - stripQuery type: object description: description: An optional description of this resource. type: string headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. properties: requestHeadersToAdd: description: |- Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object name: description: The name to which this PathMatcher is referred by the HostRule. type: string pathRule: description: |- The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set. items: properties: paths: description: |- The list of path patterns to match. Each must start with / and the only place a \* is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here. items: type: string type: array routeAction: description: |- In response to a matching path, the load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. properties: corsPolicy: description: |- The specification for allowing client side cross-origin requests. Please see W3C Recommendation for Cross Origin Resource Sharing. properties: allowCredentials: description: |- In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access- Control-Allow-Credentials header. Defaults to false. type: boolean allowHeaders: description: Specifies the content for the Access-Control-Allow-Headers header. items: type: string type: array allowMethods: description: Specifies the content for the Access-Control-Allow-Methods header. items: type: string type: array allowOriginRegexes: description: |- Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either allow_origins or allow_origin_regex. items: type: string type: array allowOrigins: description: |- Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either allow_origins or allow_origin_regex. items: type: string type: array disabled: description: If true, specifies the CORS policy is disabled. type: boolean exposeHeaders: description: Specifies the content for the Access-Control-Expose-Headers header. items: type: string type: array maxAge: description: |- Specifies how long the results of a preflight request can be cached. This translates to the content for the Access-Control-Max-Age header. type: integer required: - disabled type: object faultInjectionPolicy: description: |- The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy. properties: abort: description: |- The specification for how client requests are aborted as part of fault injection. properties: httpStatus: description: |- The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. type: integer percentage: description: |- The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number required: - httpStatus - percentage type: object delay: description: |- The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: fixedDelay: description: Specifies the value of the fixed delay interval. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object percentage: description: |- The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number required: - fixedDelay - percentage type: object type: object requestMirrorPolicy: description: |- Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: backendServiceRef: description: Required. The backend service resource being mirrored to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - backendServiceRef type: object retryPolicy: description: Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number retries. This number must be > 0. type: integer perTryTimeout: description: Specifies a non-zero timeout per retry attempt. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object retryConditions: description: |- Specifies one or more conditions when this retry rule applies. Valid values are: - 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. - refused-stream: Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. items: type: string type: array type: object timeout: description: |- Specifies the timeout for the selected route. Timeout is computed from the time the request is has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, the default value is 15 seconds. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object urlRewrite: description: |- The spec to modify the URL of the request, prior to forwarding the request to the matched service. properties: hostRewrite: description: |- Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. type: string pathPrefixRewrite: description: |- Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string type: object weightedBackendServices: description: |- A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. items: properties: backendServiceRef: description: |- Required. The default backend service resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: requestHeadersToAdd: description: |- Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object weight: description: |- Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000. type: integer required: - backendServiceRef - weight type: object type: array type: object service: description: |- The backend service to which traffic is directed if this rule is matched. For the Global URL Map, it should be a reference to the backend service or backend bucket. For the Regional URL Map, it should be a reference to the backend service. If routeAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. oneOf: - required: - backendBucketRef - required: - backendServiceRef properties: backendBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object backendServiceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object urlRedirect: description: |- When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. properties: hostRedirect: description: |- The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. type: string httpsRedirect: description: |- If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. type: boolean pathRedirect: description: |- The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string prefixRedirect: description: |- The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. type: string stripQuery: description: |- If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. This field is required to ensure an empty block is not set. The normal default value is false. type: boolean required: - stripQuery type: object required: - paths type: object type: array routeRules: description: |- The list of ordered HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. The order of specifying routeRules matters: the first rule that matches will cause its specified routing action to take effect. Within a given pathMatcher, only one of pathRules or routeRules must be set. routeRules are not supported in UrlMaps intended for External load balancers. items: properties: headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here are applied before the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. properties: requestHeadersToAdd: description: |- Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object matchRules: description: The rules for determining a match. items: properties: fullPathMatch: description: |- For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. FullPathMatch must be between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. type: string headerMatches: description: |- Specifies a list of header match criteria, all of which must match corresponding headers in the request. items: properties: exactMatch: description: |- The value should exactly match contents of exactMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. type: string headerName: description: |- The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method". type: string invertMatch: description: |- If set to false, the headerMatch is considered a match if the match criteria above are met. If set to true, the headerMatch is considered a match if the match criteria above are NOT met. Defaults to false. type: boolean prefixMatch: description: |- The value of the header must start with the contents of prefixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. type: string presentMatch: description: |- A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value or not. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. type: boolean rangeMatch: description: |- The header value must be an integer and its value must be in the range specified in rangeMatch. If the header does not contain an integer, number or is empty, the match fails. For example for a range [-5, 0] * -3 will match * 0 will not match * 0.25 will not match * -3someString will not match. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. properties: rangeEnd: description: The end of the range (exclusive). type: integer rangeStart: description: The start of the range (inclusive). type: integer required: - rangeEnd - rangeStart type: object regexMatch: description: |- The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to PORT and a regular expression that satisfies the RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. type: string suffixMatch: description: |- The value of the header must end with the contents of suffixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. type: string required: - headerName type: object type: array ignoreCase: description: |- Specifies that prefixMatch and fullPathMatch matches are case sensitive. Defaults to false. type: boolean metadataFilters: description: |- Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overrides those specified in ForwardingRule that refers to this UrlMap. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: description: |- The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. items: properties: name: description: |- Name of metadata label. The name can have a maximum length of 1024 characters and must be at least 1 character long. type: string value: description: |- The value of the label must match the specified value. value can have a maximum length of 1024 characters. type: string required: - name - value type: object type: array filterMatchCriteria: description: |- Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. Supported values are: * MATCH_ANY: At least one of the filterLabels must have a matching label in the provided metadata. * MATCH_ALL: All filterLabels must have matching labels in the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. type: string required: - filterLabels - filterMatchCriteria type: object type: array prefixMatch: description: |- For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. type: string queryParameterMatches: description: |- Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. items: properties: exactMatch: description: |- The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch must be set. type: string name: description: |- The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails. type: string presentMatch: description: |- Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. Only one of presentMatch, exactMatch and regexMatch must be set. type: boolean regexMatch: description: |- The queryParameterMatch matches if the value of the parameter matches the regular expression specified by regexMatch. For the regular expression grammar, please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, exactMatch and regexMatch must be set. type: string required: - name type: object type: array regexMatch: description: |- For satisfying the matchRule condition, the path of the request must satisfy the regular expression specified in regexMatch after removing any query parameters and anchor supplied with the original URL. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, fullPathMatch or regexMatch must be specified. type: string type: object type: array priority: description: |- For routeRules within a given pathMatcher, priority determines the order in which load balancer will interpret routeRules. RouteRules are evaluated in order of priority, from the lowest to highest number. The priority of a rule decreases as its number increases (1, 2, 3, N+1). The first rule that matches the request is applied. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 0 and 2147483647 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. type: integer routeAction: description: |- In response to a matching matchRule, the load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. properties: corsPolicy: description: |- The specification for allowing client side cross-origin requests. Please see W3C Recommendation for Cross Origin Resource Sharing. properties: allowCredentials: description: |- In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access- Control-Allow-Credentials header. Defaults to false. type: boolean allowHeaders: description: Specifies the content for the Access-Control-Allow-Headers header. items: type: string type: array allowMethods: description: Specifies the content for the Access-Control-Allow-Methods header. items: type: string type: array allowOriginRegexes: description: |- Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either allow_origins or allow_origin_regex. items: type: string type: array allowOrigins: description: |- Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either allow_origins or allow_origin_regex. items: type: string type: array disabled: description: |- If true, specifies the CORS policy is disabled. which indicates that the CORS policy is in effect. Defaults to false. type: boolean exposeHeaders: description: Specifies the content for the Access-Control-Expose-Headers header. items: type: string type: array maxAge: description: |- Specifies how long the results of a preflight request can be cached. This translates to the content for the Access-Control-Max-Age header. type: integer type: object faultInjectionPolicy: description: |- The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy. properties: abort: description: |- The specification for how client requests are aborted as part of fault injection. properties: httpStatus: description: |- The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. type: integer percentage: description: |- The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object delay: description: |- The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: fixedDelay: description: Specifies the value of the fixed delay interval. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object percentage: description: |- The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. type: number type: object type: object requestMirrorPolicy: description: |- Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: backendServiceRef: description: Required. The backend service resource being mirrored to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - backendServiceRef type: object retryPolicy: description: Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number retries. This number must be > 0. type: integer perTryTimeout: description: Specifies a non-zero timeout per retry attempt. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object retryConditions: description: |- Specifies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream: Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. items: type: string type: array required: - numRetries type: object timeout: description: |- Specifies the timeout for the selected route. Timeout is computed from the time the request is has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, the default value is 15 seconds. properties: nanos: description: |- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive. type: integer seconds: description: |- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. type: string required: - seconds type: object urlRewrite: description: |- The spec to modify the URL of the request, prior to forwarding the request to the matched service. properties: hostRewrite: description: |- Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. type: string pathPrefixRewrite: description: |- Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string type: object weightedBackendServices: description: |- A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. items: properties: backendServiceRef: description: |- Required. The default backend service resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object headerAction: description: |- Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: requestHeadersToAdd: description: |- Headers to add to a matching request prior to forwarding the request to the backendService. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array requestHeadersToRemove: description: |- A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. items: type: string type: array responseHeadersToAdd: description: Headers to add the response prior to sending the response back to the client. items: properties: headerName: description: The name of the header. type: string headerValue: description: The value of the header to add. type: string replace: description: |- If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. type: boolean required: - headerName - headerValue - replace type: object type: array responseHeadersToRemove: description: |- A list of header names for headers that need to be removed from the response prior to sending the response back to the client. items: type: string type: array type: object weight: description: |- Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000. type: integer required: - backendServiceRef - weight type: object type: array type: object service: description: |- The region backend service resource to which traffic is directed if this rule is matched. If routeAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendService s. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. type: string urlRedirect: description: |- When this rule is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. properties: hostRedirect: description: |- The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. type: string httpsRedirect: description: |- If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. type: boolean pathRedirect: description: |- The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string prefixRedirect: description: |- The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. type: string redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. type: string stripQuery: description: |- If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default value is false. type: boolean type: object required: - priority type: object type: array required: - name type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string test: description: |- The list of expected URL mappings. Requests to update this UrlMap will succeed only if all of the test cases pass. items: properties: description: description: Description of this test case. type: string host: description: Host portion of the URL. type: string path: description: Path portion of the URL. type: string service: description: |- The backend service resource that should be matched by this test. For the Global URL Map, it should be a reference to the backend service or backend bucket. For the Regional URL Map, it should be a reference to the backend service. oneOf: - required: - backendBucketRef - required: - backendServiceRef properties: backendBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object backendServiceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object required: - host - path - service type: object type: array required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string fingerprint: description: |- Fingerprint of this resource. This field is used internally during updates of this resource. type: string mapId: description: The unique identifier for the resource. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computevpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeVPNGateway plural: computevpngateways shortNames: - gcpcomputevpngateway - gcpcomputevpngateways singular: computevpngateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string networkRef: description: The network this VPN gateway is accepting traffic for. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region this gateway should sit in. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string stackType: description: |- Immutable. The stack type for this VPN gateway to identify the IP protocols that are enabled. If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: properties: id: description: Immutable. The numeric ID of this VPN gateway interface. type: integer interconnectAttachmentRef: description: |- Immutable. When this value is present, the VPN Gateway will be used for IPsec-encrypted Cloud Interconnect; all Egress or Ingress traffic for this VPN Gateway interface will go through the specified interconnect attachment resource. Not currently available publicly. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object ipAddress: description: The external IP address for this VPN gateway interface. type: string type: object type: array required: - networkRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: computevpntunnels.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp kind: ComputeVPNTunnel plural: computevpntunnels shortNames: - gcpcomputevpntunnel - gcpcomputevpntunnels singular: computevpntunnel preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. An optional description of this resource. type: string ikeVersion: description: |- Immutable. IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. type: integer localTrafficSelector: description: |- Immutable. Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported. items: type: string type: array peerExternalGatewayInterface: description: Immutable. The interface ID of the external VPN gateway to which this VPN tunnel is connected. type: integer peerExternalGatewayRef: description: |- The peer side external VPN gateway to which this VPN tunnel is connected. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object peerGCPGatewayRef: description: |- The peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same VPN gateway interface ID in the peer GCP VPN gateway. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object peerIp: description: Immutable. IP address of the peer VPN gateway. Only IPv4 is supported. type: string region: description: Immutable. The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'. type: string remoteTrafficSelector: description: |- Immutable. Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported. items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routerRef: description: The router to be used for dynamic routing. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeRouter` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object sharedSecret: description: |- Immutable. Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object targetVPNGatewayRef: description: |- The ComputeTargetVPNGateway with which this VPN tunnel is associated. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object vpnGatewayInterface: description: Immutable. The interface ID of the VPN gateway with which this VPN tunnel is associated. type: integer vpnGatewayRef: description: |- The ComputeVPNGateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - region - sharedSecret type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string detailedStatus: description: Detailed status message for the VPN tunnel. type: string labelFingerprint: description: |- The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string sharedSecretHash: description: Hash of the shared secret. type: string tunnelId: description: The unique identifier for the resource. This identifier is defined by the server. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com spec: group: configcontroller.cnrm.cloud.google.com names: categories: - gcp kind: ConfigControllerInstance plural: configcontrollerinstances shortNames: - gcpconfigcontrollerinstance - gcpconfigcontrollerinstances singular: configcontrollerinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: Immutable. The location for the resource type: string managementConfig: description: Immutable. Configuration of the cluster management properties: fullManagementConfig: description: Immutable. Configuration of the full (Autopilot) cluster management properties: clusterCidrBlock: description: Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string clusterNamedRange: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_cidr_block can be used to automatically create a GKE-managed one. type: string manBlock: description: Immutable. Master Authorized Network. Allows access to the k8s master from this block. type: string masterIPv4CidrBlock: description: Immutable. The /28 network that the masters will use. type: string networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Existing VPC Network to put the GKE cluster and nodes in. Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object servicesCidrBlock: description: Immutable. The IP address range for the cluster service IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string servicesNamedRange: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_cidr_block can be used to automatically create a GKE-managed one. type: string type: object standardManagementConfig: description: Immutable. Configuration of the standard (GKE) cluster management properties: clusterCidrBlock: description: Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string clusterNamedRange: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_cidr_block can be used to automatically create a GKE-managed one. type: string manBlock: description: Immutable. Master Authorized Network. Allows access to the k8s master from this block. type: string masterIPv4CidrBlock: description: Immutable. The /28 network that the masters will use. type: string networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Existing VPC Network to put the GKE cluster and nodes in. Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object servicesCidrBlock: description: Immutable. The IP address range for the cluster service IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string servicesNamedRange: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_cidr_block can be used to automatically create a GKE-managed one. type: string required: - masterIPv4CidrBlock type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string usePrivateEndpoint: description: Immutable. Only allow access to the master's private endpoint IP. type: boolean required: - location - managementConfig - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array gkeResourceLink: description: Output only. KrmApiHost GCP self link used for identifying the underlying endpoint (GKE cluster currently). type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The current state of the internal state machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com spec: group: containeranalysis.cnrm.cloud.google.com names: categories: - gcp kind: ContainerAnalysisNote plural: containeranalysisnotes shortNames: - gcpcontaineranalysisnote - gcpcontaineranalysisnotes singular: containeranalysisnote preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attestation: description: A note describing an attestation role. properties: hint: description: Hint hints at the purpose of the attestation authority. properties: humanReadableName: description: Required. The human readable name of this attestation authority, for example "qa". type: string required: - humanReadableName type: object type: object build: description: A note describing build provenance for a verifiable build. properties: builderVersion: description: Required. Immutable. Version of the builder which produced this build. type: string required: - builderVersion type: object deployment: description: A note describing something that can be deployed. properties: resourceUri: description: Required. Resource URI for the artifact being deployed. items: type: string type: array required: - resourceUri type: object discovery: description: A note describing the initial analysis of a resource. properties: analysisKind: description: 'The kind of analysis that is handled by this discovery. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' type: string required: - analysisKind type: object expirationTime: description: Time of expiration for this note. Empty if note does not expire. format: date-time type: string image: description: A note describing a base image. properties: fingerprint: description: Required. Immutable. The fingerprint of the base image. properties: v1Name: description: Required. The layer ID of the final layer in the Docker image's v1 representation. type: string v2Blob: description: Required. The ordered list of v2 blobs that represent a given image. items: type: string type: array required: - v1Name - v2Blob type: object resourceUrl: description: Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. type: string required: - fingerprint - resourceUrl type: object longDescription: description: A detailed description of this note. type: string package: description: Required for non-Windows OS. The package this Upgrade is for. properties: distribution: description: The various channels by which a package is distributed. items: properties: architecture: description: 'The CPU architecture for which packages in this distribution channel were built Possible values: ARCHITECTURE_UNSPECIFIED, X86, X64' type: string cpeUri: description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package. type: string description: description: The distribution channel-specific description of this package. type: string latestVersion: description: The latest available version of this package in this distribution channel. properties: epoch: description: Used to correct mistakes in the version numbering scheme. format: int64 type: integer fullName: description: Human readable version string. This string is of the form :- and is only set when kind is NORMAL. type: string kind: description: 'Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, NORMAL, MINIMUM, MAXIMUM' type: string name: description: The main part of the version name. type: string revision: description: The iteration of the package build from the above version. type: string required: - kind type: object maintainer: description: A freeform string denoting the maintainer of this package. type: string url: description: The distribution channel-specific homepage for this package. type: string required: - cpeUri type: object type: array name: description: The name of the package. type: string required: - name type: object relatedNoteNames: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array relatedUrl: description: URLs associated with this note. items: properties: label: description: Label to describe usage of the URL type: string url: description: Specific URL to associate with the note type: string type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string shortDescription: description: A one sentence description of this note. type: string vulnerability: description: A note describing a package vulnerability. properties: cvssScore: description: The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. format: double type: number cvssV3: description: The full description of the CVSSv3 for this vulnerability. properties: attackComplexity: description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' type: string attackVector: description: 'Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, ATTACK_VECTOR_PHYSICAL' type: string availabilityImpact: description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE' type: string baseScore: description: The base score is a function of the base metric scores. format: double type: number confidentialityImpact: description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE' type: string exploitabilityScore: format: double type: number impactScore: format: double type: number integrityImpact: description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE' type: string privilegesRequired: description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' type: string scope: description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, SCOPE_CHANGED' type: string userInteraction: description: ' Possible values: USER_INTERACTION_UNSPECIFIED, USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' type: string type: object details: description: Details of all known distros and packages affected by this vulnerability. items: properties: affectedCpeUri: description: Required. The (https://cpe.mitre.org/specification/) this vulnerability affects. type: string affectedPackage: description: Required. The package this vulnerability affects. type: string affectedVersionEnd: description: 'The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: ) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.' properties: epoch: description: Used to correct mistakes in the version numbering scheme. format: int64 type: integer fullName: description: Human readable version string. This string is of the form :- and is only set when kind is NORMAL. type: string kind: description: 'Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' type: string name: description: Required only when version kind is NORMAL. The main part of the version name. type: string revision: description: The iteration of the package build from the above version. type: string required: - kind type: object affectedVersionStart: description: 'The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: ) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.' properties: epoch: description: Used to correct mistakes in the version numbering scheme. format: int64 type: integer fullName: description: Human readable version string. This string is of the form :- and is only set when kind is NORMAL. type: string kind: description: 'Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' type: string name: description: Required only when version kind is NORMAL. The main part of the version name. type: string revision: description: The iteration of the package build from the above version. type: string required: - kind type: object description: description: A vendor-specific description of this vulnerability. type: string fixedCpeUri: description: The distro recommended (https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri. type: string fixedPackage: description: The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package. type: string fixedVersion: description: The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available. properties: epoch: description: Used to correct mistakes in the version numbering scheme. format: int64 type: integer fullName: description: Human readable version string. This string is of the form :- and is only set when kind is NORMAL. type: string kind: description: 'Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' type: string name: description: Required only when version kind is NORMAL. The main part of the version name. type: string revision: description: The iteration of the package build from the above version. type: string required: - kind type: object isObsolete: description: Whether this detail is obsolete. Occurrences are expected not to point to obsolete details. type: boolean packageType: description: The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.). type: string severityName: description: The distro assigned severity of this vulnerability. type: string sourceUpdateTime: description: The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. format: date-time type: string required: - affectedCpeUri - affectedPackage type: object type: array severity: description: 'The note provider assigned severity of this vulnerability. Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, HIGH, CRITICAL' type: string sourceUpdateTime: description: The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker. format: date-time type: string windowsDetails: description: Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version. items: properties: cpeUri: description: Required. The (https://cpe.mitre.org/specification/) this vulnerability affects. type: string description: description: The description of this vulnerability. type: string fixingKbs: description: Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix. items: properties: name: description: The KB name (generally of the form KB+ (e.g., KB123456)). type: string url: description: A link to the KB in the (https://www.catalog.update.microsoft.com/). type: string type: object type: array name: description: Required. The name of this vulnerability. type: string required: - cpeUri - fixingKbs - name type: object type: array type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time this note was created. This field can be used as a filter in list requests. format: date-time type: string image: properties: fingerprint: properties: v2Name: description: 'Output only. The name of the image''s v2 blobs computed via: ) Only the name of the final blob is kept.' type: string type: object type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The time this note was last updated. This field can be used as a filter in list requests. format: date-time type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com spec: group: containeranalysis.cnrm.cloud.google.com names: categories: - gcp kind: ContainerAnalysisOccurrence plural: containeranalysisoccurrences shortNames: - gcpcontaineranalysisoccurrence - gcpcontaineranalysisoccurrences singular: containeranalysisoccurrence preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attestation: description: |- Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. properties: serializedPayload: description: |- The serialized payload that is verified by one or more signatures. A base64-encoded string. type: string signatures: description: |- One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. items: properties: publicKeyId: description: |- The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values: * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". type: string signature: description: |- The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload. type: string required: - publicKeyId type: object type: array required: - serializedPayload - signatures type: object noteName: description: |- Immutable. The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object remediation: description: A description of actions that can be taken to remedy the note. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string resourceUri: description: |- Immutable. Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image. type: string required: - attestation - noteName - projectRef - resourceUri type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time when the repository was created. type: string kind: description: |- The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests. type: string name: description: The name of the occurrence. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The time when the repository was last updated. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: containerclusters.container.cnrm.cloud.google.com spec: group: container.cnrm.cloud.google.com names: categories: - gcp kind: ContainerCluster plural: containerclusters shortNames: - gcpcontainercluster - gcpcontainerclusters singular: containercluster preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addonsConfig: description: The configuration for addons supported by GKE. properties: cloudrunConfig: description: The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable. properties: disabled: type: boolean loadBalancerType: type: string required: - disabled type: object configConnectorConfig: description: The of the Config Connector addon. properties: enabled: type: boolean required: - enabled type: object dnsCacheConfig: description: The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gcePersistentDiskCsiDriverConfig: description: Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to enabled; set disabled = true to disable. properties: enabled: type: boolean required: - enabled type: object gcpFilestoreCsiDriverConfig: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gcsFuseCsiDriverConfig: description: The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object gkeBackupAgentConfig: description: The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object horizontalPodAutoscaling: description: The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable. properties: disabled: type: boolean required: - disabled type: object httpLoadBalancing: description: The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable. properties: disabled: type: boolean required: - disabled type: object istioConfig: description: The status of the Istio addon. properties: auth: description: The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS. type: string disabled: description: The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable. type: boolean required: - disabled type: object kalmConfig: description: Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable. properties: enabled: type: boolean required: - enabled type: object networkPolicyConfig: description: Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable. properties: disabled: type: boolean required: - disabled type: object type: object authenticatorGroupsConfig: description: Configuration for the Google Groups for GKE feature. properties: securityGroup: description: The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com. type: string required: - securityGroup type: object binaryAuthorization: description: Configuration options for the Binary Authorization feature. properties: enabled: description: DEPRECATED. Deprecated in favor of evaluation_mode. Enable Binary Authorization for this cluster. type: boolean evaluationMode: description: Mode of operation for Binary Authorization policy evaluation. type: string type: object clusterAutoscaling: description: Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. properties: autoProvisioningDefaults: description: Contains defaults for a node pool created by NAP. properties: bootDiskKMSKeyRef: description: |- Immutable. The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object diskSize: description: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. type: integer imageType: description: The default image type used by NAP once a new node pool is being created. type: string management: description: NodeManagement configuration for this NodePool. properties: autoRepair: description: Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. type: boolean autoUpgrade: description: Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. type: boolean upgradeOptions: description: Specifies the Auto Upgrade knobs for the node pool. items: properties: autoUpgradeStartTime: description: This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format. type: string description: description: This field is set when upgrades are about to commence with the description of the upgrade. type: string type: object type: array type: object minCpuPlatform: description: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. type: string oauthScopes: description: Scopes that are used by NAP when creating node pools. items: type: string type: array serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object shieldedInstanceConfig: description: Shielded Instance options. properties: enableIntegrityMonitoring: description: Defines whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Defines whether the instance has Secure Boot enabled. type: boolean type: object upgradeSettings: description: Specifies the upgrade settings for NAP created node pools. properties: blueGreenSettings: description: Settings for blue-green upgrade strategy. properties: nodePoolSoakDuration: description: "Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\"." type: string standardRolloutPolicy: description: Standard policy for the blue-green upgrade. properties: batchNodeCount: description: Number of blue nodes to drain in a batch. type: integer batchPercentage: description: Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0]. type: number batchSoakDuration: description: "Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\"." type: string type: object type: object maxSurge: description: The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. type: integer maxUnavailable: description: The maximum number of nodes that can be simultaneously unavailable during the upgrade process. type: integer strategy: description: Update strategy of the node pool. type: string type: object type: object autoscalingProfile: description: Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. type: string enabled: description: Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning. type: boolean resourceLimits: description: Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. items: properties: maximum: description: Maximum amount of the resource in the cluster. type: integer minimum: description: Minimum amount of the resource in the cluster. type: integer resourceType: description: The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types. type: string required: - resourceType type: object type: array type: object clusterIpv4Cidr: description: Immutable. The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined. type: string clusterTelemetry: description: Telemetry integration for the cluster. properties: type: description: Type of the integration. type: string required: - type type: object confidentialNodes: description: 'Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can''t be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.' properties: enabled: description: Immutable. Whether Confidential Nodes feature is enabled for all nodes in this cluster. type: boolean required: - enabled type: object costManagementConfig: description: Cost management configuration for the cluster. properties: enabled: description: Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false. type: boolean required: - enabled type: object databaseEncryption: description: 'Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key.' properties: keyName: description: The key to use to encrypt/decrypt secrets. type: string state: description: ENCRYPTED or DECRYPTED. type: string required: - state type: object datapathProvider: description: Immutable. The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation. type: string defaultMaxPodsPerNode: description: Immutable. The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. type: integer defaultSnatStatus: description: Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled. properties: disabled: description: When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic. type: boolean required: - disabled type: object description: description: Immutable. Description of the cluster. type: string dnsConfig: description: Immutable. Configuration for Cloud DNS for Kubernetes Engine. properties: clusterDns: description: Which in-cluster DNS provider should be used. type: string clusterDnsDomain: description: The suffix used for all cluster service records. type: string clusterDnsScope: description: The scope of access to cluster DNS records. type: string type: object enableAutopilot: description: Immutable. Enable Autopilot for this cluster. type: boolean enableBinaryAuthorization: description: DEPRECATED. Deprecated in favor of binary_authorization. Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. type: boolean enableKubernetesAlpha: description: Immutable. Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. type: boolean enableL4IlbSubsetting: description: Whether L4ILB Subsetting is enabled for this cluster. type: boolean enableLegacyAbac: description: Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false. type: boolean enableShieldedNodes: description: Enable Shielded Nodes features on all nodes in this cluster. Defaults to true. type: boolean enableTpu: description: Immutable. Whether to enable Cloud TPU resources in this cluster. type: boolean gatewayApiConfig: description: Configuration for GKE Gateway API controller. properties: channel: description: The Gateway API release channel to use for Gateway API. type: string required: - channel type: object identityServiceConfig: description: Configuration for Identity Service which allows customers to use external identity providers with the K8S API. properties: enabled: description: Whether to enable the Identity Service component. type: boolean type: object initialNodeCount: description: Immutable. The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true. type: integer ipAllocationPolicy: description: Immutable. Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. properties: clusterIpv4CidrBlock: description: Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string clusterSecondaryRangeName: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string podCidrOverprovisionConfig: description: Immutable. Configuration for cluster level pod cidr overprovision. Default is disabled=false. properties: disabled: type: boolean required: - disabled type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. type: string servicesSecondaryRangeName: description: Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string stackType: description: Immutable. The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set. type: string type: object location: description: Immutable. The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well. type: string loggingConfig: description: Logging configuration for the cluster. properties: enableComponents: description: GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS. items: type: string type: array required: - enableComponents type: object loggingService: description: The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes. type: string maintenancePolicy: description: The maintenance policy to use for the cluster. properties: dailyMaintenanceWindow: description: 'Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: duration: type: string startTime: type: string required: - startTime type: object maintenanceExclusion: description: Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. items: properties: endTime: type: string exclusionName: type: string exclusionOptions: description: Maintenance exclusion related options. properties: scope: description: The scope of automatic upgrades to restrict in the exclusion window. type: string required: - scope type: object startTime: type: string required: - endTime - exclusionName - startTime type: object type: array recurringWindow: description: Time window for recurring maintenance operations. properties: endTime: type: string recurrence: type: string startTime: type: string required: - endTime - recurrence - startTime type: object type: object masterAuth: description: DEPRECATED. Basic authentication was removed for GKE cluster versions >= 1.19. The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. properties: clientCertificate: description: Base64 encoded public certificate used by clients to authenticate to the cluster endpoint. type: string clientCertificateConfig: description: Immutable. Whether client certificate authorization is enabled for this cluster. properties: issueClientCertificate: description: Immutable. Whether client certificate authorization is enabled for this cluster. type: boolean required: - issueClientCertificate type: object clientKey: description: Base64 encoded private key used by clients to authenticate to the cluster endpoint. type: string clusterCaCertificate: description: Base64 encoded public certificate that is the root of trust for the cluster. type: string password: description: The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object username: description: The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled. type: string type: object masterAuthorizedNetworksConfig: description: The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). properties: cidrBlocks: description: External networks that can access the Kubernetes cluster master through HTTPS. items: properties: cidrBlock: description: External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation. type: string displayName: description: Field for users to identify CIDR blocks. type: string required: - cidrBlock type: object type: array gcpPublicCidrsAccessEnabled: description: Whether master is accessbile via Google Compute Engine Public IP addresses. type: boolean type: object meshCertificates: description: If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. properties: enableCertificates: description: When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. type: boolean required: - enableCertificates type: object minMasterVersion: description: The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). type: string monitoringConfig: description: Monitoring configuration for the cluster. properties: enableComponents: description: GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS. items: type: string type: array managedPrometheus: description: Configuration for Google Cloud Managed Services for Prometheus. properties: enabled: description: Whether or not the managed collection is enabled. type: boolean required: - enabled type: object type: object monitoringService: description: The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. type: string networkPolicy: description: Configuration options for the NetworkPolicy feature. properties: enabled: description: Whether network policy is enabled on the cluster. type: boolean provider: description: The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED. type: string required: - enabled type: object networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkingMode: description: Immutable. Determines whether alias IPs or routes will be used for pod IPs in the cluster. type: string nodeConfig: description: Immutable. The configuration of the nodepool. properties: advancedMachineFeatures: description: Immutable. Specifies options for controlling advanced machine features. properties: threadsPerCore: description: Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. type: integer required: - threadsPerCore type: object bootDiskKMSCryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object diskSizeGb: description: Immutable. Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. type: integer diskType: description: Immutable. Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd. type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object ephemeralStorageLocalSsdConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object gcfsConfig: description: Immutable. GCFS configuration for this node. properties: enabled: description: Immutable. Whether or not GCFS is enabled. type: boolean required: - enabled type: object guestAccelerator: description: Immutable. List of the type and count of accelerator cards attached to the instance. items: properties: count: description: Immutable. The number of the accelerator cards exposed to an instance. type: integer gpuPartitionSize: description: Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). type: string gpuSharingConfig: description: Immutable. Configuration for GPU sharing. properties: gpuSharingStrategy: description: Immutable. The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). type: string maxSharedClientsPerGpu: description: Immutable. The maximum number of containers that can share a GPU. type: integer required: - gpuSharingStrategy - maxSharedClientsPerGpu type: object type: description: Immutable. The accelerator type resource name. type: string required: - count - type type: object type: array gvnic: description: Immutable. Enable or disable gvnic in the node pool. properties: enabled: description: Immutable. Whether or not gvnic is enabled. type: boolean required: - enabled type: object imageType: description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. type: string kubeletConfig: description: Node kubelet configs. properties: cpuCfsQuota: description: Enable CPU CFS quota enforcement for containers that specify CPU limits. type: boolean cpuCfsQuotaPeriod: description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. type: string cpuManagerPolicy: description: Control the CPU management policy on the node. type: string podPidsLimit: description: Controls the maximum number of processes allowed to run in a pod. type: integer required: - cpuManagerPolicy type: object labels: additionalProperties: type: string description: Immutable. The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. properties: sysctls: additionalProperties: type: string description: The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. type: object required: - sysctls type: object localNvmeSsdBlockConfig: description: Immutable. Parameters for raw-block local NVMe SSDs. properties: localSsdCount: description: Immutable. Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. type: integer required: - localSsdCount type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. type: integer loggingVariant: description: Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. type: string machineType: description: Immutable. The name of a Google Compute Engine machine type. type: string metadata: additionalProperties: type: string description: Immutable. The metadata key/value pairs assigned to instances in the cluster. type: object minCpuPlatform: description: Immutable. Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. type: string nodeGroupRef: description: |- Immutable. Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNodeGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object oauthScopes: description: Immutable. The set of Google API scopes to be made available on all of the node VMs. items: type: string type: array preemptible: description: Immutable. Whether the nodes are created as preemptible VM instances. type: boolean reservationAffinity: description: Immutable. The reservation affinity configuration for the node pool. properties: consumeReservationType: description: Immutable. Corresponds to the type of reservation consumption. type: string key: description: Immutable. The label key of a reservation resource. type: string values: description: Immutable. The label values of the reservation resource. items: type: string type: array required: - consumeReservationType type: object resourceLabels: additionalProperties: type: string description: The GCE resource labels (a map of key/value pairs) to be applied to the node pool. type: object sandboxConfig: description: Immutable. Sandbox configuration for this node. properties: sandboxType: description: Type of the sandbox to use for the node (e.g. 'gvisor'). type: string required: - sandboxType type: object serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object shieldedInstanceConfig: description: Immutable. Shielded Instance options. properties: enableIntegrityMonitoring: description: Immutable. Defines whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Immutable. Defines whether the instance has Secure Boot enabled. type: boolean type: object spot: description: Immutable. Whether the nodes are created as spot VM instances. type: boolean tags: description: The list of instance tags applied to all nodes. items: type: string type: array taint: description: Immutable. List of Kubernetes taints to be applied to each node. items: properties: effect: description: Immutable. Effect for taint. type: string key: description: Immutable. Key for taint. type: string value: description: Immutable. Value for taint. type: string required: - effect - key - value type: object type: array workloadMetadataConfig: description: Immutable. The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata to workloads running on the node. type: string nodeMetadata: description: DEPRECATED. Deprecated in favor of mode. NodeMetadata is the configuration for how to expose metadata to the workloads running on the node. type: string type: object type: object nodeLocations: description: The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone. items: type: string type: array nodePoolAutoConfig: description: Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters. properties: networkTags: description: Collection of Compute Engine network tags that can be applied to a node's underlying VM instance. properties: tags: description: List of network tags applied to auto-provisioned node pools. items: type: string type: array type: object type: object nodePoolDefaults: description: The default nodel pool settings for the entire cluster. properties: nodeConfigDefaults: description: Subset of NodeConfig message that has defaults. properties: gcfsConfig: description: GCFS configuration for this node. properties: enabled: description: Whether or not GCFS is enabled. type: boolean required: - enabled type: object loggingVariant: description: Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. type: string type: object type: object nodeVersion: type: string notificationConfig: description: The notification config for sending cluster upgrade notifications. properties: pubsub: description: Notification config for Cloud Pub/Sub. properties: enabled: description: Whether or not the notification config is enabled. type: boolean filter: description: Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent. properties: eventType: description: Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. items: type: string type: array required: - eventType type: object topicRef: description: The PubSubTopic to send the notification to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - enabled type: object required: - pubsub type: object podSecurityPolicyConfig: description: Configuration for the PodSecurityPolicy feature. properties: enabled: description: Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. type: boolean required: - enabled type: object privateClusterConfig: description: Configuration for private clusters, clusters with private nodes. properties: enablePrivateEndpoint: description: When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true. type: boolean enablePrivateNodes: description: Immutable. Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking. type: boolean masterGlobalAccessConfig: description: Controls cluster master global access settings. properties: enabled: description: Whether the cluster master is accessible globally or not. type: boolean required: - enabled type: object masterIpv4CidrBlock: description: Immutable. The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true. type: string peeringName: description: The name of the peering between this cluster and the Google owned VPC. type: string privateEndpoint: description: The internal IP address of this cluster's master endpoint. type: string privateEndpointSubnetworkRef: description: |- Immutable. Subnetwork in cluster's network where master's endpoint will be provisioned. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publicEndpoint: description: The external IP address of this cluster's master endpoint. type: string type: object privateIpv6GoogleAccess: description: The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string protectConfig: description: Enable/Disable Protect API features for the cluster. properties: workloadConfig: description: WorkloadConfig defines which actions are enabled for a cluster's workload configurations. properties: auditMode: description: Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. type: string required: - auditMode type: object workloadVulnerabilityMode: description: Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. type: string type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the "UNSPECIFIED" channel. properties: channel: description: |- The selected release channel. Accepted values are: * UNSPECIFIED: Not set. * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. type: string required: - channel type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourceUsageExportConfig: description: Configuration for the ResourceUsageExportConfig feature. properties: bigqueryDestination: description: Parameters for using BigQuery as the destination of resource usage export. properties: datasetId: description: The ID of a BigQuery Dataset. type: string required: - datasetId type: object enableNetworkEgressMetering: description: Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. type: boolean enableResourceConsumptionMetering: description: Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true. type: boolean required: - bigqueryDestination type: object serviceExternalIpsConfig: description: If set, and enabled=true, services with external ips field will not be blocked. properties: enabled: description: When enabled, services with exterenal ips specified will be allowed. type: boolean required: - enabled type: object subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object verticalPodAutoscaling: description: Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. properties: enabled: description: Enables vertical pod autoscaling. type: boolean required: - enabled type: object workloadIdentityConfig: description: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies. properties: identityNamespace: description: |- DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. Enables workload identity. type: string workloadPool: description: The workload pool to attach all Kubernetes service accounts to. type: string type: object required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array endpoint: description: The IP address of this cluster's Kubernetes master. type: string labelFingerprint: description: The fingerprint of the set of labels for this cluster. type: string masterVersion: description: The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer operation: type: string selfLink: description: Server-defined URL for the resource. type: string servicesIpv4Cidr: description: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR. type: string tpuIpv4CidrBlock: description: The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29). type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: containernodepools.container.cnrm.cloud.google.com spec: group: container.cnrm.cloud.google.com names: categories: - gcp kind: ContainerNodePool plural: containernodepools shortNames: - gcpcontainernodepool - gcpcontainernodepools singular: containernodepool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoscaling: description: Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. To disable autoscaling, set minNodeCount and maxNodeCount to 0. properties: locationPolicy: description: Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs. type: string maxNodeCount: description: Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits. type: integer minNodeCount: description: Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits. type: integer totalMaxNodeCount: description: Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits. type: integer totalMinNodeCount: description: Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits. type: integer type: object clusterRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object initialNodeCount: description: Immutable. The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. type: integer location: description: Immutable. The location (region or zone) of the cluster. type: string management: description: Node management configuration, wherein auto-repair and auto-upgrade is configured. properties: autoRepair: description: Whether the nodes will be automatically repaired. type: boolean autoUpgrade: description: Whether the nodes will be automatically upgraded. type: boolean type: object maxPodsPerNode: description: Immutable. The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled. type: integer namePrefix: description: Immutable. Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name. type: string networkConfig: description: Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults. properties: createPodRange: description: Immutable. Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified. type: boolean enablePrivateNodes: description: Whether nodes have internal IP addresses only. type: boolean podCidrOverprovisionConfig: description: Immutable. Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. properties: disabled: type: boolean required: - disabled type: object podIpv4CidrBlock: description: Immutable. The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use. type: string podRange: description: Immutable. The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID. type: string type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: advancedMachineFeatures: description: Immutable. Specifies options for controlling advanced machine features. properties: threadsPerCore: description: Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. type: integer required: - threadsPerCore type: object bootDiskKMSCryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object diskSizeGb: description: Immutable. Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. type: integer diskType: description: Immutable. Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd. type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object ephemeralStorageLocalSsdConfig: description: Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size. type: integer required: - localSsdCount type: object gcfsConfig: description: Immutable. GCFS configuration for this node. properties: enabled: description: Immutable. Whether or not GCFS is enabled. type: boolean required: - enabled type: object guestAccelerator: description: Immutable. List of the type and count of accelerator cards attached to the instance. items: properties: count: description: Immutable. The number of the accelerator cards exposed to an instance. type: integer gpuPartitionSize: description: Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). type: string gpuSharingConfig: description: Immutable. Configuration for GPU sharing. properties: gpuSharingStrategy: description: Immutable. The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). type: string maxSharedClientsPerGpu: description: Immutable. The maximum number of containers that can share a GPU. type: integer required: - gpuSharingStrategy - maxSharedClientsPerGpu type: object type: description: Immutable. The accelerator type resource name. type: string required: - count - type type: object type: array gvnic: description: Immutable. Enable or disable gvnic in the node pool. properties: enabled: description: Immutable. Whether or not gvnic is enabled. type: boolean required: - enabled type: object imageType: description: The image type to use for this node. Note that for a given image type, the latest version of it will be used. type: string kubeletConfig: description: Node kubelet configs. properties: cpuCfsQuota: description: Enable CPU CFS quota enforcement for containers that specify CPU limits. type: boolean cpuCfsQuotaPeriod: description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. type: string cpuManagerPolicy: description: Control the CPU management policy on the node. type: string podPidsLimit: description: Controls the maximum number of processes allowed to run in a pod. type: integer required: - cpuManagerPolicy type: object labels: additionalProperties: type: string description: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. properties: sysctls: additionalProperties: type: string description: The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. type: object required: - sysctls type: object localNvmeSsdBlockConfig: description: Immutable. Parameters for raw-block local NVMe SSDs. properties: localSsdCount: description: Immutable. Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. type: integer required: - localSsdCount type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. type: integer loggingVariant: description: Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. type: string machineType: description: Immutable. The name of a Google Compute Engine machine type. type: string metadata: additionalProperties: type: string description: Immutable. The metadata key/value pairs assigned to instances in the cluster. type: object minCpuPlatform: description: Immutable. Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. type: string nodeGroupRef: description: |- Immutable. Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNodeGroup` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object oauthScopes: description: Immutable. The set of Google API scopes to be made available on all of the node VMs. items: type: string type: array preemptible: description: Immutable. Whether the nodes are created as preemptible VM instances. type: boolean reservationAffinity: description: Immutable. The reservation affinity configuration for the node pool. properties: consumeReservationType: description: Immutable. Corresponds to the type of reservation consumption. type: string key: description: Immutable. The label key of a reservation resource. type: string values: description: Immutable. The label values of the reservation resource. items: type: string type: array required: - consumeReservationType type: object resourceLabels: additionalProperties: type: string description: The GCE resource labels (a map of key/value pairs) to be applied to the node pool. type: object sandboxConfig: description: Immutable. Sandbox configuration for this node. properties: sandboxType: description: Type of the sandbox to use for the node (e.g. 'gvisor'). type: string required: - sandboxType type: object serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object shieldedInstanceConfig: description: Immutable. Shielded Instance options. properties: enableIntegrityMonitoring: description: Immutable. Defines whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Immutable. Defines whether the instance has Secure Boot enabled. type: boolean type: object spot: description: Immutable. Whether the nodes are created as spot VM instances. type: boolean tags: description: The list of instance tags applied to all nodes. items: type: string type: array taint: description: Immutable. List of Kubernetes taints to be applied to each node. items: properties: effect: description: Immutable. Effect for taint. type: string key: description: Immutable. Key for taint. type: string value: description: Immutable. Value for taint. type: string required: - effect - key - value type: object type: array workloadMetadataConfig: description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata to workloads running on the node. type: string nodeMetadata: description: DEPRECATED. Deprecated in favor of mode. NodeMetadata is the configuration for how to expose metadata to the workloads running on the node. type: string type: object type: object nodeCount: description: The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling. type: integer nodeLocations: description: The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used. items: type: string type: array placementPolicy: description: Immutable. Specifies the node placement policy. properties: type: description: Type defines the type of placement policy. type: string required: - type type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string upgradeSettings: description: Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20. properties: blueGreenSettings: description: Settings for BlueGreen node pool upgrade. properties: nodePoolSoakDuration: description: Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. type: string standardRolloutPolicy: description: Standard rollout policy is the default policy for blue-green. properties: batchNodeCount: description: Number of blue nodes to drain in a batch. type: integer batchPercentage: description: Percentage of the blue pool nodes to drain in a batch. type: number batchSoakDuration: description: Soak time after each batch gets drained. type: string type: object required: - standardRolloutPolicy type: object maxSurge: description: The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater. type: integer maxUnavailable: description: The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater. type: integer strategy: description: Update strategy for the given nodepool. type: string type: object version: type: string required: - clusterRef - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array instanceGroupUrls: description: The resource URLs of the managed instance groups associated with this node pool. items: type: string type: array managedInstanceGroupUrls: description: List of instance group URLs which have been assigned to this node pool. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer operation: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogentries.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogEntry plural: datacatalogentries shortNames: - gcpdatacatalogentry - gcpdatacatalogentries singular: datacatalogentry preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Entry description, which can consist of several sentences or paragraphs that describe entry contents. type: string displayName: description: |- Display information such as title and description. A short name to identify the entry, for example, "Analytics Data - Jan 2011". type: string entryGroup: description: Immutable. The name of the entry group this entry is in. type: string entryId: description: Immutable. The id of the entry to create. type: string gcsFilesetSpec: description: Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. properties: filePatterns: description: |- Patterns to identify a set of files in Google Cloud Storage. See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. * gs://bucket_name/file*: matches files prefixed by file in bucket_name * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. items: type: string type: array sampleGcsFileSpecs: description: Sample files contained in this fileset, not all files contained in this fileset are represented here. items: properties: filePath: description: The full file path. type: string sizeBytes: description: The size of the file, in bytes. type: integer type: object type: array required: - filePatterns type: object linkedResource: description: |- The resource this metadata entry refers to. For Google Cloud Platform resources, linkedResource is the full name of the resource. For example, the linkedResource for a table resource from BigQuery is: //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, this field is optional and defaults to an empty string. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string schema: description: |- Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema attached to it. See https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema for what fields this schema can contain. type: string type: description: |- Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. type: string userSpecifiedSystem: description: |- This field indicates the entry's source system that Data Catalog does not integrate with. userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. type: string userSpecifiedType: description: |- Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. When creating an entry, users should check the enum values first, if nothing matches the entry to be created, then provide a custom value, for example "my_special_type". userSpecifiedType strings must begin with a letter or underscore and can only contain letters, numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. type: string required: - entryGroup - entryId type: object status: properties: bigqueryDateShardedSpec: description: |- Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. items: properties: dataset: description: |- The Data Catalog resource name of the dataset entry the current table belongs to, for example, projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. type: string shardCount: description: Total number of shards. type: integer tablePrefix: description: |- The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, for example, for shard MyTable20180101, the tablePrefix is MyTable. type: string type: object type: array bigqueryTableSpec: description: Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. items: properties: tableSourceType: description: The table source type. type: string tableSpec: description: Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. items: properties: groupedEntry: description: |- If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the Data Catalog resource name of the date sharded grouped entry, for example, projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. Otherwise, groupedEntry is empty. type: string type: object type: array viewSpec: description: Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. items: properties: viewQuery: description: The query that defines the table view. type: string type: object type: array type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array integratedSystem: description: This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. type: string name: description: |- The Data Catalog resource name of the entry in URL format. Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. Note that this Entry and its child resources may not actually be stored in the location in this name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogEntryGroup plural: datacatalogentrygroups shortNames: - gcpdatacatalogentrygroup - gcpdatacatalogentrygroups singular: datacatalogentrygroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. type: string displayName: description: A short name to identify the entry group, for example, "analytics data - jan 2011". type: string entryGroupId: description: |- Immutable. The id of the entry group to create. The id must begin with a letter or underscore, contain only English letters, numbers and underscores, and be at most 64 characters. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. EntryGroup location region. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - entryGroupId - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogPolicyTag plural: datacatalogpolicytags shortNames: - gcpdatacatalogpolicytag - gcpdatacatalogpolicytags singular: datacatalogpolicytag preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- Description of this policy tag. It must: contain only unicode characters, tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes long when encoded in UTF-8. If not set, defaults to an empty description. If not set, defaults to an empty description. type: string displayName: description: |- User defined name of this policy tag. It must: be unique within the parent taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. type: string parentPolicyTagRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string taxonomyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - displayName - taxonomyRef type: object status: properties: childPolicyTags: description: Resource names of child policy tags of this policy tag. items: type: string type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- Resource name of this policy tag, whose format is: "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogtags.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogTag plural: datacatalogtags shortNames: - gcpdatacatalogtag - gcpdatacatalogtags singular: datacatalogtag preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: column: description: |- Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an individual column based on that schema. For attaching a tag to a nested column, use '.' to separate the column names. Example: 'outer_column.inner_column'. type: string fields: description: |- This maps the ID of a tag field to the value of and additional information about that field. Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. items: properties: boolValue: description: Holds the value for a tag field with boolean type. type: boolean displayName: description: The display name of this field. type: string doubleValue: description: Holds the value for a tag field with double type. type: number enumValue: description: The display name of the enum value. type: string fieldName: type: string order: description: |- The order of this field with respect to other fields in this tag. For example, a higher value can indicate a more important field. The value can be negative. Multiple fields can have the same order, and field orders within a tag do not have to be sequential. type: integer stringValue: description: Holds the value for a tag field with string type. type: string timestampValue: description: Holds the value for a tag field with timestamp type. type: string required: - fieldName type: object type: array parent: description: |- Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to all entries in that group. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string template: description: |- Immutable. The resource name of the tag template that this tag uses. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} This field cannot be modified after creation. type: string required: - fields - template type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name of the tag in URL format. Example: projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer templateDisplayname: description: The display name of the tag template. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogTagTemplate plural: datacatalogtagtemplates shortNames: - gcpdatacatalogtagtemplate - gcpdatacatalogtagtemplates singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The display name for this template. type: string fields: description: Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it. items: properties: description: description: A description for this field. type: string displayName: description: The display name for this field. type: string fieldId: type: string isRequired: description: Whether this is a required field. Defaults to false. type: boolean name: description: 'The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' type: string order: description: |- The order of this field with respect to other fields in this tag template. A higher value indicates a more important field. The value can be negative. Multiple fields can have the same order, and field orders within a tag do not have to be sequential. type: integer type: description: The type of value this tag field can contain. properties: enumType: description: |- Represents an enum type. Exactly one of 'primitive_type' or 'enum_type' must be set. properties: allowedValues: description: |- The set of allowed values for this enum. The display names of the values must be case-insensitively unique within this set. Currently, enum values can only be added to the list of allowed values. Deletion and renaming of enum values are not supported. Can have up to 500 allowed values. items: properties: displayName: description: The display name of the enum value. type: string required: - displayName type: object type: array required: - allowedValues type: object primitiveType: description: |- Represents primitive types - string, bool etc. Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. type: string type: object required: - fieldId - type type: object type: array forceDelete: description: This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. Template location region. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string tagTemplateId: description: Immutable. The id of the tag template to create. type: string required: - fields - projectRef - tagTemplateId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com spec: group: datacatalog.cnrm.cloud.google.com names: categories: - gcp kind: DataCatalogTaxonomy plural: datacatalogtaxonomies shortNames: - gcpdatacatalogtaxonomy - gcpdatacatalogtaxonomies singular: datacatalogtaxonomy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: activatedPolicyTypes: description: |- A list of policy types that are activated for this taxonomy. If not set, defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. items: type: string type: array description: description: |- Description of this taxonomy. It must: contain only unicode characters, tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes long when encoded in UTF-8. If not set, defaults to an empty description. type: string displayName: description: |- User defined name of this taxonomy. It must: contain only unicode letters, numbers, underscores, dashes and spaces; not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. Taxonomy location region. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- Resource name of this taxonomy, whose format is: "projects/{project}/locations/{region}/taxonomies/{taxonomy}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com spec: group: dataflow.cnrm.cloud.google.com names: categories: - gcp kind: DataflowFlexTemplateJob plural: dataflowflextemplatejobs shortNames: - gcpdataflowflextemplatejob - gcpdataflowflextemplatejobs singular: dataflowflextemplatejob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: containerSpecGcsPath: type: string parameters: type: object x-kubernetes-preserve-unknown-fields: true region: description: Immutable. The region in which the created job should run. type: string required: - containerSpecGcsPath type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array jobId: type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: type: string type: description: The type of this job, selected from the JobType enum. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: group: dataflow.cnrm.cloud.google.com names: categories: - gcp kind: DataflowJob plural: dataflowjobs shortNames: - gcpdataflowjob - gcpdataflowjobs singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: additionalExperiments: description: List of experiments that should be used by the job. An example value is ["enable_stackdriver_agent_metrics"]. items: type: string type: array enableStreamingEngine: description: Indicates if the job should use the streaming engine feature. type: boolean ipConfiguration: description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" or "WORKER_IP_PRIVATE". type: string kmsKeyRef: description: The name for the Cloud KMS key for the job. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: The machine type to use for the job. type: string maxWorkers: description: Immutable. The number of workers permitted to work on the job. More workers may improve processing speed at additional cost. type: integer networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object parameters: description: Key/Value pairs to be passed to the Dataflow job (as used in the template). type: object x-kubernetes-preserve-unknown-fields: true region: description: Immutable. The region in which the created job should run. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object subnetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tempGcsLocation: description: A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data. type: string templateGcsPath: description: The Google Cloud Storage path to the Dataflow job template. type: string transformNameMapping: description: Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job. type: object x-kubernetes-preserve-unknown-fields: true zone: description: Immutable. The zone in which the created job should run. If it is not provided, the provider zone is used. type: string required: - tempGcsLocation - templateGcsPath type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array jobId: description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: The current state of the resource, selected from the JobState enum. type: string type: description: The type of this job, selected from the JobType enum. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dataformrepositories.dataform.cnrm.cloud.google.com spec: group: dataform.cnrm.cloud.google.com names: categories: - gcp kind: DataformRepository plural: dataformrepositories shortNames: - gcpdataformrepository - gcpdataformrepositories singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: gitRemoteSettings: description: Optional. If set, configures this repository to be linked to a Git remote. properties: authenticationTokenSecretVersion: description: The name of the Secret Manager secret version to use as an authentication token for Git operations. Must be in the format projects/*/secrets/*/versions/*. type: string defaultBranch: description: The Git remote's default branch name. type: string tokenStatus: description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. type: string url: description: The Git remote's URL. type: string required: - authenticationTokenSecretVersion - defaultBranch - url type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. A reference to the region. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: group: datafusion.cnrm.cloud.google.com names: categories: - gcp kind: DataFusionInstance plural: datafusioninstances shortNames: - gcpdatafusioninstance - gcpdatafusioninstances singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataprocServiceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Immutable. A description of this instance. type: string displayName: description: Immutable. Display name for an instance. type: string enableStackdriverLogging: description: Option to enable Stackdriver Logging. type: boolean enableStackdriverMonitoring: description: Option to enable Stackdriver Monitoring. type: boolean location: description: Immutable. The location for the resource type: string networkConfig: description: Immutable. Network configuration options. These are required when a private Data Fusion instance is to be created. properties: ipAllocation: description: Immutable. The IP range in CIDR notation to use for the managed Data Fusion instance nodes. This range must not overlap with any other ranges used in the customer network. type: string networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object options: additionalProperties: type: string description: Immutable. Map of additional options used to configure the behavior of Data Fusion instance. type: object privateInstance: description: Immutable. Specifies whether the Data Fusion instance should be private. If set to true, all Data Fusion nodes will have private IP addresses and will not be able to access the public internet. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: 'Immutable. Required. Instance type. Possible values: TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' type: string version: description: Current version of the Data Fusion. type: string zone: description: Immutable. Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. type: string required: - location - type type: object status: properties: apiEndpoint: description: Output only. Endpoint on which the REST APIs is accessible. type: string availableVersion: description: Available versions that the instance can be upgraded to. items: properties: availableFeatures: description: Represents a list of available feature names for a given version. items: type: string type: array defaultVersion: description: Whether this is currently the default version for Cloud Data Fusion type: boolean versionNumber: description: The version number of the Data Fusion instance, such as '6.0.1.0'. type: string type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time the instance was created. format: date-time type: string gcsBucket: description: Output only. Cloud Storage bucket generated by Data Fusion in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer p4ServiceAccount: description: Output only. P4 service account for the customer project. type: string serviceEndpoint: description: Output only. Endpoint on which the Data Fusion UI is accessible. type: string state: description: 'Output only. The current state of this Data Fusion instance. Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' type: string stateMessage: description: Output only. Additional information about the current state of this Data Fusion instance if available. type: string tenantProjectId: description: Output only. The name of the tenant project. type: string updateTime: description: Output only. The time the instance was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp kind: DataprocAutoscalingPolicy plural: dataprocautoscalingpolicies shortNames: - gcpdataprocautoscalingpolicy - gcpdataprocautoscalingpolicies singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: basicAlgorithm: properties: cooldownPeriod: description: 'Optional. Duration between scaling events. A scaling period starts after the update operation from the previous event has completed. Bounds: . Default: 2m.' type: string yarnConfig: description: Required. YARN autoscaling configuration. properties: gracefulDecommissionTimeout: description: Required. Timeout for YARN graceful decommissioning of Node Managers. Specifies the duration to wait for jobs to complete before forcefully removing workers (and potentially interrupting jobs). Only applicable to downscaling operations. type: string scaleDownFactor: description: Required. Fraction of average YARN pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job. See . format: double type: number scaleDownMinWorkerFraction: description: 'Optional. Minimum scale-down threshold as a fraction of total cluster size before scaling occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must recommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0 means the autoscaler will scale down on any recommended change. Bounds: . Default: 0.0.' format: double type: number scaleUpFactor: description: Required. Fraction of average YARN pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling). See . format: double type: number scaleUpMinWorkerFraction: description: 'Optional. Minimum scale-up threshold as a fraction of total cluster size before scaling occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must recommend at least a 2-worker scale-up for the cluster to scale. A threshold of 0 means the autoscaler will scale up on any recommended change. Bounds: . Default: 0.0.' format: double type: number required: - gracefulDecommissionTimeout - scaleDownFactor - scaleUpFactor type: object required: - yarnConfig type: object location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string secondaryWorkerConfig: description: Optional. Describes how the autoscaler will operate for secondary workers. properties: maxInstances: description: 'Optional. Maximum number of instances for this group. Note that by default, clusters will not use secondary workers. Required for secondary workers if the minimum secondary instances is set. Primary workers - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, ). Default: 0.' format: int64 type: integer minInstances: description: 'Optional. Minimum number of instances for this group. Primary workers - Bounds: . Default: 0.' format: int64 type: integer weight: description: 'Optional. Weight for the instance group, which is used to determine the fraction of total workers in the cluster from this instance group. For example, if primary workers have weight 2, and secondary workers have weight 1, the cluster will have approximately 2 primary workers for each secondary worker. The cluster may not reach the specified balance if constrained by min/max bounds or other autoscaling settings. For example, if `max_instances` for secondary workers is 0, then only primary workers will be added. The cluster can also be out of balance when created. If weight is not set on any instance group, the cluster will default to equal weight for all groups: the cluster will attempt to maintain an equal number of workers in each group within the configured size bounds for each group. If weight is set for one group only, the cluster will default to zero weight on the unset group. For example if weight is set only on primary workers, the cluster will use primary workers only and no secondary workers.' format: int64 type: integer type: object workerConfig: description: Required. Describes how the autoscaler will operate for primary workers. properties: maxInstances: description: 'Required. Maximum number of instances for this group. Required for primary workers. Note that by default, clusters will not use secondary workers. Required for secondary workers if the minimum secondary instances is set. Primary workers - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, ). Default: 0.' format: int64 type: integer minInstances: description: 'Optional. Minimum number of instances for this group. Primary workers - Bounds: . Default: 0.' format: int64 type: integer weight: description: 'Optional. Weight for the instance group, which is used to determine the fraction of total workers in the cluster from this instance group. For example, if primary workers have weight 2, and secondary workers have weight 1, the cluster will have approximately 2 primary workers for each secondary worker. The cluster may not reach the specified balance if constrained by min/max bounds or other autoscaling settings. For example, if `max_instances` for secondary workers is 0, then only primary workers will be added. The cluster can also be out of balance when created. If weight is not set on any instance group, the cluster will default to equal weight for all groups: the cluster will attempt to maintain an equal number of workers in each group within the configured size bounds for each group. If weight is set for one group only, the cluster will default to zero weight on the unset group. For example if weight is set only on primary workers, the cluster will use primary workers only and no secondary workers.' format: int64 type: integer required: - maxInstances type: object required: - basicAlgorithm - location - workerConfig type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp kind: DataprocCluster plural: dataprocclusters shortNames: - gcpdataproccluster - gcpdataprocclusters singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: config: description: Immutable. The cluster config. Note that Dataproc may set default values, and values may change when clusters are updated. properties: autoscalingConfig: description: Immutable. Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset. properties: policyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object dataprocMetricConfig: description: Immutable. Optional. The config for Dataproc metrics. properties: metrics: description: Immutable. Required. Metrics sources to enable. items: properties: metricOverrides: description: 'Immutable. Optional. Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect for the metric course (for the `SPARK` metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) can be specified). Provide metrics in the following format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` Notes: * Only the specified overridden metrics will be collected for the metric source. For example, if one or more `spark:executive` metrics are listed as metric overrides, other `SPARK` metrics will not be collected. The collection of the default metrics for other OSS metric sources is unaffected. For example, if both `SPARK` andd `YARN` metric sources are enabled, and overrides are provided for Spark metrics only, all default YARN metrics will be collected.' items: type: string type: array metricSource: description: 'Immutable. Required. Default metrics are collected unless `metricOverrides` are specified for the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, HIVESERVER2' type: string required: - metricSource type: object type: array required: - metrics type: object encryptionConfig: description: Immutable. Optional. Encryption settings for the cluster. properties: gcePdKmsKeyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object endpointConfig: description: Immutable. Optional. Port/endpoint configuration for this cluster properties: enableHttpPortAccess: description: Immutable. Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false. type: boolean type: object gceClusterConfig: description: Immutable. Optional. The shared Compute Engine config settings for all instances in a cluster. properties: confidentialInstanceConfig: description: Immutable. Optional. Confidential Instance Config for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). properties: enableConfidentialCompute: description: Immutable. Optional. Defines whether the instance should have confidential compute enabled. type: boolean type: object internalIPOnly: description: Immutable. Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses. type: boolean metadata: additionalProperties: type: string description: Immutable. The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). type: object networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` Allowed value: The `selfLink` field of a `ComputeNetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nodeGroupAffinity: description: Immutable. Optional. Node Group Affinity for sole-tenant clusters. properties: nodeGroupRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - nodeGroupRef type: object privateIPv6GoogleAccess: description: 'Immutable. Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' type: string reservationAffinity: description: Immutable. Optional. Reservation Affinity for consuming Zonal reservation. properties: consumeReservationType: description: 'Immutable. Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' type: string key: description: Immutable. Optional. Corresponds to the label key of reservation resource. type: string values: description: Immutable. Optional. Corresponds to the label values of reservation resource. items: type: string type: array type: object serviceAccountRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object serviceAccountScopes: description: 'Immutable. Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' items: type: string type: array shieldedInstanceConfig: description: Immutable. Optional. Shielded Instance Config for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). properties: enableIntegrityMonitoring: description: Immutable. Optional. Defines whether instances have integrity monitoring enabled. type: boolean enableSecureBoot: description: Immutable. Optional. Defines whether instances have Secure Boot enabled. type: boolean enableVtpm: description: Immutable. Optional. Defines whether instances have the vTPM enabled. type: boolean type: object subnetworkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tags: description: Immutable. The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). items: type: string type: array zone: description: 'Immutable. Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the "global" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`' type: string type: object initializationActions: description: 'Immutable. Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node''s `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions ... else ... worker specific actions ... fi' items: properties: executableFile: description: Immutable. Required. Cloud Storage URI of executable file. type: string executionTimeout: description: Immutable. Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. type: string required: - executableFile type: object type: array lifecycleConfig: description: Immutable. Optional. Lifecycle setting for the cluster. properties: autoDeleteTime: description: Immutable. Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string autoDeleteTtl: description: Immutable. Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). type: string idleDeleteTtl: description: Immutable. Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). type: string type: object masterConfig: description: Immutable. Optional. The Compute Engine config settings for the master instance in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string localSsdInterface: description: 'Immutable. Optional. Interface type of local SSDs (default is "scsi"). Valid values: "scsi" (Small Computer System Interface), "nvme" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object metastoreConfig: description: Immutable. Optional. Metastore configuration. properties: dataprocMetastoreServiceRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Required. Resource name of an existing Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' type: string name: description: |- [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - dataprocMetastoreServiceRef type: object secondaryWorkerConfig: description: Immutable. Optional. The Compute Engine config settings for additional worker instances in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string localSsdInterface: description: 'Immutable. Optional. Interface type of local SSDs (default is "scsi"). Valid values: "scsi" (Small Computer System Interface), "nvme" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object securityConfig: description: Immutable. Optional. Security settings for the cluster. properties: identityConfig: description: Immutable. Optional. Identity related configuration, including service account based secure multi-tenancy user mappings. properties: userServiceAccountMapping: additionalProperties: type: string description: Immutable. Required. Map of user to service account. type: object required: - userServiceAccountMapping type: object kerberosConfig: description: Immutable. Optional. Kerberos related configuration. properties: crossRealmTrustAdminServer: description: Immutable. Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. type: string crossRealmTrustKdc: description: Immutable. Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship. type: string crossRealmTrustRealm: description: Immutable. Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust. type: string crossRealmTrustSharedPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship. type: string enableKerberos: description: 'Immutable. Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.' type: boolean kdcDbKey: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. type: string keyPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc. type: string keystore: description: Immutable. Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. type: string keystorePassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc. type: string kmsKeyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The uri of the KMS key used to encrypt various sensitive files. Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object realm: description: Immutable. Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm. type: string rootPrincipalPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password. type: string tgtLifetimeHours: description: Immutable. Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used. format: int64 type: integer truststore: description: Immutable. Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. type: string truststorePassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc. type: string type: object type: object softwareConfig: description: Immutable. Optional. The config settings for software inside the cluster. properties: imageVersion: description: Immutable. Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as "1.2" (including a subminor version, such as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version. type: string optionalComponents: description: Immutable. Optional. The set of components to activate on the cluster. items: type: string type: array properties: additionalProperties: type: string description: 'Immutable. Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' type: object type: object stagingBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tempBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object workerConfig: description: Immutable. Optional. The Compute Engine config settings for worker instances in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string localSsdInterface: description: 'Immutable. Optional. Interface type of local SSDs (default is "scsi"). Valid values: "scsi" (Small Computer System Interface), "nvme" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object type: object location: description: Immutable. The location for the resource, usually a GCP region. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string virtualClusterConfig: description: Immutable. Optional. The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a [Dataproc-on-GKE cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtual_cluster_config must be specified. properties: auxiliaryServicesConfig: description: Immutable. Optional. Configuration of auxiliary services used by this cluster. properties: metastoreConfig: description: Immutable. Optional. The Hive Metastore configuration for this workload. properties: dataprocMetastoreServiceRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Required. Resource name of an existing Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' type: string name: description: |- [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - dataprocMetastoreServiceRef type: object sparkHistoryServerConfig: description: Immutable. Optional. The Spark History Server configuration for the workload. properties: dataprocClusterRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` Allowed value: The `selfLink` field of a `DataprocCluster` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: object kubernetesClusterConfig: description: Immutable. Required. The configuration for running the Dataproc cluster on Kubernetes. properties: gkeClusterConfig: description: Immutable. Required. The configuration for running the Dataproc cluster on GKE. properties: gkeClusterTargetRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' Allowed value: The `selfLink` field of a `ContainerCluster` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nodePoolTarget: description: Immutable. Optional. GKE node pools where workloads will be scheduled. At least one node pool must be assigned the `DEFAULT` GkeNodePoolTarget.Role. If a `GkeNodePoolTarget` is not specified, Dataproc constructs a `DEFAULT` `GkeNodePoolTarget`. Each role can be given to only one `GkeNodePoolTarget`. All node pools must have the same location settings. items: properties: nodePoolConfig: description: Immutable. Input only. The configuration for the GKE node pool. If specified, Dataproc attempts to create a node pool with the specified shape. If one with the same name already exists, it is verified against all specified fields. If a field differs, the virtual cluster creation will fail. If omitted, any node pool with the specified name is used. If a node pool with the specified name does not exist, Dataproc create a node pool with default values. This is an input only field. It will not be returned by the API. properties: autoscaling: description: Immutable. Optional. The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present. properties: maxNodeCount: description: Immutable. The maximum number of nodes in the node pool. Must be >= min_node_count, and must be > 0. **Note:** Quota must be sufficient to scale up the cluster. format: int64 type: integer minNodeCount: description: Immutable. The minimum number of nodes in the node pool. Must be >= 0 and <= max_node_count. format: int64 type: integer type: object config: description: Immutable. Optional. The node pool configuration. properties: accelerators: description: Immutable. Optional. A list of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) to attach to each node. items: properties: acceleratorCount: description: Immutable. The number of accelerator cards exposed to an instance. format: int64 type: integer acceleratorType: description: Immutable. The accelerator type resource namename (see GPUs on Compute Engine). type: string gpuPartitionSize: description: Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA [mig user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). type: string type: object type: array bootDiskKmsKey: description: 'Immutable. Optional. The [Customer Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) used to encrypt the boot disk attached to each node in the node pool. Specify the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' type: string ephemeralStorageConfig: description: Immutable. Optional. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. format: int64 type: integer type: object localSsdCount: description: Immutable. Optional. The number of local SSD disks to attach to the node, which is limited by the maximum number of disks allowable per zone (see [Adding Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). format: int64 type: integer machineType: description: Immutable. Optional. The name of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). type: string minCpuPlatform: description: Immutable. Optional. [Minimum CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as "Intel Haswell"` or Intel Sandy Bridge". type: string preemptible: description: Immutable. Optional. Whether the nodes are created as legacy [preemptible VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). Also see Spot VMs, preemptible VM instances without a maximum lifetime. Legacy and Spot preemptible nodes cannot be used in a node pool with the `CONTROLLER` [role] (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role). type: boolean spot: description: Immutable. Optional. Whether the nodes are created as [Spot VM instances] (https://cloud.google.com/compute/docs/instances/spot). Spot VMs are the latest update to legacy preemptible VMs. Spot VMs do not have a maximum lifetime. Legacy and Spot preemptible nodes cannot be used in a node pool with the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role). type: boolean type: object locations: description: Immutable. Optional. The list of Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) where node pool nodes associated with a Dataproc on GKE virtual cluster will be located. **Note:** All node pools associated with a virtual cluster must be located in the same region as the virtual cluster, and they must be located in the same zone within that region. If a location is not specified during node pool creation, Dataproc on GKE will choose the zone. items: type: string type: array type: object nodePoolRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' Allowed value: The `selfLink` field of a `ContainerNodePool` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object roles: description: Immutable. Required. The roles associated with the GKE node pool. items: type: string type: array required: - nodePoolRef - roles type: object type: array type: object kubernetesNamespace: description: Immutable. Optional. A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used. type: string kubernetesSoftwareConfig: description: Immutable. Optional. The software configuration for this Dataproc cluster running on Kubernetes. properties: componentVersion: additionalProperties: type: string description: Immutable. The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed. At least one entry must be specified. type: object properties: additionalProperties: type: string description: 'Immutable. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `spark:spark.kubernetes.container.image`. The following are supported prefixes and their mappings: * spark: `spark-defaults.conf` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' type: object type: object required: - gkeClusterConfig type: object stagingBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kubernetesClusterConfig type: object required: - location type: object status: properties: clusterUuid: description: Output only. A cluster UUID (Unique Universal Identifier). Dataproc generates this value when it creates the cluster. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array config: properties: endpointConfig: properties: httpPorts: additionalProperties: type: string description: Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true. type: object type: object lifecycleConfig: properties: idleStartTime: description: Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string type: object masterConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array instanceReferences: description: Output only. List of references to Compute Engine instances. items: properties: instanceId: description: The unique identifier of the Compute Engine instance. type: string instanceName: description: The user-friendly name of the Compute Engine instance. type: string publicEciesKey: description: The public ECIES key used for sharing data with this instance. type: string publicKey: description: The public RSA key used for sharing data with this instance. type: string type: object type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object secondaryWorkerConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array instanceReferences: description: Output only. List of references to Compute Engine instances. items: properties: instanceId: description: The unique identifier of the Compute Engine instance. type: string instanceName: description: The user-friendly name of the Compute Engine instance. type: string publicEciesKey: description: The public ECIES key used for sharing data with this instance. type: string publicKey: description: The public RSA key used for sharing data with this instance. type: string type: object type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object workerConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array instanceReferences: description: Output only. List of references to Compute Engine instances. items: properties: instanceId: description: The unique identifier of the Compute Engine instance. type: string instanceName: description: The user-friendly name of the Compute Engine instance. type: string publicEciesKey: description: The public ECIES key used for sharing data with this instance. type: string publicKey: description: The public RSA key used for sharing data with this instance. type: string type: object type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object type: object metrics: description: 'Output only. Contains cluster daemon metrics such as HDFS and YARN stats. **Beta Feature**: This report is available for testing purposes only. It may be changed before final release.' properties: hdfsMetrics: additionalProperties: type: string description: The HDFS metrics. type: object yarnMetrics: additionalProperties: type: string description: The YARN metrics. type: object type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer status: description: Output only. Cluster status. properties: detail: description: Optional. Output only. Details of cluster's state. type: string state: description: 'Output only. The cluster''s state. Possible values: UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, STOPPED, STARTING' type: string stateStartTime: description: Output only. Time when this state was entered (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string substate: description: 'Output only. Additional state information that includes status reported by the agent. Possible values: UNSPECIFIED, UNHEALTHY, STALE_STATUS' type: string type: object statusHistory: description: Output only. The previous cluster status. items: properties: detail: description: Optional. Output only. Details of cluster's state. type: string state: description: 'Output only. The cluster''s state. Possible values: UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, STOPPED, STARTING' type: string stateStartTime: description: Output only. Time when this state was entered (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string substate: description: 'Output only. Additional state information that includes status reported by the agent. Possible values: UNSPECIFIED, UNHEALTHY, STALE_STATUS' type: string type: object type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp kind: DataprocWorkflowTemplate plural: dataprocworkflowtemplates shortNames: - gcpdataprocworkflowtemplate - gcpdataprocworkflowtemplates singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dagTimeout: description: Immutable. Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes ("600s") to 24 hours ("86400s"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted. type: string jobs: description: Immutable. Required. The Directed Acyclic Graph of Jobs to submit. items: properties: hadoopJob: description: Immutable. Optional. Job is a Hadoop job. properties: archiveUris: description: 'Immutable. Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.' items: type: string type: array args: description: Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission. items: type: string type: array fileUris: description: Immutable. Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks. items: type: string type: array jarFileUris: description: Immutable. Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object mainClass: description: Immutable. The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`. type: string mainJarFileUri: description: 'Immutable. The HCFS URI of the jar file containing the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' type: string properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code. type: object type: object hiveJob: description: Immutable. Optional. Job is a Hive job. properties: continueOnFailure: description: Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries. type: boolean jarFileUris: description: Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. items: type: string type: array properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code. type: object queryFileUri: description: Immutable. The HCFS URI of the script that contains Hive queries. type: string queryList: description: Immutable. A list of queries. properties: queries: description: 'Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: "hiveJob": { "queryList": { "queries": [ "query1", "query2", "query3;query4", ] } }' items: type: string type: array required: - queries type: object scriptVariables: additionalProperties: type: string description: 'Immutable. Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name="value";`).' type: object type: object labels: additionalProperties: type: string description: 'Immutable. Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.' type: object pigJob: description: Immutable. Optional. Job is a Pig job. properties: continueOnFailure: description: Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries. type: boolean jarFileUris: description: Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code. type: object queryFileUri: description: Immutable. The HCFS URI of the script that contains the Pig queries. type: string queryList: description: Immutable. A list of queries. properties: queries: description: 'Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: "hiveJob": { "queryList": { "queries": [ "query1", "query2", "query3;query4", ] } }' items: type: string type: array required: - queries type: object scriptVariables: additionalProperties: type: string description: 'Immutable. Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).' type: object type: object prerequisiteStepIds: description: Immutable. Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow. items: type: string type: array prestoJob: description: Immutable. Optional. Job is a Presto job. properties: clientTags: description: Immutable. Optional. Presto client tags to attach to this query items: type: string type: array continueOnFailure: description: Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries. type: boolean loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object outputFormat: description: Immutable. Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats type: string properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI type: object queryFileUri: description: Immutable. The HCFS URI of the script that contains SQL queries. type: string queryList: description: Immutable. A list of queries. properties: queries: description: 'Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: "hiveJob": { "queryList": { "queries": [ "query1", "query2", "query3;query4", ] } }' items: type: string type: array required: - queries type: object type: object pysparkJob: description: Immutable. Optional. Job is a PySpark job. properties: archiveUris: description: 'Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' items: type: string type: array args: description: Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission. items: type: string type: array fileUris: description: Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks. items: type: string type: array jarFileUris: description: Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object mainPythonFileUri: description: Immutable. Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file. type: string properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code. type: object pythonFileUris: description: 'Immutable. Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.' items: type: string type: array required: - mainPythonFileUri type: object scheduling: description: Immutable. Optional. Job scheduling configuration. properties: maxFailuresPerHour: description: Immutable. Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10. format: int64 type: integer maxFailuresTotal: description: Immutable. Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240. format: int64 type: integer type: object sparkJob: description: Immutable. Optional. Job is a Spark job. properties: archiveUris: description: 'Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' items: type: string type: array args: description: Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission. items: type: string type: array fileUris: description: Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks. items: type: string type: array jarFileUris: description: Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object mainClass: description: Immutable. The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`. type: string mainJarFileUri: description: Immutable. The HCFS URI of the jar file that contains the main class. type: string properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code. type: object type: object sparkRJob: description: Immutable. Optional. Job is a SparkR job. properties: archiveUris: description: 'Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' items: type: string type: array args: description: Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission. items: type: string type: array fileUris: description: Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object mainRFileUri: description: Immutable. Required. The HCFS URI of the main R file to use as the driver. Must be a .R file. type: string properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code. type: object required: - mainRFileUri type: object sparkSqlJob: description: Immutable. Optional. Job is a SparkSql job. properties: jarFileUris: description: Immutable. Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH. items: type: string type: array loggingConfig: description: Immutable. Optional. The runtime log config for job execution. properties: driverLogLevels: additionalProperties: type: string description: 'Immutable. The per-package log levels for the driver. This may include "root" package name to configure rootLogger. Examples: ''com.google = FATAL'', ''root = INFO'', ''org.apache = DEBUG''' type: object type: object properties: additionalProperties: type: string description: Immutable. Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten. type: object queryFileUri: description: Immutable. The HCFS URI of the script that contains SQL queries. type: string queryList: description: Immutable. A list of queries. properties: queries: description: 'Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: "hiveJob": { "queryList": { "queries": [ "query1", "query2", "query3;query4", ] } }' items: type: string type: array required: - queries type: object scriptVariables: additionalProperties: type: string description: 'Immutable. Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name="value";`).' type: object type: object stepId: description: Immutable. Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters. type: string required: - stepId type: object type: array location: description: Immutable. The location for the resource type: string parameters: description: Immutable. Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated. items: properties: description: description: Immutable. Optional. Brief description of the parameter. Must not exceed 1024 characters. type: string fields: description: 'Immutable. Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter''s list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template''s cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels[''key''] * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs[''step-id''].sparkJob.args[0] * Other examples: * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs[''step-id''].sparkJob.args' items: type: string type: array name: description: Immutable. Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters. type: string validation: description: Immutable. Optional. Validation rules to be applied to this parameter's value. properties: regex: description: Immutable. Validation based on regular expressions. properties: regexes: description: Immutable. Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient). items: type: string type: array required: - regexes type: object values: description: Immutable. Validation based on a list of allowed values. properties: values: description: Immutable. Required. List of allowed values for the parameter. items: type: string type: array required: - values type: object type: object required: - fields - name type: object type: array placement: description: Immutable. Required. WorkflowTemplate scheduling information. properties: clusterSelector: description: Immutable. Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted. properties: clusterLabels: additionalProperties: type: string description: Immutable. Required. The cluster labels. Cluster must have all labels to match. type: object zone: description: Immutable. Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used. type: string required: - clusterLabels type: object managedCluster: description: Immutable. A cluster that is managed by the workflow. properties: clusterName: description: Immutable. Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters. type: string config: description: Immutable. Required. The cluster configuration. properties: autoscalingConfig: description: Immutable. Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset. properties: policyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object encryptionConfig: description: Immutable. Optional. Encryption settings for the cluster. properties: gcePdKmsKeyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object endpointConfig: description: Immutable. Optional. Port/endpoint configuration for this cluster properties: enableHttpPortAccess: description: Immutable. Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false. type: boolean type: object gceClusterConfig: description: Immutable. Optional. The shared Compute Engine config settings for all instances in a cluster. properties: internalIPOnly: description: Immutable. Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses. type: boolean metadata: additionalProperties: type: string description: Immutable. The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). type: object networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` Allowed value: The `selfLink` field of a `ComputeNetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nodeGroupAffinity: description: Immutable. Optional. Node Group Affinity for sole-tenant clusters. properties: nodeGroupRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - nodeGroupRef type: object privateIPv6GoogleAccess: description: 'Immutable. Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' type: string reservationAffinity: description: Immutable. Optional. Reservation Affinity for consuming Zonal reservation. properties: consumeReservationType: description: 'Immutable. Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' type: string key: description: Immutable. Optional. Corresponds to the label key of reservation resource. type: string values: description: Immutable. Optional. Corresponds to the label values of reservation resource. items: type: string type: array type: object serviceAccountRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object serviceAccountScopes: description: 'Immutable. Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' items: type: string type: array shieldedInstanceConfig: description: Immutable. Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs. properties: enableIntegrityMonitoring: description: Immutable. Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not. type: boolean enableSecureBoot: description: Immutable. Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. type: boolean enableVtpm: description: Immutable. Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline. type: boolean type: object subnetworkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tags: description: Immutable. The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). items: type: string type: array zone: description: 'Immutable. Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the "global" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`' type: string type: object initializationActions: description: 'Immutable. Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node''s `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions ... else ... worker specific actions ... fi' items: properties: executableFile: description: Immutable. Required. Cloud Storage URI of executable file. type: string executionTimeout: description: Immutable. Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. type: string type: object type: array lifecycleConfig: description: Immutable. Optional. Lifecycle setting for the cluster. properties: autoDeleteTime: description: Immutable. Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string autoDeleteTtl: description: Immutable. Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). type: string idleDeleteTtl: description: Immutable. Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). type: string type: object masterConfig: description: Immutable. Optional. The Compute Engine config settings for the master instance in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object secondaryWorkerConfig: description: Immutable. Optional. The Compute Engine config settings for additional worker instances in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object securityConfig: description: Immutable. Optional. Security settings for the cluster. properties: kerberosConfig: description: Immutable. Optional. Kerberos related configuration. properties: crossRealmTrustAdminServer: description: Immutable. Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. type: string crossRealmTrustKdc: description: Immutable. Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship. type: string crossRealmTrustRealm: description: Immutable. Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust. type: string crossRealmTrustSharedPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship. type: string enableKerberos: description: 'Immutable. Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.' type: boolean kdcDbKey: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. type: string keyPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc. type: string keystore: description: Immutable. Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. type: string keystorePassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc. type: string kmsKeyRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The uri of the KMS key used to encrypt various sensitive files. Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object realm: description: Immutable. Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm. type: string rootPrincipalPassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password. type: string tgtLifetimeHours: description: Immutable. Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used. format: int64 type: integer truststore: description: Immutable. Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. type: string truststorePassword: description: Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc. type: string type: object type: object softwareConfig: description: Immutable. Optional. The config settings for software inside the cluster. properties: imageVersion: description: Immutable. Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as "1.2" (including a subminor version, such as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version. type: string optionalComponents: description: Immutable. Optional. The set of components to activate on the cluster. items: type: string type: array properties: additionalProperties: type: string description: 'Immutable. Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' type: object type: object stagingBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tempBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object workerConfig: description: Immutable. Optional. The Compute Engine config settings for worker instances in a cluster. properties: accelerators: description: Immutable. Optional. The Compute Engine accelerator configuration for these instances. items: properties: acceleratorCount: description: Immutable. The number of the accelerator cards of this type exposed to this instance. format: int64 type: integer acceleratorType: description: 'Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object type: array diskConfig: description: Immutable. Optional. Disk option config settings. properties: bootDiskSizeGb: description: Immutable. Optional. Size in GB of the boot disk (default is 500GB). format: int64 type: integer bootDiskType: description: 'Immutable. Optional. Type of the boot disk (default is "pd-standard"). Valid values: "pd-balanced" (Persistent Disk Balanced Solid State Drive), "pd-ssd" (Persistent Disk Solid State Drive), or "pd-standard" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string numLocalSsds: description: Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries. format: int64 type: integer type: object imageRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. Allowed value: The `selfLink` field of a `ComputeImage` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object machineType: description: 'Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.' type: string minCpuPlatform: description: Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string numInstances: description: Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**. format: int64 type: integer preemptibility: description: 'Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object type: object labels: additionalProperties: type: string description: 'Immutable. Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.' type: object required: - clusterName - config type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - jobs - location - placement type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time template was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer placement: properties: managedCluster: properties: config: properties: endpointConfig: properties: httpPorts: additionalProperties: type: string description: Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true. type: object type: object lifecycleConfig: properties: idleStartTime: description: Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). format: date-time type: string type: object masterConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object secondaryWorkerConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object workerConfig: properties: instanceNames: description: Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group. items: type: string type: array isPreemptible: description: Output only. Specifies that this instance group contains preemptible instances. type: boolean managedGroupConfig: description: Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. properties: instanceGroupManagerName: description: Output only. The name of the Instance Group Manager for this group. type: string instanceTemplateName: description: Output only. The name of the Instance Template used for the Managed Instance Group. type: string type: object type: object type: object type: object type: object updateTime: description: Output only. The time template was last updated. format: date-time type: string version: description: Output only. The current version of this workflow template. format: int64 type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datastoreindexes.datastore.cnrm.cloud.google.com spec: group: datastore.cnrm.cloud.google.com names: categories: - gcp kind: DatastoreIndex plural: datastoreindexes shortNames: - gcpdatastoreindex - gcpdatastoreindexes singular: datastoreindex preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: ancestor: description: 'Immutable. Policy for including ancestors in the index. Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' type: string kind: description: Immutable. The entity kind which the index applies to. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object properties: description: Immutable. An ordered list of properties to index on. items: properties: direction: description: 'Immutable. The direction the index should optimize for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string name: description: Immutable. The property name to index. type: string required: - direction - name type: object type: array resourceID: description: Immutable. Optional. The service-generated indexId of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - kind - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array indexId: description: The index id. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: group: datastream.cnrm.cloud.google.com names: categories: - gcp kind: DatastreamConnectionProfile plural: datastreamconnectionprofiles shortNames: - gcpdatastreamconnectionprofile - gcpdatastreamconnectionprofiles singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bigqueryProfile: description: BigQuery warehouse profile. type: object x-kubernetes-preserve-unknown-fields: true displayName: description: Display name. type: string forwardSshConnectivity: description: Forward SSH tunnel connectivity. properties: hostname: description: Hostname for the SSH tunnel. type: string password: description: Immutable. SSH password. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object port: description: Port for the SSH tunnel. type: integer privateKey: description: Immutable. SSH private key. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object username: description: Username for the SSH tunnel. type: string required: - hostname - username type: object gcsProfile: description: Cloud Storage bucket profile. properties: bucket: description: The Cloud Storage bucket name. type: string rootPath: description: The root path inside the Cloud Storage bucket. type: string required: - bucket type: object location: description: Immutable. The name of the location this connection profile is located in. type: string mysqlProfile: description: MySQL database profile. properties: hostname: description: Hostname for the MySQL connection. type: string password: description: Immutable. Password for the MySQL connection. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object port: description: Port for the MySQL connection. type: integer sslConfig: description: SSL configuration for the MySQL connection. properties: caCertificate: description: |- Immutable. PEM-encoded certificate of the CA that signed the source database server's certificate. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object caCertificateSet: description: Indicates whether the clientKey field is set. type: boolean clientCertificate: description: |- Immutable. PEM-encoded certificate that will be used by the replica to authenticate against the source database server. If this field is used then the 'clientKey' and the 'caCertificate' fields are mandatory. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object clientCertificateSet: description: Indicates whether the clientCertificate field is set. type: boolean clientKey: description: |- Immutable. PEM-encoded private key associated with the Client Certificate. If this field is used then the 'client_certificate' and the 'ca_certificate' fields are mandatory. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object clientKeySet: description: Indicates whether the clientKey field is set. type: boolean type: object username: description: Username for the MySQL connection. type: string required: - hostname - password - username type: object oracleProfile: description: Oracle database profile. properties: connectionAttributes: additionalProperties: type: string description: Connection string attributes. type: object databaseService: description: Database for the Oracle connection. type: string hostname: description: Hostname for the Oracle connection. type: string password: description: Password for the Oracle connection. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object port: description: Port for the Oracle connection. type: integer username: description: Username for the Oracle connection. type: string required: - databaseService - hostname - password - username type: object postgresqlProfile: description: PostgreSQL database profile. properties: database: description: Database for the PostgreSQL connection. type: string hostname: description: Hostname for the PostgreSQL connection. type: string password: description: Password for the PostgreSQL connection. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object port: description: Port for the PostgreSQL connection. type: integer username: description: Username for the PostgreSQL connection. type: string required: - database - hostname - password - username type: object privateConnectivity: description: Private connectivity. properties: privateConnection: description: 'A reference to a private connection resource. Format: ''projects/{project}/locations/{location}/privateConnections/{name}''.' type: string required: - privateConnection type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The connectionProfileId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - displayName - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The resource's name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datastreamprivateconnections.datastream.cnrm.cloud.google.com spec: group: datastream.cnrm.cloud.google.com names: categories: - gcp kind: DatastreamPrivateConnection plural: datastreamprivateconnections shortNames: - gcpdatastreamprivateconnection - gcpdatastreamprivateconnections singular: datastreamprivateconnection preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Immutable. Display name. type: string location: description: Immutable. The name of the location this private connection is located in. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The privateConnectionId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string vpcPeeringConfig: description: |- Immutable. The VPC Peering configuration is used to create VPC peering between Datastream and the consumer's VPC. properties: subnet: description: Immutable. A free subnet for peering. (CIDR of /29). type: string vpc: description: |- Immutable. Fully qualified name of the VPC that Datastream will peer to. Format: projects/{project}/global/{networks}/{name}. type: string required: - subnet - vpc type: object required: - displayName - location - projectRef - vpcPeeringConfig type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array error: description: The PrivateConnection error in case of failure. items: properties: details: additionalProperties: type: string description: A list of messages that carry the error details. type: object message: description: A message containing more information about the error that occurred. type: string type: object type: array name: description: The resource's name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: State of the PrivateConnection. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: datastreamstreams.datastream.cnrm.cloud.google.com spec: group: datastream.cnrm.cloud.google.com names: categories: - gcp kind: DatastreamStream plural: datastreamstreams shortNames: - gcpdatastreamstream - gcpdatastreamstreams singular: datastreamstream preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backfillAll: description: Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded. properties: mysqlExcludedObjects: description: MySQL data source objects to avoid backfilling. properties: mysqlDatabases: description: MySQL databases on the server. items: properties: database: description: Database name. type: string mysqlTables: description: Tables in the database. items: properties: mysqlColumns: description: MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: collation: description: Column collation. type: string column: description: Column name. type: string dataType: description: |- The MySQL data type. Full data types list can be found here: https://dev.mysql.com/doc/refman/8.0/en/data-types.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean type: object type: array table: description: Table name. type: string required: - table type: object type: array required: - database type: object type: array required: - mysqlDatabases type: object oracleExcludedObjects: description: PostgreSQL data source objects to avoid backfilling. properties: oracleSchemas: description: Oracle schemas/databases in the database server. items: properties: oracleTables: description: Tables in the database. items: properties: oracleColumns: description: Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The Oracle data type. Full data types list can be found here: https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. type: string encoding: description: Column encoding. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Schema name. type: string required: - schema type: object type: array required: - oracleSchemas type: object postgresqlExcludedObjects: description: PostgreSQL data source objects to avoid backfilling. properties: postgresqlSchemas: description: PostgreSQL schemas on the server. items: properties: postgresqlTables: description: Tables in the schema. items: properties: postgresqlColumns: description: PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The PostgreSQL data type. Full data types list can be found here: https://www.postgresql.org/docs/current/datatype.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Database name. type: string required: - schema type: object type: array required: - postgresqlSchemas type: object type: object backfillNone: description: Backfill strategy to disable automatic backfill for the Stream's objects. type: object x-kubernetes-preserve-unknown-fields: true customerManagedEncryptionKey: description: |- Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data will be encrypted using an internal Stream-specific encryption key provisioned through KMS. type: string desiredState: description: Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream. type: string destinationConfig: description: Destination connection profile configuration. properties: bigqueryDestinationConfig: description: A configuration for how data should be loaded to Cloud Storage. properties: dataFreshness: description: |- The guaranteed data freshness (in seconds) when querying tables created by the stream. Editing this field will only affect new tables created in the future, but existing tables will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string singleTargetDataset: description: A single target dataset to which all data will be streamed. properties: datasetId: description: |- Dataset ID in the format projects/{project}/datasets/{dataset_id} or {project}:{dataset_id}. type: string required: - datasetId type: object sourceHierarchyDatasets: description: Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy. properties: datasetTemplate: description: Dataset template used for dynamic dataset creation. properties: datasetIdPrefix: description: |- If supplied, every created dataset will have its name prefixed by the provided value. The prefix and name will be separated by an underscore. i.e. _. type: string kmsKeyName: description: |- Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. type: string location: description: |- The geographic location where the dataset should reside. See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string required: - location type: object required: - datasetTemplate type: object type: object destinationConnectionProfile: description: 'Immutable. Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' type: string gcsDestinationConfig: description: A configuration for how data should be loaded to Cloud Storage. properties: avroFileFormat: description: AVRO file format configuration. type: object x-kubernetes-preserve-unknown-fields: true fileRotationInterval: description: |- The maximum duration for which new events are added before a file is closed and a new file is created. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string fileRotationMb: description: The maximum file size to be saved in the bucket. type: integer jsonFileFormat: description: JSON file format configuration. properties: compression: description: 'Compression of the loaded JSON file. Possible values: ["NO_COMPRESSION", "GZIP"].' type: string schemaFileFormat: description: 'The schema file format along JSON data files. Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' type: string type: object path: description: Path inside the Cloud Storage bucket to write data to. type: string type: object required: - destinationConnectionProfile type: object displayName: description: Display name. type: string location: description: Immutable. The name of the location this stream is located in. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The streamId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceConfig: description: Source connection profile configuration. properties: mysqlSourceConfig: description: MySQL data source configuration. properties: excludeObjects: description: MySQL objects to exclude from the stream. properties: mysqlDatabases: description: MySQL databases on the server. items: properties: database: description: Database name. type: string mysqlTables: description: Tables in the database. items: properties: mysqlColumns: description: MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: collation: description: Column collation. type: string column: description: Column name. type: string dataType: description: |- The MySQL data type. Full data types list can be found here: https://dev.mysql.com/doc/refman/8.0/en/data-types.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean type: object type: array table: description: Table name. type: string required: - table type: object type: array required: - database type: object type: array required: - mysqlDatabases type: object includeObjects: description: MySQL objects to retrieve from the source. properties: mysqlDatabases: description: MySQL databases on the server. items: properties: database: description: Database name. type: string mysqlTables: description: Tables in the database. items: properties: mysqlColumns: description: MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: collation: description: Column collation. type: string column: description: Column name. type: string dataType: description: |- The MySQL data type. Full data types list can be found here: https://dev.mysql.com/doc/refman/8.0/en/data-types.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean type: object type: array table: description: Table name. type: string required: - table type: object type: array required: - database type: object type: array required: - mysqlDatabases type: object maxConcurrentBackfillTasks: description: |- Maximum number of concurrent backfill tasks. The number should be non negative. If not set (or set to 0), the system's default value will be used. type: integer maxConcurrentCdcTasks: description: |- Maximum number of concurrent CDC tasks. The number should be non negative. If not set (or set to 0), the system's default value will be used. type: integer type: object oracleSourceConfig: description: MySQL data source configuration. properties: dropLargeObjects: description: Configuration to drop large object values. type: object x-kubernetes-preserve-unknown-fields: true excludeObjects: description: Oracle objects to exclude from the stream. properties: oracleSchemas: description: Oracle schemas/databases in the database server. items: properties: oracleTables: description: Tables in the database. items: properties: oracleColumns: description: Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The Oracle data type. Full data types list can be found here: https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. type: string encoding: description: Column encoding. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Schema name. type: string required: - schema type: object type: array required: - oracleSchemas type: object includeObjects: description: Oracle objects to retrieve from the source. properties: oracleSchemas: description: Oracle schemas/databases in the database server. items: properties: oracleTables: description: Tables in the database. items: properties: oracleColumns: description: Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The Oracle data type. Full data types list can be found here: https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. type: string encoding: description: Column encoding. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Schema name. type: string required: - schema type: object type: array required: - oracleSchemas type: object maxConcurrentBackfillTasks: description: |- Maximum number of concurrent backfill tasks. The number should be non negative. If not set (or set to 0), the system's default value will be used. type: integer maxConcurrentCdcTasks: description: |- Maximum number of concurrent CDC tasks. The number should be non negative. If not set (or set to 0), the system's default value will be used. type: integer streamLargeObjects: description: Configuration to drop large object values. type: object x-kubernetes-preserve-unknown-fields: true type: object postgresqlSourceConfig: description: PostgreSQL data source configuration. properties: excludeObjects: description: PostgreSQL objects to exclude from the stream. properties: postgresqlSchemas: description: PostgreSQL schemas on the server. items: properties: postgresqlTables: description: Tables in the schema. items: properties: postgresqlColumns: description: PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The PostgreSQL data type. Full data types list can be found here: https://www.postgresql.org/docs/current/datatype.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Database name. type: string required: - schema type: object type: array required: - postgresqlSchemas type: object includeObjects: description: PostgreSQL objects to retrieve from the source. properties: postgresqlSchemas: description: PostgreSQL schemas on the server. items: properties: postgresqlTables: description: Tables in the schema. items: properties: postgresqlColumns: description: PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. items: properties: column: description: Column name. type: string dataType: description: |- The PostgreSQL data type. Full data types list can be found here: https://www.postgresql.org/docs/current/datatype.html. type: string length: description: Column length. type: integer nullable: description: Whether or not the column can accept a null value. type: boolean ordinalPosition: description: The ordinal position of the column in the table. type: integer precision: description: Column precision. type: integer primaryKey: description: Whether or not the column represents a primary key. type: boolean scale: description: Column scale. type: integer type: object type: array table: description: Table name. type: string required: - table type: object type: array schema: description: Database name. type: string required: - schema type: object type: array required: - postgresqlSchemas type: object maxConcurrentBackfillTasks: description: |- Maximum number of concurrent backfill tasks. The number should be non negative. If not set (or set to 0), the system's default value will be used. type: integer publication: description: |- The name of the publication that includes the set of all tables that are defined in the stream's include_objects. type: string replicationSlot: description: |- The name of the logical replication slot that's configured with the pgoutput plugin. type: string required: - publication - replicationSlot type: object sourceConnectionProfile: description: 'Immutable. Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' type: string required: - sourceConnectionProfile type: object required: - destinationConfig - displayName - location - projectRef - sourceConfig type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The stream's name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: The state of the stream. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com spec: group: deploymentmanager.cnrm.cloud.google.com names: categories: - gcp kind: DeploymentManagerDeployment plural: deploymentmanagerdeployments shortNames: - gcpdeploymentmanagerdeployment - gcpdeploymentmanagerdeployments singular: deploymentmanagerdeployment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: createPolicy: description: |- Immutable. Set the policy to use for creating new resources. Only used on create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, the deployment will fail. Note that updating this field does not actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. type: string deletePolicy: description: |- Immutable. Set the policy to use for deleting new resources on update/delete. Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', resource is deleted after removal from Deployment Manager. If 'ABANDON', the resource is only removed from Deployment Manager and is not actually deleted. Note that updating this field does not actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. type: string description: description: Optional user-provided description of deployment. type: string preview: type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string target: description: |- Parameters that define your deployment, including the deployment configuration and relevant templates. properties: config: description: The root configuration file to use for this deployment. properties: content: description: The full YAML contents of your configuration file. type: string required: - content type: object imports: description: |- Specifies import files for this configuration. This can be used to import templates or other files. For example, you might import a text file in order to use the file in a template. items: properties: content: description: The full contents of the template that you want to import. type: string name: description: |- The name of the template to import, as declared in the YAML configuration. type: string type: object type: array required: - config type: object required: - projectRef - target type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array deploymentId: description: Unique identifier for deployment. Output only. type: string manifest: description: |- Output only. URL of the manifest representing the last manifest that was successfully deployed. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server defined URL for the resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowagents.dialogflow.cnrm.cloud.google.com spec: group: dialogflow.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowAgent plural: dialogflowagents shortNames: - gcpdialogflowagent - gcpdialogflowagents singular: dialogflowagent preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: apiVersion: description: |- API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query different service endpoints for different API versions. However, bots connectors and webhook calls will follow the specified API version. * API_VERSION_V1: Legacy V1 API. * API_VERSION_V2: V2 API. * API_VERSION_V2_BETA_1: V2beta1 API. Possible values: ["API_VERSION_V1", "API_VERSION_V2", "API_VERSION_V2_BETA_1"]. type: string avatarUri: description: |- The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered into this field, the Dialogflow will save the image in the backend. The address of the backend image returned from the API will be shown in the [avatarUriBackend] field. type: string classificationThreshold: description: |- To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. If the returned score value is less than the threshold value, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. type: number defaultLanguageCode: description: |- Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes. This field cannot be updated after creation. type: string description: description: The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. type: string displayName: description: The name of this agent. type: string enableLogging: description: Determines whether this agent should log conversation queries. type: boolean matchMode: description: |- Determines how intents are detected from user queries. * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates syntax and composite entities. * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. type: string resourceID: description: Immutable. Optional. The project of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string supportedLanguageCodes: description: The list of all languages supported by this agent (except for the defaultLanguageCode). items: type: string type: array tier: type: string timeZone: description: |- The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. type: string required: - defaultLanguageCode - displayName - timeZone type: object status: properties: avatarUriBackend: description: |- The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, the [avatarUri] field can be used. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXAgent plural: dialogflowcxagents shortNames: - gcpdialogflowcxagent - gcpdialogflowcxagents singular: dialogflowcxagent preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: avatarUri: description: The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. type: string defaultLanguageCode: description: |- Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes. This field cannot be updated after creation. type: string description: description: The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. type: string displayName: description: The human-readable name of the agent, unique within the location. type: string enableSpellCorrection: description: Indicates if automatic spell correction is enabled in detect intent requests. type: boolean enableStackdriverLogging: description: Determines whether this agent should log conversation queries. type: boolean location: description: |- Immutable. The name of the location this agent is located in. ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. Another options is to use global location so you don't need to manually configure location settings. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string securitySettings: description: 'Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/.' type: string speechToTextSettings: description: Settings related to speech recognition. properties: enableSpeechAdaptation: description: Whether to use speech adaptation for speech recognition. type: boolean type: object supportedLanguageCodes: description: The list of all languages supported by this agent (except for the default_language_code). items: type: string type: array timeZone: description: |- The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. type: string required: - defaultLanguageCode - displayName - location - projectRef - timeZone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The unique identifier of the agent. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer startFlow: description: 'Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/.' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXEntityType plural: dialogflowcxentitytypes shortNames: - gcpdialogflowcxentitytype - gcpdialogflowcxentitytypes singular: dialogflowcxentitytype preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoExpansionMode: description: |- Represents kinds of entities. * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. type: string displayName: description: The human-readable name of the entity type, unique within the agent. type: string enableFuzzyExtraction: description: Enables fuzzy entity extraction during classification. type: boolean entities: description: The collection of entity entries associated with the entity type. items: properties: synonyms: description: |- A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. items: type: string type: array value: description: |- The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. For KIND_MAP entity types: A canonical value to be used in place of synonyms. For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). type: string type: object type: array excludedPhrases: description: |- Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. items: properties: value: description: The word or phrase to be excluded. type: string type: object type: array kind: description: |- Indicates whether the entity type can be automatically expanded. * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. type: string languageCode: description: |- Immutable. The language of the following fields in entityType: EntityType.entities.value EntityType.entities.synonyms EntityType.excluded_phrases.value If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. type: string parent: description: |- Immutable. The agent to create a entity type for. Format: projects//locations//agents/. type: string redact: description: Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging. type: boolean resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - entities - kind type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the entity type. Format: projects//locations//agents//entityTypes/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXFlow plural: dialogflowcxflows shortNames: - gcpdialogflowcxflow - gcpdialogflowcxflows singular: dialogflowcxflow preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. type: string displayName: description: The human-readable name of the flow. type: string eventHandlers: description: |- A flow's event handlers serve two purposes: They are responsible for handling events (e.g. no match, webhook errors) in the flow. They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. items: properties: event: description: The name of the event to handle. type: string name: description: The unique identifier of this event handler. type: string targetFlow: description: |- The target flow to transition to. Format: projects//locations//agents//flows/. type: string targetPage: description: |- The target page to transition to. Format: projects//locations//agents//flows//pages/. type: string triggerFulfillment: description: The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object type: object type: array languageCode: description: |- Immutable. The language of the following fields in flow: Flow.event_handlers.trigger_fulfillment.messages Flow.event_handlers.trigger_fulfillment.conditional_cases Flow.transition_routes.trigger_fulfillment.messages Flow.transition_routes.trigger_fulfillment.conditional_cases If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. type: string nluSettings: description: NLU related settings of the flow. properties: classificationThreshold: description: |- To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. type: number modelTrainingMode: description: |- Indicates NLU model training mode. * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. type: string modelType: description: |- Indicates the type of NLU model. * MODEL_TYPE_STANDARD: Use standard NLU model. * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. type: string type: object parent: description: |- Immutable. The agent to create a flow for. Format: projects//locations//agents/. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string transitionRouteGroups: description: |- A flow's transition route group serve two purposes: They are responsible for matching the user's first utterances in the flow. They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. Format:projects//locations//agents//flows//transitionRouteGroups/. items: type: string type: array transitionRoutes: description: |- A flow's transition routes serve two purposes: They are responsible for matching the user's first utterances in the flow. They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. TransitionRoutes are evalauted in the following order: TransitionRoutes with intent specified. TransitionRoutes with only condition specified. TransitionRoutes with intent specified are inherited by pages in the flow. items: properties: condition: description: |- The condition to evaluate against form parameters or session parameters. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. type: string intent: description: |- The unique identifier of an Intent. Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. type: string name: description: The unique identifier of this transition route. type: string targetFlow: description: |- The target flow to transition to. Format: projects//locations//agents//flows/. type: string targetPage: description: |- The target page to transition to. Format: projects//locations//agents//flows//pages/. type: string triggerFulfillment: description: The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object type: object type: array required: - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the flow. Format: projects//locations//agents//flows/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXIntent plural: dialogflowcxintents shortNames: - gcpdialogflowcxintent - gcpdialogflowcxintents singular: dialogflowcxintent preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: 'Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.' type: string displayName: description: The human-readable name of the intent, unique within the agent. type: string isFallback: description: |- Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. type: boolean languageCode: description: |- Immutable. The language of the following fields in intent: Intent.training_phrases.parts.text If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. type: string parameters: description: The collection of parameters associated with the intent. items: properties: entityType: description: |- The entity type of the parameter. Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. type: string id: description: The unique identifier of the parameter. This field is used by training phrases to annotate their parts. type: string isList: description: Indicates whether the parameter represents a list of values. type: boolean redact: description: |- Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. type: boolean required: - entityType - id type: object type: array parent: description: |- Immutable. The agent to create an intent for. Format: projects//locations//agents/. type: string priority: description: |- The priority of this intent. Higher numbers represent higher priorities. If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. If the supplied value is negative, the intent is ignored in runtime detect intent requests. type: integer resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string trainingPhrases: description: The collection of training phrases the agent is trained on to identify the intent. items: properties: id: description: The unique identifier of the training phrase. type: string parts: description: |- The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. Note: The API does not automatically annotate training phrases like the Dialogflow Console does. Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: Part.text is set to a part of the phrase that has no parameters. Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. items: properties: parameterId: description: The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase. type: string text: description: The text for this part. type: string required: - text type: object type: array repeatCount: description: Indicates how many times this example was added to the intent. type: integer required: - parts type: object type: array required: - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the intent. Format: projects//locations//agents//intents/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXPage plural: dialogflowcxpages shortNames: - gcpdialogflowcxpage - gcpdialogflowcxpages singular: dialogflowcxpage preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The human-readable name of the page, unique within the agent. type: string entryFulfillment: description: The fulfillment to call when the session is entering the page. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object eventHandlers: description: Handlers associated with the page to handle events such as webhook errors, no match or no input. items: properties: event: description: The name of the event to handle. type: string name: description: The unique identifier of this event handler. type: string targetFlow: description: |- The target flow to transition to. Format: projects//locations//agents//flows/. type: string targetPage: description: |- The target page to transition to. Format: projects//locations//agents//flows//pages/. type: string triggerFulfillment: description: The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object type: object type: array form: description: The form associated with the page, used for collecting parameters relevant to the page. properties: parameters: description: Parameters to collect from the user. items: properties: displayName: description: The human-readable name of the parameter, unique within the form. type: string entityType: description: |- The entity type of the parameter. Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. type: string fillBehavior: description: Defines fill behavior for the parameter. properties: initialPromptFulfillment: description: The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object type: object isList: description: Indicates whether the parameter represents a list of values. type: boolean redact: description: |- Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. type: boolean required: description: |- Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. Required parameters must be filled before form filling concludes. type: boolean type: object type: array type: object languageCode: description: |- Immutable. The language of the following fields in page: Page.entry_fulfillment.messages Page.entry_fulfillment.conditional_cases Page.event_handlers.trigger_fulfillment.messages Page.event_handlers.trigger_fulfillment.conditional_cases Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases Page.form.parameters.fill_behavior.reprompt_event_handlers.messages Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases Page.transition_routes.trigger_fulfillment.messages Page.transition_routes.trigger_fulfillment.conditional_cases If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. type: string parent: description: |- Immutable. The flow to create a page for. Format: projects//locations//agents//flows/. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string transitionRouteGroups: description: |- Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. Format:projects//locations//agents//flows//transitionRouteGroups/. items: type: string type: array transitionRoutes: description: |- A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. When we are in a certain page, the TransitionRoutes are evalauted in the following order: TransitionRoutes defined in the page with intent specified. TransitionRoutes defined in the transition route groups with intent specified. TransitionRoutes defined in flow with intent specified. TransitionRoutes defined in the transition route groups with intent specified. TransitionRoutes defined in the page with only condition specified. TransitionRoutes defined in the transition route groups with only condition specified. items: properties: condition: description: |- The condition to evaluate against form parameters or session parameters. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. type: string intent: description: |- The unique identifier of an Intent. Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. type: string name: description: The unique identifier of this transition route. type: string targetFlow: description: |- The target flow to transition to. Format: projects//locations//agents//flows/. type: string targetPage: description: |- The target page to transition to. Format: projects//locations//agents//flows//pages/. type: string triggerFulfillment: description: The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. properties: messages: description: The list of rich message responses to present to the user. items: properties: text: description: The text response message. properties: allowPlaybackInterruption: description: Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. type: boolean text: description: A collection of text responses. items: type: string type: array type: object type: object type: array returnPartialResponses: description: 'Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.' type: boolean tag: description: The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. type: string webhook: description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' type: string type: object type: object type: array required: - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the page. Format: projects//locations//agents//flows//pages/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com spec: group: dialogflowcx.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowCXWebhook plural: dialogflowcxwebhooks shortNames: - gcpdialogflowcxwebhook - gcpdialogflowcxwebhooks singular: dialogflowcxwebhook preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: disabled: description: Indicates whether the webhook is disabled. type: boolean displayName: description: The human-readable name of the webhook, unique within the agent. type: string enableSpellCorrection: description: Indicates if automatic spell correction is enabled in detect intent requests. type: boolean enableStackdriverLogging: description: Determines whether this agent should log conversation queries. type: boolean genericWebService: description: Configuration for a generic web service. properties: allowedCaCerts: description: Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. items: type: string type: array requestHeaders: additionalProperties: type: string description: Immutable. The HTTP request headers to send together with webhook requests. type: object uri: description: Whether to use speech adaptation for speech recognition. type: string required: - uri type: object parent: description: |- Immutable. The agent to create a webhook for. Format: projects//locations//agents/. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string securitySettings: description: 'Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/.' type: string serviceDirectory: description: Configuration for a Service Directory service. properties: genericWebService: description: The name of Service Directory service. properties: allowedCaCerts: description: Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. items: type: string type: array requestHeaders: additionalProperties: type: string description: Immutable. The HTTP request headers to send together with webhook requests. type: object uri: description: Whether to use speech adaptation for speech recognition. type: string required: - uri type: object service: description: The name of Service Directory service. type: string required: - genericWebService - service type: object timeout: description: Webhook execution timeout. type: string required: - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the webhook. Format: projects//locations//agents//webhooks/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer startFlow: description: 'Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/.' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com spec: group: dialogflow.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowEntityType plural: dialogflowentitytypes shortNames: - gcpdialogflowentitytype - gcpdialogflowentitytypes singular: dialogflowentitytype preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The name of this entity type to be displayed on the console. type: string enableFuzzyExtraction: description: Enables fuzzy entity extraction during classification. type: boolean entities: description: The collection of entity entries associated with the entity type. items: properties: synonyms: description: |- A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. For KIND_LIST entity types: * This collection must contain exactly one synonym equal to value. items: type: string type: array value: description: |- The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. For KIND_MAP entity types: * A reference value to be used in place of synonyms. For KIND_LIST entity types: * A string that can contain references to other entity types (with or without aliases). type: string required: - synonyms - value type: object type: array kind: description: |- Indicates the kind of entity type. * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity types can contain references to other entity types (with or without aliases). * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - kind - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the entity type. Format: projects//agent/entityTypes/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com spec: group: dialogflow.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowFulfillment plural: dialogflowfulfillments shortNames: - gcpdialogflowfulfillment - gcpdialogflowfulfillments singular: dialogflowfulfillment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The human-readable name of the fulfillment, unique within the agent. type: string enabled: description: Whether fulfillment is enabled. type: boolean features: description: The field defines whether the fulfillment is enabled for certain features. items: properties: type: description: |- The type of the feature that enabled for fulfillment. * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. type: string required: - type type: object type: array genericWebService: description: 'Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.' properties: password: description: The password for HTTP Basic authentication. type: string requestHeaders: additionalProperties: type: string description: The HTTP request headers to send together with fulfillment requests. type: object uri: description: The fulfillment URI for receiving POST requests. It must use https protocol. type: string username: description: The user name for HTTP Basic authentication. type: string required: - uri type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The unique identifier of the fulfillment. Format: projects//agent/fulfillment - projects//locations//agent/fulfillment. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dialogflowintents.dialogflow.cnrm.cloud.google.com spec: group: dialogflow.cnrm.cloud.google.com names: categories: - gcp kind: DialogflowIntent plural: dialogflowintents shortNames: - gcpdialogflowintent - gcpdialogflowintents singular: dialogflowintent preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: action: description: |- The name of the action associated with the intent. Note: The action name must not contain whitespaces. type: string defaultResponsePlatforms: description: |- The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. items: type: string type: array displayName: description: The name of this intent to be displayed on the console. type: string events: description: |- The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of the contexts must be present in the active user session for an event to trigger this intent. See the [events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details. items: type: string type: array inputContextNames: description: |- The list of context names required for this intent to be triggered. Format: projects//agent/sessions/-/contexts/. items: type: string type: array isFallback: description: Indicates whether this is a fallback intent. type: boolean mlDisabled: description: |- Indicates whether Machine Learning is disabled for the intent. Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML ONLY match mode. Also, auto-markup in the UI is turned off. type: boolean parentFollowupIntentName: description: |- Immutable. The unique identifier of the parent intent in the chain of followup intents. Format: projects//agent/intents/. type: string priority: description: |- The priority of this intent. Higher numbers represent higher priorities. - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. - If the supplied value is negative, the intent is ignored in runtime detect intent requests. type: integer projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resetContexts: description: Indicates whether to delete all contexts in the current session when this intent is matched. type: boolean resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string webhookState: description: |- Indicates whether webhooks are enabled for the intent. * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. type: string required: - displayName - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array followupIntentInfo: description: |- Information about all followup intents that have this intent as a direct or indirect parent. We populate this field only in the output. items: properties: followupIntentName: description: |- The unique identifier of the followup intent. Format: projects//agent/intents/. type: string parentFollowupIntentName: description: |- The unique identifier of the followup intent's parent. Format: projects//agent/intents/. type: string type: object type: array name: description: |- The unique identifier of this intent. Format: projects//agent/intents/. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer rootFollowupIntentName: description: |- The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup intents chain for this intent. Format: projects//agent/intents/. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com spec: group: dlp.cnrm.cloud.google.com names: categories: - gcp kind: DLPDeidentifyTemplate plural: dlpdeidentifytemplates shortNames: - gcpdlpdeidentifytemplate - gcpdlpdeidentifytemplates singular: dlpdeidentifytemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - organizationRef - required: - projectRef properties: deidentifyConfig: description: The core content of the template. properties: infoTypeTransformations: description: Treat the dataset as free-form text and apply the same free text transformation everywhere. properties: transformations: description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType. items: properties: infoTypes: description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array primitiveTransformation: description: Required. Primitive transformation to apply to the infoType. properties: bucketingConfig: description: Bucketing properties: buckets: description: Set of buckets. Ranges must be non-overlapping. items: properties: max: description: Upper bound of the range, exclusive; type must match min. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object min: description: Lower bound of the range, inclusive. Type should be the same as max if used. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object replacementValue: description: Required. Replacement value for this bucket. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - replacementValue type: object type: array type: object characterMaskConfig: description: Mask properties: charactersToIgnore: description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. items: properties: charactersToSkip: description: Characters to not transform when masking. type: string commonCharactersToIgnore: description: 'Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE' type: string type: object type: array maskingCharacter: description: Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. type: string numberToMask: description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. format: int64 type: integer reverseOrder: description: Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. type: boolean type: object cryptoDeterministicConfig: description: Deterministic Crypto properties: context: description: 'A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object surrogateInfoType: description: 'The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom info type ''Surrogate''. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: object cryptoHashConfig: description: Crypto properties: cryptoKey: description: The key used by the hash function. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object type: object cryptoReplaceFfxFpeConfig: description: Ffx-Fpe properties: commonAlphabet: description: 'Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' type: string context: description: 'The ''tweak'', a context may be used for higher security since the same identifier in two different contexts won''t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Required. The key used by the encryption algorithm. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object customAlphabet: description: 'This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' type: string radix: description: The native way to select the alphabet. Must be in the range [2, 95]. format: int64 type: integer surrogateInfoType: description: 'The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object required: - cryptoKey type: object dateShiftConfig: description: Date Shift properties: context: description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object lowerBoundDays: description: Required. For example, -5 means shift date to at most 5 days back in the past. format: int64 type: integer upperBoundDays: description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. format: int64 type: integer required: - lowerBoundDays - upperBoundDays type: object fixedSizeBucketingConfig: description: Fixed size bucketing properties: bucketSize: description: 'Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.' format: double type: number lowerBound: description: Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object upperBound: description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - bucketSize - lowerBound - upperBound type: object redactConfig: description: Redact type: object x-kubernetes-preserve-unknown-fields: true replaceConfig: description: Replace with a specified value. properties: newValue: description: Value to replace it with. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object type: object replaceWithInfoTypeConfig: description: Replace with infotype type: object x-kubernetes-preserve-unknown-fields: true timePartConfig: description: Time extraction properties: partToExtract: description: 'The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY' type: string type: object type: object required: - primitiveTransformation type: object type: array required: - transformations type: object recordTransformations: description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. properties: fieldTransformations: description: Transform the record by applying various field transformations. items: properties: condition: description: 'Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.' properties: expressions: description: An expression. properties: conditions: description: Conditions to apply to the expression. properties: conditions: description: A collection of conditions. items: properties: field: description: Required. Field within the record this condition is evaluated against. properties: name: description: Name describing the field. type: string type: object operator: description: 'Required. Operator used to compare the field or infoType to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND' type: string value: description: Value to compare against. [Mandatory, except for `EXISTS` tests.] properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - field - operator type: object type: array type: object logicalOperator: description: 'The operator to apply to the result of conditions. Default and currently only supported value is `AND`. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND' type: string type: object type: object fields: description: Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type". items: properties: name: description: Name describing the field. type: string type: object type: array infoTypeTransformations: description: Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. properties: transformations: description: Required. Transformation for each infoType. Cannot specify more than one for a given infoType. items: properties: infoTypes: description: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array primitiveTransformation: description: Required. Primitive transformation to apply to the infoType. properties: bucketingConfig: description: Bucketing properties: buckets: description: Set of buckets. Ranges must be non-overlapping. items: properties: max: description: Upper bound of the range, exclusive; type must match min. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object min: description: Lower bound of the range, inclusive. Type should be the same as max if used. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object replacementValue: description: Required. Replacement value for this bucket. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - replacementValue type: object type: array type: object characterMaskConfig: description: Mask properties: charactersToIgnore: description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. items: properties: charactersToSkip: description: Characters to not transform when masking. type: string commonCharactersToIgnore: description: 'Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE' type: string type: object type: array maskingCharacter: description: Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. type: string numberToMask: description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. format: int64 type: integer reverseOrder: description: Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. type: boolean type: object cryptoDeterministicConfig: description: Deterministic Crypto properties: context: description: 'A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object surrogateInfoType: description: 'The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom info type ''Surrogate''. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: object cryptoHashConfig: description: Crypto properties: cryptoKey: description: The key used by the hash function. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object type: object cryptoReplaceFfxFpeConfig: description: Ffx-Fpe properties: commonAlphabet: description: 'Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' type: string context: description: 'The ''tweak'', a context may be used for higher security since the same identifier in two different contexts won''t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Required. The key used by the encryption algorithm. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object customAlphabet: description: 'This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' type: string radix: description: The native way to select the alphabet. Must be in the range [2, 95]. format: int64 type: integer surrogateInfoType: description: 'The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object required: - cryptoKey type: object dateShiftConfig: description: Date Shift properties: context: description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object lowerBoundDays: description: Required. For example, -5 means shift date to at most 5 days back in the past. format: int64 type: integer upperBoundDays: description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. format: int64 type: integer required: - lowerBoundDays - upperBoundDays type: object fixedSizeBucketingConfig: description: Fixed size bucketing properties: bucketSize: description: 'Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.' format: double type: number lowerBound: description: Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object upperBound: description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - bucketSize - lowerBound - upperBound type: object redactConfig: description: Redact type: object x-kubernetes-preserve-unknown-fields: true replaceConfig: description: Replace with a specified value. properties: newValue: description: Value to replace it with. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object type: object replaceWithInfoTypeConfig: description: Replace with infotype type: object x-kubernetes-preserve-unknown-fields: true timePartConfig: description: Time extraction properties: partToExtract: description: 'The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY' type: string type: object type: object required: - primitiveTransformation type: object type: array required: - transformations type: object primitiveTransformation: description: Apply the transformation to the entire field. properties: bucketingConfig: description: Bucketing properties: buckets: description: Set of buckets. Ranges must be non-overlapping. items: properties: max: description: Upper bound of the range, exclusive; type must match min. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object min: description: Lower bound of the range, inclusive. Type should be the same as max if used. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object replacementValue: description: Required. Replacement value for this bucket. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - replacementValue type: object type: array type: object characterMaskConfig: description: Mask properties: charactersToIgnore: description: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. items: properties: charactersToSkip: description: Characters to not transform when masking. type: string commonCharactersToIgnore: description: 'Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE' type: string type: object type: array maskingCharacter: description: Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. type: string numberToMask: description: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. format: int64 type: integer reverseOrder: description: Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. type: boolean type: object cryptoDeterministicConfig: description: Deterministic Crypto properties: context: description: 'A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object surrogateInfoType: description: 'The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom info type ''Surrogate''. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: object cryptoHashConfig: description: Crypto properties: cryptoKey: description: The key used by the hash function. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object type: object cryptoReplaceFfxFpeConfig: description: Ffx-Fpe properties: commonAlphabet: description: 'Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' type: string context: description: 'The ''tweak'', a context may be used for higher security since the same identifier in two different contexts won''t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2' properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Required. The key used by the encryption algorithm. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object customAlphabet: description: 'This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' type: string radix: description: The native way to select the alphabet. Must be in the range [2, 95]. format: int64 type: integer surrogateInfoType: description: 'The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ''MY_TOKEN_INFO_TYPE'' and the surrogate is ''abc'', the full replacement value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE' properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object required: - cryptoKey type: object dateShiftConfig: description: Date Shift properties: context: description: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. properties: name: description: Name describing the field. type: string type: object cryptoKey: description: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. properties: kmsWrapped: description: Key wrapped using Cloud KMS properties: cryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The resource name of the KMS CryptoKey to use for unwrapping. Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object wrappedKey: description: Required. The wrapped data crypto key. type: string required: - cryptoKeyRef - wrappedKey type: object transient: description: Transient crypto key properties: name: description: 'Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).' type: string required: - name type: object unwrapped: description: Unwrapped crypto key properties: key: description: Required. A 128/192/256 bit key. type: string required: - key type: object type: object lowerBoundDays: description: Required. For example, -5 means shift date to at most 5 days back in the past. format: int64 type: integer upperBoundDays: description: Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. format: int64 type: integer required: - lowerBoundDays - upperBoundDays type: object fixedSizeBucketingConfig: description: Fixed size bucketing properties: bucketSize: description: 'Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.' format: double type: number lowerBound: description: Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object upperBound: description: Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - bucketSize - lowerBound - upperBound type: object redactConfig: description: Redact type: object x-kubernetes-preserve-unknown-fields: true replaceConfig: description: Replace with a specified value. properties: newValue: description: Value to replace it with. properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object type: object replaceWithInfoTypeConfig: description: Replace with infotype type: object x-kubernetes-preserve-unknown-fields: true timePartConfig: description: Time extraction properties: partToExtract: description: 'The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY' type: string type: object type: object required: - fields type: object type: array recordSuppressions: description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. items: properties: condition: description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. properties: expressions: description: An expression. properties: conditions: description: Conditions to apply to the expression. properties: conditions: description: A collection of conditions. items: properties: field: description: Required. Field within the record this condition is evaluated against. properties: name: description: Name describing the field. type: string type: object operator: description: 'Required. Operator used to compare the field or infoType to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND' type: string value: description: Value to compare against. [Mandatory, except for `EXISTS` tests.] properties: booleanValue: description: boolean type: boolean dateValue: description: date properties: day: description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. format: int64 type: integer month: description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. format: int64 type: integer year: description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. format: int64 type: integer type: object dayOfWeekValue: description: 'day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY' type: string floatValue: description: float format: double type: number integerValue: description: integer format: int64 type: integer stringValue: description: string type: string timeValue: description: time of day properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. format: int64 type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. format: int64 type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. format: int64 type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. format: int64 type: integer type: object timestampValue: description: timestamp format: date-time type: string type: object required: - field - operator type: object type: array type: object logicalOperator: description: 'The operator to apply to the result of conditions. Default and currently only supported value is `AND`. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND' type: string type: object type: object type: object type: array type: object transformationErrorHandling: description: Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. properties: leaveUntransformed: description: Ignore errors type: object x-kubernetes-preserve-unknown-fields: true throwError: description: Throw an error type: object x-kubernetes-preserve-unknown-fields: true type: object type: object description: description: Short description (max 256 chars). type: string displayName: description: Display name (max 256 chars). type: string location: description: Immutable. The location of the resource type: string organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of an inspectTemplate. format: date-time type: string locationId: description: Output only. The geographic location where this resource is stored. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of an inspectTemplate. format: date-time type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dlpinspecttemplates.dlp.cnrm.cloud.google.com spec: group: dlp.cnrm.cloud.google.com names: categories: - gcp kind: DLPInspectTemplate plural: dlpinspecttemplates shortNames: - gcpdlpinspecttemplate - gcpdlpinspecttemplates singular: dlpinspecttemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - organizationRef - required: - projectRef properties: description: description: Short description (max 256 chars). type: string displayName: description: Display name (max 256 chars). type: string inspectConfig: description: The core content of the template. Configuration of the scanning process. properties: contentOptions: description: List of options defining data content to scan. If empty, text, images, and other content will be included. items: type: string type: array customInfoTypes: description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. items: properties: dictionary: description: A list of phrases to detect as a CustomInfoType. properties: cloudStoragePath: description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object wordList: description: List of words or phrases to search for. properties: words: description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] items: type: string type: array type: object type: object exclusionType: description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' type: string infoType: description: CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type. properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object likelihood: description: 'Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string regex: description: Regular expression based CustomInfoType. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object storedType: description: Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`. properties: createTime: description: Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system. format: date-time type: string nameRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object surrogateType: description: Message for detecting output from deidentification transformations that support reversing. type: object x-kubernetes-preserve-unknown-fields: true type: object type: array excludeInfoTypes: description: When true, excludes type information of the findings. type: boolean includeQuote: description: When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. type: boolean infoTypes: description: Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array limits: description: Configuration to control the number of findings returned. properties: maxFindingsPerInfoType: description: Configuration of findings limit given for specified infoTypes. items: properties: infoType: description: Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit. properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object maxFindings: description: Max findings limit for the given infoType. format: int64 type: integer type: object type: array maxFindingsPerItem: description: Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored. format: int64 type: integer maxFindingsPerRequest: description: Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher. format: int64 type: integer type: object minLikelihood: description: 'Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string ruleSet: description: Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. items: properties: infoTypes: description: List of infoTypes this rule set is applied to. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array rules: description: Set of rules to be applied to infoTypes. The rules are applied in order. items: properties: exclusionRule: description: Exclusion rule. properties: dictionary: description: Dictionary which defines the rule. properties: cloudStoragePath: description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object wordList: description: List of words or phrases to search for. properties: words: description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] items: type: string type: array type: object type: object excludeInfoTypes: description: Set of infoTypes for which findings would affect this rule. properties: infoTypes: description: InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and `exclusion_rule` containing `exclude_info_types.info_types` with "EMAIL_ADDRESS" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to "555-222-2222@example.org" to generate only a single finding, namely email address. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array type: object matchingType: description: 'How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' type: string regex: description: Regular expression which defines the rule. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object type: object hotwordRule: properties: hotwordRegex: description: Regular expression pattern defining what qualifies as a hotword. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object likelihoodAdjustment: description: Likelihood adjustment to apply to all matching findings. properties: fixedLikelihood: description: 'Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string relativeLikelihood: description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`. format: int64 type: integer type: object proximity: description: Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(d{3}) d{3}-d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question. properties: windowAfter: description: Number of characters after the finding to consider. format: int64 type: integer windowBefore: description: Number of characters before the finding to consider. format: int64 type: integer type: object type: object type: object type: array type: object type: array type: object location: description: Immutable. The location of the resource type: string organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of an inspectTemplate. format: date-time type: string locationId: description: Output only. The geographic location where this resource is stored. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of an inspectTemplate. format: date-time type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dlpjobtriggers.dlp.cnrm.cloud.google.com spec: group: dlp.cnrm.cloud.google.com names: categories: - gcp kind: DLPJobTrigger plural: dlpjobtriggers shortNames: - gcpdlpjobtrigger - gcpdlpjobtriggers singular: dlpjobtrigger preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: User provided description (max 256 chars) type: string displayName: description: Display name (max 100 chars) type: string inspectJob: description: For inspect jobs, a snapshot of the configuration. properties: actions: description: Actions to execute at the completion of the job. items: properties: jobNotificationEmails: description: Enable email notification for project owners and editors on job's completion/failure. type: object x-kubernetes-preserve-unknown-fields: true pubSub: description: Publish a notification to a pubsub topic. properties: topicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object publishFindingsToCloudDataCatalog: description: Publish findings to Cloud Datahub. type: object x-kubernetes-preserve-unknown-fields: true publishSummaryToCscc: description: Publish summary to Cloud Security Command Center (Alpha). type: object x-kubernetes-preserve-unknown-fields: true publishToStackdriver: description: Enable Stackdriver metric dlp.googleapis.com/finding_count. type: object x-kubernetes-preserve-unknown-fields: true saveFindings: description: Save resulting findings in a provided location. properties: outputConfig: description: Location to store findings outside of DLP. properties: dlpStorage: description: Store findings directly to DLP. If neither this or bigquery is chosen only summary stats of total infotype count will be stored. Quotes will not be stored to dlp findings. If quotes are needed, store to BigQuery. Currently only for inspect jobs. type: object x-kubernetes-preserve-unknown-fields: true outputSchema: description: 'Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the `Finding` object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, BIG_QUERY_COLUMNS, ALL_COLUMNS' type: string table: description: 'Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the `Finding` object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.' properties: datasetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Dataset ID of the table. Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tableRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Name of the table. Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: object type: object type: object type: array inspectConfig: description: How and what to scan for. properties: customInfoTypes: description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. items: properties: detectionRules: description: Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the `surrogate_type` CustomInfoType. items: properties: hotwordRule: description: Hotword-based detection rule. properties: hotwordRegex: description: Regular expression pattern defining what qualifies as a hotword. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object likelihoodAdjustment: description: Likelihood adjustment to apply to all matching findings. properties: fixedLikelihood: description: 'Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string relativeLikelihood: description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`. format: int64 type: integer type: object proximity: description: Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(d{3}) d{3}-d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question. properties: windowAfter: description: Number of characters after the finding to consider. format: int64 type: integer windowBefore: description: Number of characters before the finding to consider. format: int64 type: integer type: object type: object type: object type: array dictionary: description: A list of phrases to detect as a CustomInfoType. properties: cloudStoragePath: description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object wordList: description: List of words or phrases to search for. properties: words: description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] items: type: string type: array type: object type: object exclusionType: description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' type: string infoType: description: CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type. properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string version: description: Optional version name for this InfoType. type: string type: object likelihood: description: 'Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string regex: description: Regular expression based CustomInfoType. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object storedType: description: Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`. properties: createTime: description: Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system. format: date-time type: string nameRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object surrogateType: description: Message for detecting output from deidentification transformations that support reversing. type: object x-kubernetes-preserve-unknown-fields: true type: object type: array excludeInfoTypes: description: When true, excludes type information of the findings. This is not used for data profiling. type: boolean includeQuote: description: When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. This is not used for data profiling. type: boolean infoTypes: description: Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string type: object type: array limits: description: Configuration to control the number of findings returned. This is not used for data profiling. properties: maxFindingsPerInfoType: description: Configuration of findings limit given for specified infoTypes. items: properties: infoType: description: Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit. properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string version: description: Optional version name for this InfoType. type: string type: object maxFindings: description: Max findings limit for the given infoType. format: int64 type: integer type: object type: array maxFindingsPerItem: description: Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored. format: int64 type: integer maxFindingsPerRequest: description: Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher. format: int64 type: integer type: object minLikelihood: description: 'Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string ruleSet: description: Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. items: properties: infoTypes: description: List of infoTypes this rule set is applied to. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string version: description: Optional version name for this InfoType. type: string type: object type: array rules: description: Set of rules to be applied to infoTypes. The rules are applied in order. items: properties: exclusionRule: description: Exclusion rule. properties: dictionary: description: Dictionary which defines the rule. properties: cloudStoragePath: description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object wordList: description: List of words or phrases to search for. properties: words: description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] items: type: string type: array type: object type: object excludeInfoTypes: description: Set of infoTypes for which findings would affect this rule. properties: infoTypes: description: InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and `exclusion_rule` containing `exclude_info_types.info_types` with "EMAIL_ADDRESS" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to "555-222-2222@example.org" to generate only a single finding, namely email address. items: properties: name: description: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string version: description: Optional version name for this InfoType. type: string type: object type: array type: object matchingType: description: 'How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' type: string regex: description: Regular expression which defines the rule. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object type: object hotwordRule: properties: hotwordRegex: description: Regular expression pattern defining what qualifies as a hotword. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string type: object likelihoodAdjustment: description: Likelihood adjustment to apply to all matching findings. properties: fixedLikelihood: description: 'Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' type: string relativeLikelihood: description: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`. format: int64 type: integer type: object proximity: description: Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(d{3}) d{3}-d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question. properties: windowAfter: description: Number of characters after the finding to consider. format: int64 type: integer windowBefore: description: Number of characters before the finding to consider. format: int64 type: integer type: object type: object type: object type: array type: object type: array type: object inspectTemplateRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object storageConfig: description: The data to scan. properties: bigQueryOptions: description: BigQuery options. properties: excludedFields: description: References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. items: properties: name: description: Name describing the field. type: string type: object type: array identifyingFields: description: Table fields that may uniquely identify a row within the table. When `actions.saveFindings.outputConfig.table` is specified, the values of columns specified here are available in the output table under `location.content_locations.record_location.record_key.id_values`. Nested fields such as `person.birthdate.year` are allowed. items: properties: name: description: Name describing the field. type: string type: object type: array includedFields: description: Limit scanning only to these fields. items: properties: name: description: Name describing the field. type: string type: object type: array rowsLimit: description: Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. format: int64 type: integer rowsLimitPercent: description: Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. format: int64 type: integer sampleMethod: description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, TOP, RANDOM_START' type: string tableReference: description: Complete BigQuery table reference. properties: datasetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Dataset ID of the table. Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tableRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Name of the table. Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object required: - tableReference type: object cloudStorageOptions: description: Google Cloud Storage options. properties: bytesLimitPerFile: description: Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. Cannot be set if de-identification is requested. format: int64 type: integer bytesLimitPerFilePercent: description: Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. Cannot be set if de-identification is requested. format: int64 type: integer fileSet: description: The set of one or more files to scan. properties: regexFileSet: description: The regex-filtered set of files to scan. Exactly one of `url` or `regex_file_set` must be set. properties: bucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of a Cloud Storage bucket. Required. Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object excludeRegex: description: A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. items: type: string type: array includeRegex: description: A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in `exclude_regex`. Leaving this field empty will match all files by default (this is equivalent to including `.*` in the list). Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. items: type: string type: array required: - bucketRef type: object url: description: The Cloud Storage url of the file(s) to scan, in the format `gs:///`. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that `gs://mybucket/` is equivalent to `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to `gs://mybucket/directory/*`. Exactly one of `url` or `regex_file_set` must be set. type: string type: object fileTypes: description: List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. items: type: string type: array filesLimitPercent: description: Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. format: int64 type: integer sampleMethod: description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, TOP, RANDOM_START' type: string type: object datastoreOptions: description: Google Cloud Datastore options. properties: kind: description: The kind to process. properties: name: description: The name of the kind. type: string type: object partitionId: description: A partition ID identifies a grouping of entities. The grouping is always by project namespace ID may be empty. properties: namespaceId: description: If not empty, the ID of the namespace to which the entities belong. type: string projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The ID of the project to which the entities belong. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: object hybridOptions: description: Hybrid inspection options. properties: description: description: A short description of where the data is coming from. Will be stored once in the job. 256 max length. type: string labels: additionalProperties: type: string description: 'To organize findings, these labels will be added to each finding. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 10 labels can be associated with a given finding. Examples: * `"environment" : "production"` * `"pipeline" : "etl"`' type: object requiredFindingLabelKeys: description: 'These are labels that each inspection request must include within their ''finding_labels'' map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can be required.' items: type: string type: array tableOptions: description: If the container is a table, additional information to make findings meaningful such as the columns that are primary keys. properties: identifyingFields: description: The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided. items: properties: name: description: Name describing the field. type: string type: object type: array type: object type: object timespanConfig: properties: enableAutoPopulationOfTimespanConfig: description: When the job is started by a JobTrigger we will automatically figure out a valid start_time to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger. type: boolean endTime: description: Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied. format: date-time type: string startTime: description: Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied. format: date-time type: string timestampField: description: 'Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery: If this value is not specified and the table was modified between the given start and end times, the entire table will be scanned. If this value is specified, then rows are filtered based on the given start and end times. Rows with a `NULL` value in the provided BigQuery column are skipped. Valid data types of the provided BigQuery column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. For Datastore: If this value is specified, then entities are filtered based on the given start and end times. If an entity does not contain the provided timestamp property or contains empty or invalid values, then it is included. Valid data types of the provided timestamp property are: `TIMESTAMP`.' properties: name: description: Name describing the field. type: string type: object type: object type: object required: - storageConfig type: object location: description: Immutable. The location of the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. Only one of [projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string status: description: 'Immutable. Required. A status for this trigger. Possible values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' type: string triggers: description: A list of triggers which will be OR'ed together. Only one in the list needs to trigger for a job to be started. The list may contain only a single Schedule trigger and must have at least one object. items: properties: manual: description: For use with hybrid jobs. Jobs must be manually created and finished. type: object x-kubernetes-preserve-unknown-fields: true schedule: description: Create a job on a repeating basis based on the elapse of time. properties: recurrencePeriodDuration: description: 'With this option a job is started a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.' type: string type: object type: object type: array required: - inspectJob - projectRef - status - triggers type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of a triggeredJob. format: date-time type: string errors: description: Output only. A stream of errors encountered when the trigger was activated. Repeated errors may result in the JobTrigger automatically being paused. Will return the last 100 errors. Whenever the JobTrigger is modified this list will be cleared. items: properties: details: description: Detailed error codes and messages. properties: code: description: The status code, which should be an enum value of google.rpc.Code. format: int64 type: integer details: description: A list of messages that carry the error details. There is a common set of message types for APIs to use. items: properties: typeUrl: description: 'A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL''s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading "." is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a google.protobuf.Type value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.' type: string value: description: Must be a valid serialized protocol buffer of the above specified type. type: string type: object type: array message: description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. type: string type: object timestamps: description: The times the error occurred. items: format: date-time type: string type: array type: object type: array lastRunTime: description: Output only. The timestamp of the last time this trigger executed. format: date-time type: string locationId: description: Output only. The geographic location where this resource is stored. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of a triggeredJob. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com spec: group: dlp.cnrm.cloud.google.com names: categories: - gcp kind: DLPStoredInfoType plural: dlpstoredinfotypes shortNames: - gcpdlpstoredinfotype - gcpdlpstoredinfotypes singular: dlpstoredinfotype preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - organizationRef - required: - projectRef properties: description: description: Description of the StoredInfoType (max 256 characters). type: string dictionary: description: Store dictionary-based CustomInfoType. properties: cloudStoragePath: description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string required: - path type: object wordList: description: List of words or phrases to search for. properties: words: description: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] items: type: string type: array required: - words type: object type: object displayName: description: Display name of the StoredInfoType (max 256 characters). type: string largeCustomDictionary: description: StoredInfoType where findings are defined by a dictionary of phrases. properties: bigQueryField: description: Field in a BigQuery table where each cell represents a dictionary phrase. properties: field: description: Designated field in the BigQuery table. properties: name: description: Name describing the field. type: string type: object table: description: Source table of the field. properties: datasetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Dataset ID of the table. Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object tableRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Name of the table. Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: object cloudStorageFileSet: description: Set of files containing newline-delimited lists of dictionary phrases. properties: url: description: The url, in the format `gs:///`. Trailing wildcard in the path is allowed. type: string required: - url type: object outputPath: description: Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. properties: path: description: 'A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' type: string required: - path type: object type: object location: description: Immutable. The location of the resource type: string organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object regex: description: Store regular expression-based StoredInfoType. properties: groupIndexes: description: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. items: format: int64 type: integer type: array pattern: description: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. type: string required: - pattern type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dnsmanagedzones.dns.cnrm.cloud.google.com spec: group: dns.cnrm.cloud.google.com names: categories: - gcp kind: DNSManagedZone plural: dnsmanagedzones shortNames: - gcpdnsmanagedzone - gcpdnsmanagedzones singular: dnsmanagedzone preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cloudLoggingConfig: description: Cloud logging configuration. properties: enableLogging: description: If set, enable query logging for this ManagedZone. False by default, making logging opt-in. type: boolean required: - enableLogging type: object description: description: A textual description field. Defaults to 'Managed by Config Connector'. type: string dnsName: description: Immutable. The DNS name of this managed zone, for instance "example.com.". type: string dnssecConfig: description: DNSSEC configuration. properties: defaultKeySpecs: description: |- Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is 'off'. items: properties: algorithm: description: 'String mnemonic specifying the DNSSEC algorithm of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512"].' type: string keyLength: description: Length of the keys in bits. type: integer keyType: description: |- Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. type: string kind: description: Identifies what kind of resource this is. type: string type: object type: array kind: description: Identifies what kind of resource this is. type: string nonExistence: description: |- Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. type: string state: description: 'Specifies whether DNSSEC is enabled, and what mode it is in Possible values: ["off", "on", "transfer"].' type: string type: object forwardingConfig: description: |- The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. properties: targetNameServers: description: |- List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. items: properties: forwardingPath: description: |- Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. type: string ipv4Address: description: IPv4 address of a target name server. type: string required: - ipv4Address type: object type: array required: - targetNameServers type: object peeringConfig: description: |- The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. properties: targetNetwork: description: The network with which to peer. properties: networkRef: description: VPC network to forward queries to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - networkRef type: object required: - targetNetwork type: object privateVisibilityConfig: description: |- For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. properties: gkeClusters: description: The list of Google Kubernetes Engine clusters that can see this zone. items: properties: gkeClusterNameRef: description: |- The resource name of the cluster to bind this ManagedZone to. This should be specified in the format like 'projects/*/locations/*/clusters/*'. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ContainerCluster` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - gkeClusterNameRef type: object type: array networks: items: properties: networkRef: description: VPC network to bind to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - networkRef type: object type: array required: - networks type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string reverseLookup: description: |- Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under 'private_visibility_config'. type: boolean serviceDirectoryConfig: description: Immutable. The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. properties: namespace: description: The namespace associated with the zone. properties: namespaceUrl: description: |- The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' Ignored for 'public' visibility zones. type: string required: - namespaceUrl type: object required: - namespace type: object visibility: description: |- Immutable. The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. type: string required: - dnsName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTime: description: |- The time that this resource was created on the server. This is in RFC3339 text format. type: string managedZoneId: description: Unique identifier for the resource; defined by the server. type: integer nameServers: description: |- Delegate your managed_zone to these virtual name servers; defined by the server. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dnspolicies.dns.cnrm.cloud.google.com spec: group: dns.cnrm.cloud.google.com names: categories: - gcp kind: DNSPolicy plural: dnspolicies shortNames: - gcpdnspolicy - gcpdnspolicies singular: dnspolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: alternativeNameServerConfig: description: |- Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. properties: targetNameServers: description: |- Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. items: properties: forwardingPath: description: |- Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. type: string ipv4Address: description: IPv4 address to forward to. type: string required: - ipv4Address type: object type: array required: - targetNameServers type: object description: description: A textual description field. Defaults to 'Managed by Config Connector'. type: string enableInboundForwarding: description: |- Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy. type: boolean enableLogging: description: |- Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set. type: boolean networks: description: List of network names specifying networks to which this policy is applied. items: properties: networkRef: description: VPC network to bind to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - networkRef type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dnsrecordsets.dns.cnrm.cloud.google.com spec: group: dns.cnrm.cloud.google.com names: categories: - gcp kind: DNSRecordSet plural: dnsrecordsets shortNames: - gcpdnsrecordset - gcpdnsrecordsets singular: dnsrecordset preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - rrdatas - required: - rrdatasRefs properties: managedZoneRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `DNSManagedZone` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object name: description: Immutable. The DNS name this record set will apply to. type: string rrdatas: description: DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.rrdatasRefs` instead. items: type: string type: array rrdatasRefs: items: oneOf: - not: required: - external required: - name - kind - not: anyOf: - required: - name - required: - namespace - required: - kind required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string kind: description: 'Kind of the referent. Allowed values: ComputeAddress' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array ttl: description: The time-to-live of this record set (seconds). type: integer type: description: The DNS record set type. type: string required: - managedZoneRef - name - type type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dnsresponsepolicies.dns.cnrm.cloud.google.com spec: group: dns.cnrm.cloud.google.com names: categories: - gcp kind: DNSResponsePolicy plural: dnsresponsepolicies shortNames: - gcpdnsresponsepolicy - gcpdnsresponsepolicies singular: dnsresponsepolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the response policy, such as 'My new response policy'. type: string gkeClusters: description: The list of Google Kubernetes Engine clusters that can see this zone. items: properties: gkeClusterName: description: |- The resource name of the cluster to bind this ManagedZone to. This should be specified in the format like 'projects/*/locations/*/clusters/*'. type: string required: - gkeClusterName type: object type: array networks: description: The list of network names specifying networks to which this policy is applied. items: properties: networkUrl: description: |- The fully qualified URL of the VPC network to bind to. This should be formatted like 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. type: string required: - networkUrl type: object type: array projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The responsePolicyName of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com spec: group: dns.cnrm.cloud.google.com names: categories: - gcp kind: DNSResponsePolicyRule plural: dnsresponsepolicyrules shortNames: - gcpdnsresponsepolicyrule - gcpdnsresponsepolicyrules singular: dnsresponsepolicyrule preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: behavior: description: Answer this query with a behavior rather than DNS data. Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string dnsName: description: The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule. type: string localData: description: |- Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. properties: localDatas: description: All resource record sets for this selector, one per resource record type. The name must match the dns_name. items: properties: name: description: For example, www.example.com. type: string rrdatas: description: As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). items: type: string type: array ttl: description: |- Number of seconds that this ResourceRecordSet can be cached by resolvers. type: integer type: description: 'One of valid DNS resource types. Possible values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' type: string required: - name - type type: object type: array required: - localDatas type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The ruleName of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string responsePolicy: description: Identifies the response policy addressed by this request. type: string required: - dnsName - projectRef - responsePolicy type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com spec: group: documentai.cnrm.cloud.google.com names: categories: - gcp kind: DocumentAIProcessorDefaultVersion plural: documentaiprocessordefaultversions shortNames: - gcpdocumentaiprocessordefaultversion - gcpdocumentaiprocessordefaultversions singular: documentaiprocessordefaultversion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: resourceID: description: Immutable. Optional. The processor of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string version: description: |- Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. type: string required: - version type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: documentaiprocessors.documentai.cnrm.cloud.google.com spec: group: documentai.cnrm.cloud.google.com names: categories: - gcp kind: DocumentAIProcessor plural: documentaiprocessors shortNames: - gcpdocumentaiprocessor - gcpdocumentaiprocessors singular: documentaiprocessor preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Immutable. The display name. Must be unique. type: string kmsKeyName: description: Immutable. The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management. type: string location: description: Immutable. The location of the resource. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string type: description: Immutable. The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). type: string required: - displayName - location - projectRef - type type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com spec: group: essentialcontacts.cnrm.cloud.google.com names: categories: - gcp kind: EssentialContactsContact plural: essentialcontactscontacts shortNames: - gcpessentialcontactscontact - gcpessentialcontactscontacts singular: essentialcontactscontact preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: email: description: Immutable. The email address to send notifications to. This does not need to be a Google account. type: string languageTag: description: The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages. type: string notificationCategorySubscriptions: description: The categories of notifications that the contact will receive communications for. items: type: string type: array parent: description: 'Immutable. The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - email - languageTag - notificationCategorySubscriptions - parent type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: group: eventarc.cnrm.cloud.google.com names: categories: - gcp kind: EventarcTrigger plural: eventarctriggers shortNames: - gcpeventarctrigger - gcpeventarctriggers singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: channelRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners. type: string name: description: |- [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object destination: description: Required. Destination specifies where the events should be sent to. properties: cloudFunctionRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object cloudRunService: description: Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger. properties: path: description: 'Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute".' type: string region: description: Required. The region the Cloud Run service is deployed in. type: string serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - region - serviceRef type: object gke: description: A GKE service capable of receiving events. The service should be running in the same project as the trigger. properties: clusterRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. Allowed value: The `selfLink` field of a `ContainerCluster` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters. type: string namespace: description: Required. The namespace the GKE service is running in. type: string path: description: 'Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: "/route", "route", "route/subroute".' type: string service: description: Required. Name of the GKE service. type: string required: - clusterRef - location - namespace - service type: object workflowRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`' type: string name: description: |- [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object location: description: Immutable. The location for the resource type: string matchingCriteria: description: Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination. items: properties: attribute: description: Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute. type: string operator: description: Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`. type: string value: description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values. type: string required: - attribute - value type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object transport: description: Immutable. Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes. properties: pubsub: description: Immutable. The Pub/Sub topic and subscription used by Eventarc as delivery intermediary. properties: topicRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: object required: - destination - location - matchingCriteria - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation time. format: date-time type: string etag: description: Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer resourceConditions: additionalProperties: type: string description: Output only. The reason(s) why a trigger is in FAILED state. type: object transport: properties: pubsub: properties: subscription: description: 'Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' type: string type: object type: object uid: description: Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. type: string updateTime: description: Output only. The last-modified time. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: filestorebackups.filestore.cnrm.cloud.google.com spec: group: filestore.cnrm.cloud.google.com names: categories: - gcp kind: FilestoreBackup plural: filestorebackups shortNames: - gcpfilestorebackup - gcpfilestorebackups singular: filestorebackup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected. type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sourceFileShare: description: Immutable. Name of the file share in the source Cloud Filestore instance that the backup is created from. type: string sourceInstanceRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location - projectRef - sourceFileShare - sourceInstanceRef type: object status: properties: capacityGb: description: Output only. Capacity of the source file share when the backup was created. format: int64 type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time when the backup was created. format: date-time type: string downloadBytes: description: Output only. Amount of bytes that will be downloaded if the backup is restored. This may be different than storage bytes, since sequential backups of the same disk will share storage. format: int64 type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer sourceInstanceTier: description: 'Output only. The service tier of the source Cloud Filestore instance that this backup is created from. Possible values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' type: string state: description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' type: string storageBytes: description: Output only. The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. format: int64 type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: filestoreinstances.filestore.cnrm.cloud.google.com spec: group: filestore.cnrm.cloud.google.com names: categories: - gcp kind: FilestoreInstance plural: filestoreinstances shortNames: - gcpfilestoreinstance - gcpfilestoreinstances singular: filestoreinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the instance (2048 characters or less). type: string fileShares: description: File system shares on the instance. For this version, only a single file share is supported. items: properties: capacityGb: description: File share capacity in gigabytes (GB). Cloud Filestore defines 1 GB as 1024^3 bytes. format: int64 type: integer name: description: The name of the file share (must be 16 characters or less). type: string nfsExportOptions: description: Nfs Export Options. There is a limit of 10 export options per file share. items: properties: accessMode: description: 'Either READ_ONLY, for allowing only read requests on the exported directory, or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, READ_ONLY, READ_WRITE' type: string anonGid: description: An integer representing the anonymous group id with a default value of 65534. Anon_gid may only be set with squash_mode of ROOT_SQUASH. An error will be returned if this field is specified for other squash_mode settings. format: int64 type: integer anonUid: description: An integer representing the anonymous user id with a default value of 65534. Anon_uid may only be set with squash_mode of ROOT_SQUASH. An error will be returned if this field is specified for other squash_mode settings. format: int64 type: integer ipRanges: description: List of either an IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask size}` which may mount the file share. Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions. items: type: string type: array squashMode: description: 'Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, for not allowing root access. The default is NO_ROOT_SQUASH. Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, ROOT_SQUASH' type: string type: object type: array sourceBackupRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array location: description: Immutable. The location for the resource type: string networks: description: Immutable. VPC networks to which the instance is connected. For this version, only a single network is supported. items: properties: ipAddresses: description: Immutable. Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. items: type: string type: array modes: description: Immutable. Internet protocol versions for which the instance has IP addresses assigned. For this version, only MODE_IPV4 is supported. items: type: string type: array networkRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object reservedIPRange: description: Immutable. A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network. type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string tier: description: 'Immutable. The service tier of the instance. Possible values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ENTERPRISE' type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time when the instance was created. format: date-time type: string etag: description: Server-specified ETag for the instance resource to prevent simultaneous updates from overwriting each other. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, CREATING, READY, REPAIRING, DELETING, ERROR' type: string statusMessage: description: Output only. Additional information about the instance state, if available. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: filestoresnapshots.filestore.cnrm.cloud.google.com spec: group: filestore.cnrm.cloud.google.com names: categories: - gcp kind: FilestoreSnapshot plural: filestoresnapshots shortNames: - gcpfilestoresnapshot - gcpfilestoresnapshots singular: filestoresnapshot preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. type: string instance: description: Immutable. The resource name of the filestore instance. type: string location: description: Immutable. The name of the location of the instance. This can be a region for ENTERPRISE tier instances. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - instance - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time when the snapshot was created in RFC3339 text format. type: string filesystemUsedBytes: description: The amount of bytes needed to allocate a full copy of the snapshot content. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: The snapshot state. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebaseandroidapps.firebase.cnrm.cloud.google.com spec: group: firebase.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseAndroidApp plural: firebaseandroidapps shortNames: - gcpfirebaseandroidapp - gcpfirebaseandroidapps singular: firebaseandroidapp preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: deletionPolicy: type: string displayName: description: The user-assigned display name of the AndroidApp. type: string packageName: description: |- Immutable. The canonical package name of the Android app as would appear in the Google Play Developer Console. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated appId of the resource. Used for acquisition only. Leave unset to create a new resource. type: string sha1Hashes: description: The SHA1 certificate hashes for the AndroidApp. items: type: string type: array sha256Hashes: description: The SHA256 certificate hashes for the AndroidApp. items: type: string type: array required: - displayName - projectRef type: object status: properties: appId: description: |- The globally unique, Firebase-assigned identifier of the AndroidApp. This identifier should be treated as an opaque token, as the data format is not specified. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: |- This checksum is computed by the server based on the value of other fields, and it may be sent with update requests to ensure the client has an up-to-date value before proceeding. type: string name: description: |- The fully qualified resource name of the AndroidApp, for example: projects/projectId/androidApps/appId. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com spec: group: firebasedatabase.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseDatabaseInstance plural: firebasedatabaseinstances shortNames: - gcpfirebasedatabaseinstance - gcpfirebasedatabaseinstances singular: firebasedatabaseinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: desiredState: description: The intended database state. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: |- Immutable. A reference to the region where the Firebase Realtime database resides. Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). type: string resourceID: description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: |- Immutable. The database type. Each project can create one default Firebase Realtime Database, which cannot be deleted once created. Creating user Databases is only available for projects on the Blaze plan. Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. type: string required: - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array databaseUrl: description: |- The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances or https://{instance-id}.{region}.firebasedatabase.app in other regions. type: string name: description: |- The fully-qualified resource name of the Firebase Realtime Database, in the format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: The current database state. Set desired_state to :DISABLED to disable the database and :ACTIVE to reenable the database. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com spec: group: firebasehosting.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseHostingChannel plural: firebasehostingchannels shortNames: - gcpfirebasehostingchannel - gcpfirebasehostingchannels singular: firebasehostingchannel preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: expireTime: description: |- The time at which the channel will be automatically deleted. If null, the channel will not be automatically deleted. This field is present in the output whether it's set directly or via the 'ttl' field. type: string resourceID: description: Immutable. Optional. The channelId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retainedReleaseCount: description: |- The number of previous releases to retain on the channel for rollback or other purposes. Must be a number between 1-100. Defaults to 10 for new channels. type: integer siteId: description: Immutable. Required. The ID of the site in which to create this channel. type: string ttl: description: |- Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided duration past the time of the request. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "86400s" (one day). type: string required: - siteId type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The fully-qualified resource name for the channel, in the format: sites/SITE_ID/channels/CHANNEL_ID. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com spec: group: firebasehosting.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseHostingSite plural: firebasehostingsites shortNames: - gcpfirebasehostingsite - gcpfirebasehostingsites singular: firebasehostingsite preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: appId: description: |- Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) associated with the Hosting site. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The siteId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array defaultUrl: description: The default URL for the site in the form of https://{name}.web.app. type: string name: description: |- Output only. The fully-qualified resource name of the Hosting site, in the format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebaseprojects.firebase.cnrm.cloud.google.com spec: group: firebase.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseProject plural: firebaseprojects shortNames: - gcpfirebaseproject - gcpfirebaseprojects singular: firebaseproject preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The project of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array displayName: description: The GCP project display name. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer projectNumber: description: The number of the google project that firebase is enabled on. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com spec: group: firebasestorage.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseStorageBucket plural: firebasestoragebuckets shortNames: - gcpfirebasestoragebucket - gcpfirebasestoragebuckets singular: firebasestoragebucket preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The bucketId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firebasewebapps.firebase.cnrm.cloud.google.com spec: group: firebase.cnrm.cloud.google.com names: categories: - gcp kind: FirebaseWebApp plural: firebasewebapps shortNames: - gcpfirebasewebapp - gcpfirebasewebapps singular: firebasewebapp preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: deletionPolicy: type: string displayName: description: The user-assigned display name of the App. type: string project: description: Immutable. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName type: object status: properties: appId: description: |- The globally unique, Firebase-assigned identifier of the App. This identifier should be treated as an opaque token, as the data format is not specified. type: string appUrls: description: The URLs where the 'WebApp' is hosted. items: type: string type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The fully qualified resource name of the App, for example: projects/projectId/webApps/appId. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: firestoreindexes.firestore.cnrm.cloud.google.com spec: group: firestore.cnrm.cloud.google.com names: categories: - gcp kind: FirestoreIndex plural: firestoreindexes shortNames: - gcpfirestoreindex - gcpfirestoreindexes singular: firestoreindex preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: collection: description: Immutable. The collection being indexed. type: string database: description: Immutable. The Firestore database id. Defaults to '"(default)"'. type: string fields: description: |- Immutable. The fields supported by this index. The last field entry is always for the field path '__name__'. If, on creation, '__name__' was not specified as the last field, it will be added automatically with the same direction as that of the last field defined. If the final field in a composite index is not directional, the '__name__' will be ordered '"ASCENDING"' (unless explicitly specified otherwise). items: properties: arrayConfig: description: |- Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["CONTAINS"]. type: string fieldPath: description: Immutable. Name of the field. type: string order: description: |- Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. type: string type: object type: array queryScope: description: 'Immutable. The scope at which a query is run. Default value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' type: string required: - collection - fields type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- A server defined name for this index. Format: 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: folders.resourcemanager.cnrm.cloud.google.com spec: group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp kind: Folder plural: folders shortNames: - gcpfolder - gcpfolders singular: folder preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - folderRef - required: - organizationRef - not: anyOf: - required: - folderRef - required: - organizationRef properties: displayName: description: The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. type: string folderRef: description: |- The folder that this resource belongs to. Changing this forces the resource to be migrated to the newly specified folder. Only one of folderRef or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `folderId` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object organizationRef: description: |- The organization that this resource belongs to. Changing this forces the resource to be migrated to the newly specified organization. Only one of folderRef or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: 'Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' type: string folderId: description: The folder id from the name "folders/{folder_id}". type: string lifecycleState: description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. type: string name: description: The resource name of the Folder. Its format is folders/{folder_id}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com spec: group: gkebackup.cnrm.cloud.google.com names: categories: - gcp kind: GKEBackupBackupPlan plural: gkebackupbackupplans shortNames: - gcpgkebackupbackupplan - gcpgkebackupbackupplans singular: gkebackupbackupplan preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: backupConfig: description: Defines the configuration of Backups created via this BackupPlan. properties: allNamespaces: description: If True, include all namespaced resources. type: boolean encryptionKey: description: |- This defines a customer managed encryption key that will be used to encrypt the "config" portion (the Kubernetes resources) of Backups created via this plan. properties: gcpKmsEncryptionKey: description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string required: - gcpKmsEncryptionKey type: object includeSecrets: description: |- This flag specifies whether Kubernetes Secret resources should be included when they fall into the scope of Backups. type: boolean includeVolumeData: description: |- This flag specifies whether volume data should be backed up when PVCs are included in the scope of a Backup. type: boolean selectedApplications: description: A list of namespaced Kubernetes Resources. properties: namespacedNames: description: A list of namespaced Kubernetes resources. items: properties: name: description: The name of a Kubernetes Resource. type: string namespace: description: The namespace of a Kubernetes Resource. type: string required: - name - namespace type: object type: array required: - namespacedNames type: object selectedNamespaces: description: If set, include just the resources in the listed namespaces. properties: namespaces: description: A list of Kubernetes Namespaces. items: type: string type: array required: - namespaces type: object type: object backupSchedule: description: Defines a schedule for automatic Backup creation via this BackupPlan. properties: cronSchedule: description: |- A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. If this is defined, then backupRetainDays must also be defined. type: string paused: description: This flag denotes whether automatic Backup creation is paused for this BackupPlan. type: boolean type: object cluster: description: Immutable. The source cluster from which Backups will be created via this BackupPlan. type: string deactivated: description: |- This flag indicates whether this BackupPlan has been deactivated. Setting this field to True locks the BackupPlan such that no further updates will be allowed (except deletes), including the deactivated field itself. It also prevents any new Backups from being created via this BackupPlan (including scheduled Backups). type: boolean description: description: User specified descriptive string for this BackupPlan. type: string location: description: Immutable. The region of the Backup Plan. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retentionPolicy: description: RetentionPolicy governs lifecycle of Backups created under this plan. properties: backupDeleteLockDays: description: |- Minimum age for a Backup created via this BackupPlan (in days). Must be an integer value between 0-90 (inclusive). A Backup created under this BackupPlan will not be deletable until it reaches Backup's (create time + backup_delete_lock_days). Updating this field of a BackupPlan does not affect existing Backups. Backups created after a successful update will inherit this new value. type: integer backupRetainDays: description: |- The default maximum age of a Backup created via this BackupPlan. This field MUST be an integer value >= 0 and <= 365. If specified, a Backup created under this BackupPlan will be automatically deleted after its age reaches (createTime + backupRetainDays). If not specified, Backups created under this BackupPlan will NOT be subject to automatic deletion. Updating this field does NOT affect existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. If cronSchedule is defined, then this must be <= 360 * the creation interval.]. type: integer locked: description: |- This flag denotes whether the retention policy of this BackupPlan is locked. If set to True, no further update is allowed on this policy, including the locked field itself. type: boolean type: object required: - cluster - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: |- etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a backup plan from overwriting each other. It is strongly suggested that systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates in order to avoid race conditions: An etag is returned in the response to backupPlans.get, and systems are expected to put that etag in the request to backupPlans.patch or backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer protectedPodCount: description: The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. type: integer uid: description: Server generated, unique identifier of UUID format. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: group: gkehub.cnrm.cloud.google.com names: categories: - gcp kind: GKEHubFeatureMembership plural: gkehubfeaturememberships shortNames: - gcpgkehubfeaturemembership - gcpgkehubfeaturememberships singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: configmanagement: description: Config Management-specific spec. properties: binauthz: description: Binauthz configuration for the cluster. properties: enabled: description: Whether binauthz is enabled in this cluster. type: boolean type: object configSync: description: Config Sync configuration for the cluster. properties: git: properties: gcpServiceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The GCP Service Account Email used for auth when secretType is gcpServiceAccount. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object httpsProxy: description: URL for the HTTPS proxy to be used when communicating with the Git repo. type: string policyDir: description: 'The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.' type: string secretType: description: Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. type: string syncBranch: description: 'The branch of the repository to sync from. Default: master.' type: string syncRepo: description: The URL of the Git repository to use as the source of truth. type: string syncRev: description: Git revision (tag or hash) to check out. Default HEAD. type: string syncWaitSecs: description: 'Period in seconds between consecutive syncs. Default: 15.' type: string type: object oci: properties: gcpServiceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: "The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. \n\nAllowed value: The `email` field of an `IAMServiceAccount` resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object policyDir: description: 'The absolute path of the directory that contains the local resources. Default: the root directory of the image.' type: string secretType: description: Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive. type: string syncRepo: description: The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. type: string syncWaitSecs: description: 'Period in seconds(int64 format) between consecutive syncs. Default: 15.' type: string type: object preventDrift: description: Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts. type: boolean sourceFormat: description: Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. type: string type: object hierarchyController: description: Hierarchy Controller configuration for the cluster. properties: enableHierarchicalResourceQuota: description: Whether hierarchical resource quota is enabled in this cluster. type: boolean enablePodTreeLabels: description: Whether pod tree labels are enabled in this cluster. type: boolean enabled: description: Whether Hierarchy Controller is enabled in this cluster. type: boolean type: object policyController: description: Policy Controller configuration for the cluster. properties: auditIntervalSeconds: description: Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. type: string enabled: description: Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. type: boolean exemptableNamespaces: description: The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. items: type: string type: array logDeniesEnabled: description: Logs all denies and dry run failures. type: boolean monitoring: description: 'Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", "prometheus"]' properties: backends: description: ' Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.' items: type: string type: array type: object mutationEnabled: description: Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. type: boolean referentialRulesEnabled: description: Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. type: boolean templateLibraryInstalled: description: Installs the default template library along with Policy Controller. type: boolean type: object version: description: Optional. Version of ACM to install. Defaults to the latest version. type: string type: object featureRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the feature Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: Immutable. The location of the feature type: string membershipRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the membership Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object mesh: description: Manage Mesh Features properties: controlPlane: description: '**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: description: 'Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project of the feature Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - featureRef - location - membershipRef - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: group: gkehub.cnrm.cloud.google.com names: categories: - gcp kind: GKEHubFeature plural: gkehubfeatures shortNames: - gcpgkehubfeature - gcpgkehubfeatures singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string spec: description: Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. properties: fleetobservability: description: Fleet Observability spec. properties: loggingConfig: description: Fleet Observability Logging-specific spec. properties: defaultConfig: description: Specified if applying the default routing config to logs not specified in other configs. properties: mode: description: 'The logs routing mode Possible values: MODE_UNSPECIFIED, COPY, MOVE' type: string type: object fleetScopeLogsConfig: description: Specified if applying the routing config to all logs for all fleet scopes. properties: mode: description: 'The logs routing mode Possible values: MODE_UNSPECIFIED, COPY, MOVE' type: string type: object type: object type: object multiclusteringress: description: Multicluster Ingress-specific spec. properties: configMembershipRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - configMembershipRef type: object type: object required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. When the Feature resource was created. format: date-time type: string deleteTime: description: Output only. When the Feature resource was deleted. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer resourceState: description: State of the Feature resource itself. properties: hasResources: description: Whether this Feature has outstanding resources that need to be cleaned up before it can be disabled. type: boolean state: description: 'The current state of the Feature resource in the Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, DISABLING, UPDATING, SERVICE_UPDATING' type: string type: object state: description: Output only. The Hub-wide Feature state properties: state: description: Output only. The "running state" of the Feature in this Hub. properties: code: description: 'The high-level, machine-readable status of this Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, ERROR' type: string description: description: A human-readable description of the current status. type: string updateTime: description: 'The time this status and any related Feature-specific details were updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' type: string type: object type: object updateTime: description: Output only. When the Feature resource was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: group: gkehub.cnrm.cloud.google.com names: categories: - gcp kind: GKEHubMembership plural: gkehubmemberships shortNames: - gcpgkehubmembership - gcpgkehubmemberships singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: authority: description: 'Optional. How to identify workloads from this Membership. See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: issuer: description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). type: string type: object description: description: 'Description of this membership, limited to 63 characters. Must match the regex: `*` This field is present for legacy purposes.' type: string endpoint: description: Optional. Endpoint information to reach this member. properties: gkeCluster: description: Optional. GKE-specific information. Only present if this Membership is a GKE cluster. properties: resourceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. Allowed value: The `selfLink` field of a `ContainerCluster` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object kubernetesResource: description: 'Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.' properties: membershipCrManifest: description: Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership. type: string resourceOptions: description: Optional. Options for Kubernetes resource generation. properties: connectVersion: description: Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected. type: string v1beta1Crd: description: Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16. type: boolean type: object type: object type: object externalId: description: 'Optional. An externally-generated and managed ID for this Membership. This ID may be modified after creation, but this is not recommended. The ID must match the regex: `*` If this Membership represents a Kubernetes cluster, this value should be set to the UID of the `kube-system` namespace object.' type: string infrastructureType: description: 'Optional. The infrastructure type this Membership is running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, MULTI_CLOUD' type: string location: description: Immutable. The location for the resource type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location type: object status: properties: authority: properties: identityProvider: description: Output only. An identity provider that reflects the `issuer` in the workload identity pool. type: string workloadIdentityPool: description: 'Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`, although this is subject to change in newer versions of this API.' type: string type: object conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. When the Membership was created. format: date-time type: string deleteTime: description: Output only. When the Membership was deleted. format: date-time type: string endpoint: properties: kubernetesMetadata: description: Output only. Useful Kubernetes-specific metadata. properties: kubernetesApiServerVersion: description: Output only. Kubernetes API server version string as reported by `/version`. type: string memoryMb: description: Output only. The total memory capacity as reported by the sum of all Kubernetes nodes resources, defined in MB. format: int64 type: integer nodeCount: description: Output only. Node count as reported by Kubernetes nodes resources. format: int64 type: integer nodeProviderId: description: Output only. Node providerID as reported by the first node in the list of nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-node clusters (like GKE-on-GCP), the node_count will be zero and the node_provider_id will be empty. type: string updateTime: description: Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers. format: date-time type: string vcpuCount: description: Output only. vCPU count as reported by Kubernetes nodes resources. format: int64 type: integer type: object kubernetesResource: properties: connectResources: description: Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask. items: properties: clusterScoped: description: Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster. type: boolean manifest: description: YAML manifest of the resource. type: string type: object type: array membershipResources: description: Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask. items: properties: clusterScoped: description: Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster. type: boolean manifest: description: YAML manifest of the resource. type: string type: object type: array type: object type: object lastConnectionTime: description: Output only. For clusters using Connect, the timestamp of the most recent connection established with Google Cloud. This time is updated every several minutes, not continuously. For clusters that do not use GKE Connect, or that have never connected successfully, this field will be unset. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: Output only. State of the Membership resource. properties: code: description: 'Output only. The current state of the Membership resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, DELETING, UPDATING, SERVICE_UPDATING' type: string type: object uniqueId: description: Output only. Google-generated UUID for this resource. This is unique across all Membership resources. If a Membership resource is deleted and another resource with the same name is created, it gets a different unique_id. type: string updateTime: description: Output only. When the Membership was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: group: healthcare.cnrm.cloud.google.com names: categories: - gcp kind: HealthcareConsentStore plural: healthcareconsentstores shortNames: - gcphealthcareconsentstore - gcphealthcareconsentstores singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataset: description: |- Immutable. Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string defaultConsentTtl: description: |- Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string enableConsentCreateOnUpdate: description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - dataset type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: group: healthcare.cnrm.cloud.google.com names: categories: - gcp kind: HealthcareDataset plural: healthcaredatasets shortNames: - gcphealthcaredataset - gcphealthcaredatasets singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: Immutable. The location for the Dataset. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string timeZone: description: |- The default timezone used by this dataset. Must be a either a valid IANA time zone name such as "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources (e.g., HL7 messages) where no explicit timezone is specified. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The fully qualified name of this dataset. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: group: healthcare.cnrm.cloud.google.com names: categories: - gcp kind: HealthcareDICOMStore plural: healthcaredicomstores shortNames: - gcphealthcaredicomstore - gcphealthcaredicomstores singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataset: description: |- Immutable. Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string notificationConfig: description: A nested object resource. properties: pubsubTopic: description: |- The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string required: - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string streamConfigs: description: |- To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. items: properties: bigqueryDestination: description: BigQueryDestination to include a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. properties: tableUri: description: a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. type: string required: - tableUri type: object required: - bigqueryDestination type: object type: array required: - dataset type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The fully qualified name of this dataset. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: group: healthcare.cnrm.cloud.google.com names: categories: - gcp kind: HealthcareFHIRStore plural: healthcarefhirstores shortNames: - gcphealthcarefhirstore - gcphealthcarefhirstores singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataset: description: |- Immutable. Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string disableReferentialIntegrity: description: |- Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API will enforce referential integrity and fail the requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API will skip referential integrity check. Consequently, operations that rely on references, such as Patient.get$everything, will not return all the results if broken references exist. ** Changing this property may recreate the FHIR store (removing all data) **. type: boolean disableResourceVersioning: description: |- Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, which is the default behavior, all write operations will cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for attempts to read the historical versions. ** Changing this property may recreate the FHIR store (removing all data) **. type: boolean enableHistoryImport: description: |- Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource versions into the FHIR store. Importing resource histories creates resource interactions that appear to have occurred in the past, which clients may not want to allow. If set to false, history bundles within an import will fail with an error. ** Changing this property may recreate the FHIR store (removing all data) ** ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. type: boolean enableUpdateCreate: description: |- Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub notifications. type: boolean notificationConfig: description: A nested object resource. properties: pubsubTopic: description: |- The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string required: - pubsubTopic type: object notificationConfigs: description: A list of notifcation configs that configure the notification for every resource mutation in this FHIR store. items: properties: pubsubTopic: description: |- The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string sendFullResource: description: |- Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. Note that setting this to true does not guarantee that all resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full resource as a separate operation. type: boolean required: - pubsubTopic type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string streamConfigs: description: |- A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: bigqueryDestination: description: |- The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: datasetUri: description: BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId. type: string schemaConfig: description: The configuration for the exported BigQuery schema. properties: recursiveStructureDepth: description: |- The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default value 2. The maximum depth allowed is 5. type: integer schemaType: description: |- Specifies the output schema type. * ANALYTICS: Analytics schema defined by the FHIR community. See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. type: string required: - recursiveStructureDepth type: object required: - datasetUri - schemaConfig type: object resourceTypes: description: |- Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store. items: type: string type: array required: - bigqueryDestination type: object type: array version: description: 'Immutable. The FHIR specification version. Default value: "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - dataset type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The fully qualified name of this dataset. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: group: healthcare.cnrm.cloud.google.com names: categories: - gcp kind: HealthcareHL7V2Store plural: healthcarehl7v2stores shortNames: - gcphealthcarehl7v2store - gcphealthcarehl7v2stores singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dataset: description: |- Immutable. Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string notificationConfig: description: DEPRECATED. This field has been replaced by notificationConfigs. A nested object resource. properties: pubsubTopic: description: |- The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string required: - pubsubTopic type: object notificationConfigs: description: |- A list of notification configs. Each configuration uses a filter to determine whether to publish a message (both Ingest & Create) on the corresponding notification destination. Only the message name is sent as part of the notification. Supplied by the client. items: properties: filter: description: |- Restricts notifications sent for messages matching a filter. If this is empty, all messages are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings Fields/functions available for filtering are: * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. type: string pubsubTopic: description: |- The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string required: - pubsubTopic type: object type: array parserConfig: description: A nested object resource. properties: allowNullHeader: description: Determines whether messages with no header are allowed. type: boolean schema: description: |- JSON encoded string for schemas used to parse messages in this store if schematized parsing is desired. type: string segmentTerminator: description: |- Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. A base64-encoded string. type: string version: description: 'Immutable. The version of the unschematized parser to be used when a custom ''schema'' is not set. Default value: "V1" Possible values: ["V1", "V2", "V3"].' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - dataset type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The fully qualified name of this dataset. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMAccessBoundaryPolicy plural: iamaccessboundarypolicies shortNames: - gcpiamaccessboundarypolicy - gcpiamaccessboundarypolicies singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The display name of the rule. type: string projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Rules to be applied. items: properties: accessBoundaryRule: description: An access boundary rule in an IAM policy. properties: availabilityCondition: description: The availability condition further constrains the access allowed by the access boundary rule. properties: description: description: |- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: |- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: |- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string required: - expression type: object availablePermissions: description: A list of permissions that may be allowed for use on the specified resource. items: type: string type: array availableResource: description: The full resource name of a Google Cloud resource entity. type: string type: object description: description: The description of the rule. type: string type: object type: array required: - projectRef - rules type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" name: iamauditconfigs.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMAuditConfig plural: iamauditconfigs shortNames: - gcpiamauditconfig - gcpiamauditconfigs singular: iamauditconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: description: IAMAuditConfig is the schema for the IAM audit logging API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. properties: auditLogConfigs: description: Required. The configuration for logging of each type of permission. items: properties: exemptedMembers: description: Identities that do not cause logging for this type of permission. The format is the same as that for 'members' in IAMPolicy/IAMPolicyMember. items: type: string type: array logType: description: Permission type for which logging is to be configured. Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ type: string required: - logType type: object type: array resourceRef: description: Immutable. Required. The GCP resource to set the IAMAuditConfig on (e.g. project). properties: apiVersion: type: string external: type: string kind: type: string name: type: string namespace: type: string required: - kind type: object service: description: 'Immutable. Required. The service for which to enable Data Access audit logs. The special value ''allServices'' covers all services. Note that if there are audit configs covering both ''allServices'' and a specific service, then the union of the two audit configs is used for that service: the ''logTypes'' specified in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' type: string required: - auditLogConfigs - resourceRef - service type: object status: description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: description: Conditions represent the latest available observations of the IAMAuditConfig's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: iamcustomroles.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMCustomRole plural: iamcustomroles shortNames: - gcpiamcustomrole - gcpiamcustomroles singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description for the role. type: string permissions: description: The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified. items: type: string type: array resourceID: description: Immutable. Optional. The roleId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string stage: description: The current launch stage of the role. Defaults to GA. type: string title: description: A human-readable title for the role. type: string required: - permissions - title type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array deleted: description: The current deleted state of the role. type: boolean name: description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" name: iampartialpolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMPartialPolicy plural: iampartialpolicies shortNames: - gcpiampartialpolicy - gcpiampartialpolicies singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: bindings: description: Optional. The list of IAM bindings managed by Config Connector. items: description: Specifies the members to bind to an IAM role. properties: condition: description: Optional. The condition under which the binding applies. properties: description: type: string expression: type: string title: type: string required: - expression - title type: object members: description: Optional. The list of IAM users to be bound to the role. items: oneOf: - required: - member - required: - memberFrom properties: member: description: The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used. type: string memberFrom: description: The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used, and only one subfield within 'memberFrom' can be used. oneOf: - required: - logSinkRef - required: - serviceAccountRef - required: - serviceIdentityRef - required: - sqlInstanceRef properties: logSinkRef: description: The LoggingLogSink whose writer identity (i.e. its 'status.writerIdentity') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object serviceAccountRef: description: The IAMServiceAccount to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object serviceIdentityRef: description: The ServiceIdentity whose service account (i.e., its 'status.email') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object sqlInstanceRef: description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object type: object type: object type: array role: description: Required. The role to bind the users to. pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - role type: object type: array resourceRef: description: Immutable. Required. The GCP resource to set the IAM policy on. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external - not: anyOf: - required: - name - required: - namespace - required: - apiVersion - required: - external properties: apiVersion: type: string external: type: string kind: type: string name: type: string namespace: type: string required: - kind type: object required: - resourceRef type: object status: description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: allBindings: description: AllBindings surfaces all IAM bindings for the referenced resource. items: description: Specifies the members to bind to an IAM role. properties: condition: description: Optional. The condition under which the binding applies. properties: description: type: string expression: type: string title: type: string required: - expression - title type: object members: description: Optional. The list of IAM users to be bound to the role. items: type: string type: array role: description: Required. The role to bind the users to. type: string required: - role type: object type: array conditions: description: Conditions represent the latest available observations of the IAM policy's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array lastAppliedBindings: description: LastAppliedBindings is the list of IAM bindings that were most recently applied by Config Connector. items: description: Specifies the members to bind to an IAM role. properties: condition: description: Optional. The condition under which the binding applies. properties: description: type: string expression: type: string title: type: string required: - expression - title type: object members: description: Optional. The list of IAM users to be bound to the role. items: type: string type: array role: description: Required. The role to bind the users to. type: string required: - role type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMPolicy plural: iampolicies shortNames: - gcpiampolicy - gcpiampolicies singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IAMPolicySpec defines the desired state of IAMPolicy properties: auditConfigs: description: Optional. The list of IAM audit configs. items: description: Specifies the Cloud Audit Logs configuration for the IAM policy. properties: auditLogConfigs: description: Required. The configuration for logging of each type of permission. items: properties: exemptedMembers: description: Identities that do not cause logging for this type of permission. The format is the same as that for 'members' in IAMPolicy/IAMPolicyMember. items: type: string type: array logType: description: Permission type for which logging is to be configured. Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ type: string required: - logType type: object type: array service: description: 'Required. The service for which to enable Data Access audit logs. The special value ''allServices'' covers all services. Note that if there are audit configs covering both ''allServices'' and a specific service, then the union of the two audit configs is used for that service: the ''logTypes'' specified in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' type: string required: - auditLogConfigs - service type: object type: array bindings: description: Optional. The list of IAM bindings. items: description: Specifies the members to bind to an IAM role. properties: condition: description: Optional. The condition under which the binding applies. properties: description: type: string expression: type: string title: type: string required: - expression - title type: object members: description: Optional. The list of IAM users to be bound to the role. items: type: string type: array role: description: Required. The role to bind the users to. pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - role type: object type: array resourceRef: description: Immutable. Required. The GCP resource to set the IAM policy on. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external - not: anyOf: - required: - name - required: - namespace - required: - apiVersion - required: - external properties: apiVersion: type: string external: type: string kind: type: string name: type: string namespace: type: string required: - kind type: object required: - resourceRef type: object status: description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: description: Conditions represent the latest available observations of the IAM policy's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMPolicyMember plural: iampolicymembers shortNames: - gcpiampolicymember - gcpiampolicymembers singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember oneOf: - required: - member - required: - memberFrom properties: condition: description: Immutable. Optional. The condition under which the binding applies. properties: description: type: string expression: type: string title: type: string required: - expression - title type: object member: description: Immutable. The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used. type: string memberFrom: description: Immutable. The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used, and only one subfield within 'memberFrom' can be used. oneOf: - required: - logSinkRef - required: - serviceAccountRef - required: - serviceIdentityRef - required: - sqlInstanceRef properties: logSinkRef: description: The LoggingLogSink whose writer identity (i.e. its 'status.writerIdentity') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object serviceAccountRef: description: The IAMServiceAccount to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object serviceIdentityRef: description: The ServiceIdentity whose service account (i.e., its 'status.email') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object sqlInstanceRef: description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') is to be bound to the role. properties: name: type: string namespace: type: string required: - name type: object type: object resourceRef: description: Immutable. Required. The GCP resource to set the IAM policy on. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external - not: anyOf: - required: - name - required: - namespace - required: - apiVersion - required: - external properties: apiVersion: type: string external: type: string kind: type: string name: type: string namespace: type: string required: - kind type: object role: description: Immutable. Required. The role for which the Member will be bound. pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - resourceRef - role type: object status: description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations of the IAM policy's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMServiceAccountKey plural: iamserviceaccountkeys shortNames: - gcpiamserviceaccountkey - gcpiamserviceaccountkeys singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: keyAlgorithm: description: 'Immutable. The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string privateKeyType: description: Immutable. type: string publicKeyData: description: Immutable. A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM. type: string publicKeyType: description: Immutable. type: string serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - serviceAccountRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: Immutable. The name used for this key pair. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer privateKey: description: The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key. type: string publicKey: description: Immutable. The public key, base64 encoded. type: string validAfter: description: 'The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' type: string validBefore: description: 'The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMServiceAccount plural: iamserviceaccounts shortNames: - gcpiamserviceaccount - gcpiamserviceaccounts singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A text description of the service account. Must be less than or equal to 256 UTF-8 bytes. type: string disabled: description: Whether the service account is disabled. Defaults to false. type: boolean displayName: description: The display name for the service account. Can be updated without creating a new resource. type: string resourceID: description: Immutable. Optional. The accountId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array email: description: The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges. type: string member: description: The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions. type: string name: description: The fully-qualified name of the service account. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer uniqueId: description: The unique id of the service account. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMWorkforcePoolProvider plural: iamworkforcepoolproviders shortNames: - gcpiamworkforcepoolprovider - gcpiamworkforcepoolproviders singular: iamworkforcepoolprovider preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attributeCondition: description: 'A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ``` "''admins'' in google.groups" ```' type: string attributeMapping: additionalProperties: type: string description: 'Required. Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user''s thumbnail photo. This is an optional field. When set, the image will be visible as the user''s profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example:' type: object description: description: A user-specified description of the provider. Cannot exceed 256 characters. type: string disabled: description: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. type: boolean displayName: description: A user-specified display name for the provider. Cannot exceed 32 characters. type: string location: description: Immutable. The location for the resource type: string oidc: description: An OpenId Connect 1.0 identity provider configuration. properties: clientId: description: Required. The client ID. Must match the audience claim of the JWT issued by the identity provider. type: string issuerUri: description: Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme. type: string webSsoConfig: description: Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. properties: assertionClaimsBehavior: description: 'Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. Possible values: ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED, ONLY_ID_TOKEN_CLAIMS' type: string responseType: description: 'Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. Possible values: RESPONSE_TYPE_UNSPECIFIED, ID_TOKEN' type: string required: - assertionClaimsBehavior - responseType type: object required: - clientId - issuerUri - webSsoConfig type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string saml: description: A SAML identity provider configuration. properties: idpMetadataXml: description: 'Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider''s metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.' type: string required: - idpMetadataXml type: object workforcePoolRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The workforce_pool for the resource Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - attributeMapping - location - workforcePoolRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The state of the provider. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMWorkforcePool plural: iamworkforcepools shortNames: - gcpiamworkforcepool - gcpiamworkforcepools singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A user-specified description of the pool. Cannot exceed 256 characters. type: string disabled: description: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: description: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. type: string location: description: Immutable. The location for the resource type: string organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [organizationRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string sessionDuration: description: How long the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials will have a default duration of one hour (3600s). type: string required: - location - organizationRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: 'Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`' type: string state: description: 'Output only. The state of the pool. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMWorkloadIdentityPoolProvider plural: iamworkloadidentitypoolproviders shortNames: - gcpiamworkloadidentitypoolprovider - gcpiamworkloadidentitypoolproviders singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: attributeCondition: description: '[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ``` "''admins'' in google.groups" ```' type: string attributeMapping: additionalProperties: type: string description: 'Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ``` { "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", } ``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ``` {"google.subject": "assertion.sub"} ```' type: object aws: description: An Amazon Web Services identity provider. properties: accountId: description: Required. The AWS account ID. type: string stsUri: description: A list of AWS STS URIs that can be used when exchanging credentials. If not provided, any valid AWS STS URI is allowed. URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, where {region} is a valid AWS region. You can specify a maximum of 25 URIs. items: type: string type: array required: - accountId type: object description: description: A description for the provider. Cannot exceed 256 characters. type: string disabled: description: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. type: boolean displayName: description: A display name for the provider. Cannot exceed 32 characters. type: string location: description: Immutable. The location for the resource type: string oidc: description: An OpenId Connect 1.0 identity provider. properties: allowedAudiences: description: 'Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ ```' items: type: string type: array issuerUri: description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. type: string required: - issuerUri type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string workloadIdentityPoolRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The workloadIdentityPool for the resource Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - location - projectRef - workloadIdentityPoolRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The state of the provider. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp kind: IAMWorkloadIdentityPool plural: iamworkloadidentitypools shortNames: - gcpiamworkloadidentitypool - gcpiamworkloadidentitypools singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A description of the pool. Cannot exceed 256 characters. type: string disabled: description: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: description: A display name for the pool. Cannot exceed 32 characters. type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The state of the pool. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iapbrands.iap.cnrm.cloud.google.com spec: group: iap.cnrm.cloud.google.com names: categories: - gcp kind: IAPBrand plural: iapbrands shortNames: - gcpiapbrand - gcpiapbrands singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: applicationTitle: description: Immutable. Application name displayed on OAuth consent screen. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string supportEmail: description: Immutable. Support email displayed on the OAuth consent screen. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer orgInternalOnly: description: Output only. Whether the brand is only intended for usage inside the G Suite organization only. type: boolean type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: group: iap.cnrm.cloud.google.com names: categories: - gcp kind: IAPIdentityAwareProxyClient plural: iapidentityawareproxyclients shortNames: - gcpiapidentityawareproxyclient - gcpiapidentityawareproxyclients singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: brandRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The brand for the resource Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object displayName: description: Immutable. Human-friendly name given to the OAuth client. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - brandRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer secret: description: Output only. Client secret of the OAuth client. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformConfig plural: identityplatformconfigs shortNames: - gcpidentityplatformconfig - gcpidentityplatformconfigs singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: authorizedDomains: description: List of domains authorized for OAuth redirects items: type: string type: array blockingFunctions: description: Configuration related to blocking functions. properties: triggers: additionalProperties: properties: functionUriRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- HTTP URI trigger for the Cloud Function. Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object updateTime: description: When the trigger was changed. format: date-time type: string type: object description: 'Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn"' type: object type: object client: description: Options related to how clients making requests on behalf of a project should be configured. properties: permissions: description: Configuration related to restricting a user's ability to affect their account. properties: disabledUserDeletion: description: When true, end users cannot delete their account on the associated project through any of our API methods type: boolean disabledUserSignup: description: When true, end users cannot sign up for a new account on the associated project through any of our API methods type: boolean type: object type: object mfa: description: Configuration for this project's multi-factor authentication, including whether it is active and what factors can be used for the second factor properties: state: description: 'Whether MultiFactor Authentication has been enabled for this project. Possible values: STATE_UNSPECIFIED, DISABLED, ENABLED, MANDATORY' type: string type: object monitoring: description: Configuration related to monitoring project activity. properties: requestLogging: description: Configuration for logging requests made to this project to Stackdriver Logging properties: enabled: description: Whether logging is enabled for this project or not. type: boolean type: object type: object multiTenant: description: Configuration related to multi-tenant functionality. properties: allowTenants: description: Whether this project can have tenants or not. type: boolean defaultTenantLocationRef: oneOf: - not: required: - external required: - name - kind - not: anyOf: - required: - name - required: - namespace - required: - kind required: - external properties: external: description: |- The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. Allowed values: * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string kind: description: 'Kind of the referent. Allowed values: Folder' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object notification: description: Configuration related to sending notifications to users. properties: defaultLocale: description: Default locale used for email and SMS in IETF BCP 47 format. type: string sendEmail: description: Options for email sending. properties: callbackUri: description: action url in email template. type: string changeEmailTemplate: description: Email template for change email properties: body: description: Immutable. Email body type: string bodyFormat: description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML' type: string replyTo: description: Reply-to address type: string senderDisplayName: description: Sender display name type: string senderLocalPart: description: Local part of From address type: string subject: description: Subject of the email type: string type: object dnsInfo: description: Information of custom domain DNS verification. properties: useCustomDomain: description: Whether to use custom domain. type: boolean type: object method: description: 'The method used for sending an email. Possible values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' type: string resetPasswordTemplate: description: Email template for reset password properties: body: description: Email body type: string bodyFormat: description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML' type: string replyTo: description: Reply-to address type: string senderDisplayName: description: Sender display name type: string senderLocalPart: description: Local part of From address type: string subject: description: Subject of the email type: string type: object revertSecondFactorAdditionTemplate: description: Email template for reverting second factor addition emails properties: body: description: Immutable. Email body type: string bodyFormat: description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML' type: string replyTo: description: Reply-to address type: string senderDisplayName: description: Sender display name type: string senderLocalPart: description: Local part of From address type: string subject: description: Subject of the email type: string type: object smtp: description: Use a custom SMTP relay properties: host: description: SMTP relay host type: string password: description: SMTP relay password oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object port: description: SMTP relay port format: int64 type: integer securityMode: description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, SSL, START_TLS' type: string senderEmail: description: Sender email for the SMTP relay type: string username: description: SMTP relay username type: string type: object verifyEmailTemplate: description: Email template for verify email properties: body: description: Immutable. Email body type: string bodyFormat: description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML' type: string replyTo: description: Reply-to address type: string senderDisplayName: description: Sender display name type: string senderLocalPart: description: Local part of From address type: string subject: description: Subject of the email type: string type: object type: object sendSms: description: Options for SMS sending. properties: useDeviceLocale: description: Whether to use the accept_language header for SMS. type: boolean type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object quota: description: Configuration related to quotas. properties: signUpQuotaConfig: description: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. properties: quota: description: Corresponds to the 'refill_token_count' field in QuotaServer config format: int64 type: integer quotaDuration: description: How long this quota will be active for type: string startTime: description: When this quota will take affect format: date-time type: string type: object type: object signIn: description: Configuration related to local sign in methods. properties: allowDuplicateEmails: description: Whether to allow more than one account to have the same email. type: boolean anonymous: description: Configuration options related to authenticating an anonymous user. properties: enabled: description: Whether anonymous user auth is enabled for the project or not. type: boolean type: object email: description: Configuration options related to authenticating a user by their email address. properties: enabled: description: Whether email auth is enabled for the project or not. type: boolean passwordRequired: description: Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link. type: boolean type: object phoneNumber: description: Configuration options related to authenticated a user by their phone number. properties: enabled: description: Whether phone number auth is enabled for the project or not. type: boolean testPhoneNumbers: additionalProperties: type: string description: A map of that can be used for phone auth testing. type: object type: object type: object required: - projectRef type: object status: properties: client: properties: apiKey: description: Output only. API key that can be used when making requests for this project. type: string firebaseSubdomain: description: Output only. Firebase subdomain. type: string type: object conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array notification: properties: sendEmail: properties: changeEmailTemplate: properties: customized: description: Output only. Whether the body or subject of the email is customized. type: boolean type: object dnsInfo: properties: customDomain: description: Output only. The applied verified custom domain. type: string customDomainState: description: 'Output only. The current verification state of the custom domain. The custom domain will only be used once the domain verification is successful. Possible values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, IN_PROGRESS, FAILED, SUCCEEDED' type: string domainVerificationRequestTime: description: Output only. The timestamp of initial request for the current domain verification. format: date-time type: string pendingCustomDomain: description: Output only. The custom domain that's to be verified. type: string type: object resetPasswordTemplate: properties: customized: description: Output only. Whether the body or subject of the email is customized. type: boolean type: object revertSecondFactorAdditionTemplate: properties: customized: description: Output only. Whether the body or subject of the email is customized. type: boolean type: object verifyEmailTemplate: properties: customized: description: Output only. Whether the body or subject of the email is customized. type: boolean type: object type: object sendSms: properties: smsTemplate: description: Output only. The template to use when sending an SMS. properties: content: description: 'Output only. The SMS''s content. Can contain the following placeholders which will be replaced with the appropriate values: %APP_NAME% - For Android or iOS apps, the app''s display name. For web apps, the domain hosting the application. %LOGIN_CODE% - The OOB code being sent in the SMS.' type: string type: object type: object type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer signIn: properties: email: properties: hashConfig: description: Output only. Hash config information. properties: algorithm: description: 'Output only. Different password hash algorithms used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, STANDARD_SCRYPT' type: string memoryCost: description: Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. format: int64 type: integer rounds: description: Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. format: int64 type: integer saltSeparator: description: Output only. Non-printable character to be inserted between the salt and plain text password in base64. type: string signerKey: description: Output only. Signer key in base64. type: string type: object type: object hashConfig: description: Output only. Hash config information. properties: algorithm: description: 'Output only. Different password hash algorithms used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, STANDARD_SCRYPT' type: string memoryCost: description: Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. format: int64 type: integer rounds: description: Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. format: int64 type: integer saltSeparator: description: Output only. Non-printable character to be inserted between the salt and plain text password in base64. type: string signerKey: description: Output only. Signer key in base64. type: string type: object type: object subtype: description: 'Output only. The subtype of this config. Possible values: SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformDefaultSupportedIDPConfig plural: identityplatformdefaultsupportedidpconfigs shortNames: - gcpidentityplatformdefaultsupportedidpconfig - gcpidentityplatformdefaultsupportedidpconfigs singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clientId: description: OAuth client ID. type: string clientSecret: description: OAuth client secret. type: string enabled: description: If this IDP allows the user to sign in. type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The idpId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - clientId - clientSecret - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The name of the DefaultSupportedIdpConfig resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformInboundSAMLConfig plural: identityplatforminboundsamlconfigs shortNames: - gcpidentityplatforminboundsamlconfig - gcpidentityplatforminboundsamlconfigs singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Human friendly display name. type: string enabled: description: If this config allows users to sign in with the provider. type: boolean idpConfig: description: SAML IdP configuration when the project acts as the relying party. properties: idpCertificates: description: The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. items: properties: x509Certificate: description: The IdP's x509 certificate. type: string type: object type: array idpEntityId: description: Unique identifier for all SAML entities. type: string signRequest: description: Indicates if outbounding SAMLRequest should be signed. type: boolean ssoUrl: description: URL to send Authentication request to. type: string required: - idpCertificates - idpEntityId - ssoUrl type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string spConfig: description: |- SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider. properties: callbackUri: description: Callback URI where responses from IDP are handled. Must start with 'https://'. type: string spCertificates: description: The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. items: properties: x509Certificate: description: The x509 certificate. type: string type: object type: array spEntityId: description: Unique identifier for all SAML entities. type: string type: object required: - displayName - idpConfig - projectRef - spConfig type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformOAuthIDPConfig plural: identityplatformoauthidpconfigs shortNames: - gcpidentityplatformoauthidpconfig - gcpidentityplatformoauthidpconfigs singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clientId: description: The client id of an OAuth client. type: string clientSecret: description: The client secret of the OAuth client, to enable OIDC code flow. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object displayName: description: The config's display name set by developers. type: string enabled: description: True if allows the user to sign in with the provider. type: boolean issuer: description: For OIDC Idps, the issuer identifier. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string responseType: description: 'The multiple response type to request for in the OAuth authorization flow. This can possibly be a combination of set bits (e.g.: {id\_token, token}).' properties: code: description: If true, authorization code is returned from IdP's authorization endpoint. type: boolean idToken: description: If true, ID token is returned from IdP's authorization endpoint. type: boolean token: description: If true, access token is returned from IdP's authorization endpoint. type: boolean type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformProjectDefaultConfig plural: identityplatformprojectdefaultconfigs shortNames: - gcpidentityplatformprojectdefaultconfig - gcpidentityplatformprojectdefaultconfigs singular: identityplatformprojectdefaultconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string signIn: description: Configuration related to local sign in methods. properties: allowDuplicateEmails: description: Whether to allow more than one account to have the same email. type: boolean anonymous: description: Configuration options related to authenticating an anonymous user. properties: enabled: description: Whether anonymous user auth is enabled for the project or not. type: boolean required: - enabled type: object email: description: Configuration options related to authenticating a user by their email address. properties: enabled: description: Whether email auth is enabled for the project or not. type: boolean passwordRequired: description: |- Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link. type: boolean type: object hashConfig: description: Output only. Hash config information. items: properties: algorithm: description: Different password hash algorithms used in Identity Toolkit. type: string memoryCost: description: Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. type: integer rounds: description: How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. type: integer saltSeparator: description: Non-printable character to be inserted between the salt and plain text password in base64. type: string signerKey: description: Signer key in base64. type: string type: object type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. properties: enabled: description: Whether phone number auth is enabled for the project or not. type: boolean testPhoneNumbers: additionalProperties: type: string description: A map of that can be used for phone auth testing. type: object type: object type: object required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformTenantDefaultSupportedIDPConfig plural: identityplatformtenantdefaultsupportedidpconfigs shortNames: - gcpidentityplatformtenantdefaultsupportedidpconfig - gcpidentityplatformtenantdefaultsupportedidpconfigs singular: identityplatformtenantdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clientId: description: OAuth client ID. type: string clientSecret: description: OAuth client secret. type: string enabled: description: If this IDP allows the user to sign in. type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The idpId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string tenant: description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig resource exists. type: string required: - clientId - clientSecret - projectRef - tenant type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The name of the default supported IDP config resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformTenantInboundSAMLConfig plural: identityplatformtenantinboundsamlconfigs shortNames: - gcpidentityplatformtenantinboundsamlconfig - gcpidentityplatformtenantinboundsamlconfigs singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Human friendly display name. type: string enabled: description: If this config allows users to sign in with the provider. type: boolean idpConfig: description: SAML IdP configuration when the project acts as the relying party. properties: idpCertificates: description: The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. items: properties: x509Certificate: description: The x509 certificate. type: string type: object type: array idpEntityId: description: Unique identifier for all SAML entities. type: string signRequest: description: Indicates if outbounding SAMLRequest should be signed. type: boolean ssoUrl: description: URL to send Authentication request to. type: string required: - idpCertificates - idpEntityId - ssoUrl type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string spConfig: description: |- SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider. properties: callbackUri: description: Callback URI where responses from IDP are handled. Must start with 'https://'. type: string spCertificates: description: The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. items: properties: x509Certificate: description: The x509 certificate. type: string type: object type: array spEntityId: description: Unique identifier for all SAML entities. type: string required: - callbackUri - spEntityId type: object tenant: description: Immutable. The name of the tenant where this inbound SAML config resource exists. type: string required: - displayName - idpConfig - projectRef - spConfig - tenant type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformTenantOAuthIDPConfig plural: identityplatformtenantoauthidpconfigs shortNames: - gcpidentityplatformtenantoauthidpconfig - gcpidentityplatformtenantoauthidpconfigs singular: identityplatformtenantoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clientId: description: The client id of an OAuth client. type: string clientSecret: description: The client secret of the OAuth client, to enable OIDC code flow. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object displayName: description: The config's display name set by developers. type: string enabled: description: True if allows the user to sign in with the provider. type: boolean issuer: description: For OIDC Idps, the issuer identifier. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string responseType: description: 'The multiple response type to request for in the OAuth authorization flow. This can possibly be a combination of set bits (e.g.: {id\_token, token}).' properties: code: description: If true, authorization code is returned from IdP's authorization endpoint. type: boolean idToken: description: If true, ID token is returned from IdP's authorization endpoint. type: boolean token: description: If true, access token is returned from IdP's authorization endpoint. type: boolean type: object tenantRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The tenant for the resource Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - tenantRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: identityplatformtenants.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp kind: IdentityPlatformTenant plural: identityplatformtenants shortNames: - gcpidentityplatformtenant - gcpidentityplatformtenants singular: identityplatformtenant preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: allowPasswordSignup: description: Whether to allow email/password user authentication. type: boolean disableAuth: description: Whether authentication is disabled for the tenant. If true, the users under the disabled tenant are not allowed to sign-in. Admins of the disabled tenant are not able to manage its users. type: boolean displayName: description: Display name of the tenant. type: string enableAnonymousUser: description: Whether to enable anonymous user authentication. type: boolean enableEmailLinkSignin: description: Whether to enable email link user authentication. type: boolean mfaConfig: description: The tenant-level configuration of MFA options. properties: enabledProviders: description: A list of usable second factors for this project. items: type: string type: array state: description: 'Whether MultiFactor Authentication has been enabled for this project. Possible values: STATE_UNSPECIFIED, DISABLED, ENABLED, MANDATORY' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string testPhoneNumbers: additionalProperties: type: string description: A map of pairs that can be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) and a maximum of 10 pairs can be added (error will be thrown once exceeded). type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: kmscryptokeys.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp kind: KMSCryptoKey plural: kmscryptokeys shortNames: - gcpkmscryptokey - gcpkmscryptokeys singular: kmscryptokey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: destroyScheduledDuration: description: |- Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours. type: string importOnly: description: Immutable. Whether this key may contain imported versions only. type: boolean keyRingRef: description: The KMSKeyRing that this key belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object purpose: description: |- Immutable. The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. Default value is "ENCRYPT_DECRYPT". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rotationPeriod: description: |- Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400). type: string skipInitialVersionCreation: description: |- Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion. type: boolean versionTemplate: description: A template describing settings for new crypto key versions. properties: algorithm: description: |- The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. type: string protectionLevel: description: Immutable. The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". type: string required: - algorithm type: object required: - keyRingRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: kmscryptokeyversions.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp kind: KMSCryptoKeyVersion plural: kmscryptokeyversions shortNames: - gcpkmscryptokeyversion - gcpkmscryptokeyversions singular: kmscryptokeyversion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cryptoKey: description: |- Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string state: description: 'The current state of the CryptoKeyVersion. Possible values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' type: string required: - cryptoKey type: object status: properties: algorithm: description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. type: string attestation: description: |- Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. items: properties: certChains: description: The certificate chains needed to validate the attestation. properties: caviumCerts: description: Cavium certificate chain corresponding to the attestation. type: string googleCardCerts: description: Google card certificate chain corresponding to the attestation. type: string googlePartitionCerts: description: Google partition certificate chain corresponding to the attestation. type: string type: object content: description: The attestation data provided by the HSM when the key operation was performed. type: string externalProtectionLevelOptions: description: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. properties: ekmConnectionKeyPath: description: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. type: string externalKeyUri: description: The URI for an external resource that this CryptoKeyVersion represents. type: string type: object format: description: The format of the attestation data. type: string type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array generateTime: description: The time this CryptoKeyVersion key material was generated. type: string name: description: The resource name for this CryptoKeyVersion. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer protectionLevel: description: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: kmskeyringimportjobs.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp kind: KMSKeyRingImportJob plural: kmskeyringimportjobs shortNames: - gcpkmskeyringimportjob - gcpkmskeyringimportjobs singular: kmskeyringimportjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: importJobId: description: Immutable. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}. type: string importMethod: description: 'Immutable. The wrapping method to be used for incoming key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' type: string keyRing: description: |- Immutable. The KeyRing that this import job belongs to. Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. type: string protectionLevel: description: |- Immutable. The protection level of the ImportJob. This must match the protectionLevel of the versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - importJobId - importMethod - keyRing - protectionLevel type: object status: properties: attestation: description: |- Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. items: properties: content: description: |- The attestation data provided by the HSM when the key operation was performed. A base64-encoded string. type: string format: description: The format of the attestation data. type: string type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array expireTime: description: |- The time at which this resource is scheduled for expiration and can no longer be used. This is in RFC3339 text format. type: string name: description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer publicKey: description: The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'. items: properties: pem: description: |- The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. type: string type: object type: array state: description: The current state of the ImportJob, indicating if it can be used. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: kmskeyrings.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp kind: KMSKeyRing plural: kmskeyrings shortNames: - gcpkmskeyring - gcpkmskeyrings singular: kmskeyring preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: |- Immutable. The location for the KeyRing. A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp kind: KMSSecretCiphertext plural: kmssecretciphertexts shortNames: - gcpkmssecretciphertext - gcpkmssecretciphertexts singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: additionalAuthenticatedData: description: Immutable. The additional authenticated data used for integrity checks during encryption and decryption. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object cryptoKey: description: |- Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string plaintext: description: Immutable. The plaintext to be encrypted. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object resourceID: description: Immutable. Optional. The service-generated ciphertext of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - cryptoKey - plaintext type: object status: properties: ciphertext: description: Contains the result of encrypting the provided plaintext, encoded in base64. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: logginglogbuckets.logging.cnrm.cloud.google.com spec: group: logging.cnrm.cloud.google.com names: categories: - gcp kind: LoggingLogBucket plural: logginglogbuckets shortNames: - gcplogginglogbucket - gcplogginglogbuckets singular: logginglogbucket preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - billingAccountRef - required: - folderRef - required: - organizationRef - required: - projectRef properties: billingAccountRef: description: Immutable. The BillingAccount that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' type: string name: description: |- [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Describes this bucket. type: string folderRef: description: Immutable. The Folder that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: 'Immutable. The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.' type: string locked: description: Whether the bucket has been locked. The retention period on a locked bucket may not be changed. Locked buckets may only be deleted if they are empty. type: boolean organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retentionDays: description: Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used. format: int64 type: integer required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of the bucket. This is not set for any of the default buckets. format: date-time type: string lifecycleState: description: 'Output only. The bucket lifecycle state. Possible values: LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of the bucket. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: logginglogexclusions.logging.cnrm.cloud.google.com spec: group: logging.cnrm.cloud.google.com names: categories: - gcp kind: LoggingLogExclusion plural: logginglogexclusions shortNames: - gcplogginglogexclusion - gcplogginglogexclusions singular: logginglogexclusion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - projectRef - required: - folderRef - required: - organizationRef - required: - billingAccountRef properties: billingAccountRef: description: Immutable. The BillingAccount that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' type: string name: description: |- [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Optional. A description of this exclusion. type: string disabled: description: Optional. If set to True, then this exclusion is disabled and it does not exclude any log entries. You can update an exclusion to change the value of this field. type: boolean filter: description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), you can exclude less than 100% of the matching log entries. For example, the following query matches 99% of low-severity log entries from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' type: string folderRef: description: Immutable. The Folder that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - filter type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of the exclusion. This field may not be present for older exclusions. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of the exclusion. This field may not be present for older exclusions. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: logginglogmetrics.logging.cnrm.cloud.google.com spec: group: logging.cnrm.cloud.google.com names: categories: - gcp kind: LoggingLogMetric plural: logginglogmetrics shortNames: - gcplogginglogmetric - gcplogginglogmetrics singular: logginglogmetric preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bucketOptions: description: Optional. The `bucket_options` are required when the logs-based metric is using a DISTRIBUTION value type and it describes the bucket boundaries used to create a histogram of the extracted values. properties: explicitBuckets: description: The explicit buckets. properties: bounds: description: The values must be monotonically increasing. items: format: double type: number type: array type: object exponentialBuckets: description: The exponential buckets. properties: growthFactor: description: Must be greater than 1. format: double type: number numFiniteBuckets: description: Must be greater than 0. format: int64 type: integer scale: description: Must be greater than 0. format: double type: number type: object linearBuckets: description: The linear bucket. properties: numFiniteBuckets: description: Must be greater than 0. format: int64 type: integer offset: description: Lower bound of the first bucket. format: double type: number width: description: Must be greater than 0. format: double type: number type: object type: object description: description: Optional. A description of this metric, which is used in documentation. The maximum length of the description is 8000 characters. type: string disabled: description: Optional. If set to True, then this metric is disabled and it does not generate any points. type: boolean filter: description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) which is used to match log entries. Example: "resource.type=gae_app AND severity>=ERROR" The maximum length of the filter is 20000 characters.' type: string labelExtractors: additionalProperties: type: string description: Optional. A map from a label key string to an extractor expression which is used to extract data from a log entry field and assign as the label value. Each label key specified in the LabelDescriptor must have an associated extractor expression in this map. The syntax of the extractor expression is the same as for the `value_extractor` field. The extracted value is converted to the type defined in the label descriptor. If the either the extraction or the type conversion fails, the label will have a default value. The default value for a string label is an empty string, for an integer label its 0, and for a boolean label its `false`. Note that there are upper bounds on the maximum number of labels and the number of active time series that are allowed in a project. type: object metricDescriptor: description: Optional. The metric descriptor associated with the logs-based metric. If unspecified, it uses a default metric descriptor with a DELTA metric kind, INT64 value type, with no labels and a unit of "1". Such a metric counts the number of log entries matching the `filter` expression. The `name`, `type`, and `description` fields in the `metric_descriptor` are output only, and is constructed using the `name` and `description` field in the LogMetric. To create a logs-based metric that records a distribution of log values, a DELTA metric kind with a DISTRIBUTION value type must be used along with a `value_extractor` expression in the LogMetric. Each label in the metric descriptor must have a matching label name as the key and an extractor expression as the value in the `label_extractors` map. The `metric_kind` and `value_type` fields in the `metric_descriptor` cannot be updated once initially configured. New labels can be added in the `metric_descriptor`, but existing labels cannot be modified except for their description. properties: displayName: description: A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. type: string labels: description: The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed. items: properties: description: description: Immutable. A human-readable description for the label. type: string key: description: Immutable. The label key. type: string valueType: description: 'Immutable. The type of data that can be assigned to the label. Possible values: STRING, BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' type: string type: object type: array launchStage: description: 'Optional. The launch stage of the metric definition. Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string metadata: description: Optional. Metadata which can be used to guide usage of the metric. properties: ingestDelay: description: The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. type: string samplePeriod: description: The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. type: string type: object metricKind: description: 'Immutable. Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: GAUGE, DELTA, CUMULATIVE' type: string unit: description: 'The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component: { "." Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, "new users per day" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new users). Alternatively, "thousands of page views per day" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean "5300 page views per day"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means "3 percent").' type: string valueType: description: 'Immutable. Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: STRING, BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The resource name of the project in which to create the metric. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string valueExtractor: description: 'Optional. A `value_extractor` is required when using a distribution logs-based metric to extract the values to record from a log entry. Two functions are supported for value extraction: `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument are: 1. field: The name of the log entry field from which the value is to be extracted. 2. regex: A regular expression using the Google RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified log entry field. The value of the field is converted to a string before applying the regex. It is an error to specify a regex that does not include exactly one capture group. The result of the extraction must be convertible to a double type, as the distribution always records double values. If either the extraction or the conversion to double fails, then those values are not recorded in the distribution. Example: `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' type: string required: - filter - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of the metric. This field may not be present for older metrics. format: date-time type: string metricDescriptor: properties: description: description: A detailed description of the metric, which can be used in documentation. type: string monitoredResourceTypes: description: Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. items: type: string type: array name: description: The resource name of the metric descriptor. type: string type: description: 'The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" "appengine.googleapis.com/http/server/response_latencies"' type: string type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of the metric. This field may not be present for older metrics. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: logginglogsinks.logging.cnrm.cloud.google.com spec: group: logging.cnrm.cloud.google.com names: categories: - gcp kind: LoggingLogSink plural: logginglogsinks shortNames: - gcplogginglogsink - gcplogginglogsinks singular: logginglogsink preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bigqueryOptions: description: Options that affect sinks exporting data to BigQuery. properties: usePartitionedTables: description: Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone. type: boolean required: - usePartitionedTables type: object description: description: A description of this sink. The maximum length of the description is 8000 characters. type: string destination: oneOf: - required: - bigQueryDatasetRef - required: - loggingLogBucketRef - required: - pubSubTopicRef - required: - storageBucketRef properties: bigQueryDatasetRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, where {{value}} is the `name` field of a `BigQueryDataset` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object loggingLogBucketRef: description: Only `external` field is supported to configure the reference. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, where {{value}} is the `name` field of a `LoggingLogBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object pubSubTopicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object storageBucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, where {{value}} is the `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object disabled: description: If set to True, then this sink is disabled and it does not export any log entries. type: boolean exclusions: description: Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported. items: properties: description: description: A description of this exclusion. type: string disabled: description: If set to True, then this exclusion is disabled and it does not exclude any log entries. type: boolean filter: description: An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. type: string name: description: A client-assigned identifier, such as "load-balancer-exclusion". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric. type: string required: - filter - name type: object type: array filter: description: The filter to apply when exporting logs. Only log entries that match the filter are exported. type: string folderRef: description: |- The folder in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `folderId` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object includeChildren: description: Immutable. Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included. type: boolean organizationRef: description: |- The organization in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: |- The project in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string uniqueWriterIdentity: description: Immutable. Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true. type: boolean required: - destination type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer writerIdentity: description: The identity associated with this sink. This identity must be granted write access to the configured destination. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: logginglogviews.logging.cnrm.cloud.google.com spec: group: logging.cnrm.cloud.google.com names: categories: - gcp kind: LoggingLogView plural: logginglogviews shortNames: - gcplogginglogview - gcplogginglogviews singular: logginglogview preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - billingAccountRef - required: - folderRef - required: - organizationRef - required: - projectRef properties: billingAccountRef: description: Immutable. The BillingAccount that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' type: string name: description: |- [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object bucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The bucket of the resource Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Describes this view. type: string filter: description: 'Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE("projects/myproject") AND resource.type = "gce_instance" AND LOG_ID("stdout")' type: string folderRef: description: Immutable. The Folder that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object location: description: 'Immutable. The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.' type: string organizationRef: description: Immutable. The Organization that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: description: |- [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - bucketRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation timestamp of the view. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The last update timestamp of the view. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: memcacheinstances.memcache.cnrm.cloud.google.com spec: group: memcache.cnrm.cloud.google.com names: categories: - gcp kind: MemcacheInstance plural: memcacheinstances shortNames: - gcpmemcacheinstance - gcpmemcacheinstances singular: memcacheinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: A user-visible name for the instance. type: string maintenancePolicy: description: Maintenance policy for an instance. properties: createTime: description: |- Output only. The time when the policy was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string description: description: |- Optional. Description of what this policy is for. Create/Update methods return INVALID_ARGUMENT if the length is greater than 512. type: string updateTime: description: |- Output only. The time when the policy was updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string weeklyMaintenanceWindow: description: |- Required. Maintenance window that is applied to resources covered by this policy. Minimum 1. For the current version, the maximum number of weekly_maintenance_windows is expected to be one. items: properties: day: description: |- Required. The day of week that maintenance updates occur. - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - MONDAY: Monday - TUESDAY: Tuesday - WEDNESDAY: Wednesday - THURSDAY: Thursday - FRIDAY: Friday - SATURDAY: Saturday - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. type: string duration: description: |- Required. The length of the maintenance window, ranging from 3 hours to 8 hours. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string startTime: description: Required. Start time of the window in UTC time. properties: hours: description: |- Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. type: integer seconds: description: |- Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. type: integer type: object required: - day - duration - startTime type: object type: array required: - weeklyMaintenanceWindow type: object memcacheParameters: description: Immutable. User-specified parameters for this memcache instance. properties: id: description: This is a unique ID associated with this set of parameters. type: string params: additionalProperties: type: string description: User-defined set of parameters to use in the memcache process. type: object type: object memcacheVersion: description: |- The major version of Memcached software. If not provided, latest supported version will be used. Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. type: string networkRef: description: The full name of the network to connect the instance to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object nodeConfig: description: Immutable. Configuration for memcache nodes. properties: cpuCount: description: Number of CPUs per node. type: integer memorySizeMb: description: Memory size in Mebibytes for each memcache node. type: integer required: - cpuCount - memorySizeMb type: object nodeCount: description: Number of nodes in the memcache instance. type: integer region: description: Immutable. The region of the Memcache instance. If it is not provided, the provider region is used. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string zones: description: |- Immutable. Zones where memcache nodes should be provisioned. If not provided, all zones will be used. items: type: string type: array required: - nodeConfig - nodeCount - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Creation timestamp in RFC3339 text format. type: string discoveryEndpoint: description: Endpoint for Discovery API. type: string maintenanceSchedule: description: Output only. Published maintenance schedule. items: properties: endTime: description: |- Output only. The end time of any upcoming scheduled maintenance for this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string scheduleDeadlineTime: description: |- Output only. The deadline that the maintenance schedule start time can not go beyond, including reschedule. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string startTime: description: |- Output only. The start time of any upcoming scheduled maintenance for this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object type: array memcacheFullVersion: description: The full version of memcached server running on this instance. type: string memcacheNodes: description: Additional information about the instance state, if available. items: properties: host: description: Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node. type: string nodeId: description: Identifier of the Memcached node. The node id does not include project or location like the Memcached instance name. type: string port: description: The port number of the Memcached server on this node. type: integer state: description: Current state of the Memcached node. type: string zone: description: Location (GCP Zone) for the Memcached node. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: mlenginemodels.mlengine.cnrm.cloud.google.com spec: group: mlengine.cnrm.cloud.google.com names: categories: - gcp kind: MLEngineModel plural: mlenginemodels shortNames: - gcpmlenginemodel - gcpmlenginemodels singular: mlenginemodel preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: defaultVersion: description: |- Immutable. The default version of the model. This version will be used to handle prediction requests that do not specify a version. properties: name: description: Immutable. The name specified for the version when it was created. type: string required: - name type: object description: description: Immutable. The description specified for the model when it was created. type: string onlinePredictionConsoleLogging: description: Immutable. If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging. type: boolean onlinePredictionLogging: description: Immutable. If true, online prediction access logs are sent to StackDriver Logging. type: boolean projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object regions: description: |- Immutable. The list of regions where the model is going to be deployed. Currently only one region per model is supported. items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringAlertPolicy plural: monitoringalertpolicies shortNames: - gcpmonitoringalertpolicy - gcpmonitoringalertpolicies singular: monitoringalertpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: alertStrategy: description: Control over how this alert policy's notification channels are notified. properties: autoClose: description: If an alert policy that was active has no data for this long, any open incidents will close. type: string notificationChannelStrategy: description: |- Control over how the notification channels in 'notification_channels' are notified when this alert fires, on a per-channel basis. items: properties: notificationChannelNames: description: |- The notification channels that these settings apply to. Each of these correspond to the name field in one of the NotificationChannel objects referenced in the notification_channels field of this AlertPolicy. The format is 'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'. items: type: string type: array renotifyInterval: description: The frequency at which to send reminder notifications for open incidents. type: string type: object type: array notificationRateLimit: description: |- Required for alert policies with a LogMatch condition. This limit is not implemented for alert policies that are not log-based. properties: period: description: Not more than one notification per period. type: string type: object type: object combiner: description: |- How to combine the results of multiple conditions to determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. type: string conditions: description: |- A list of conditions for the policy. The conditions are combined by AND or OR according to the combiner field. If the combined conditions evaluate to true, then an incident is created. A policy can have from one to six conditions. items: properties: conditionAbsent: description: |- A condition that checks that a time series continues to receive new data points. properties: aggregations: description: |- Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified. items: properties: alignmentPeriod: description: |- The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. type: string crossSeriesReducer: description: |- The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. type: string groupByFields: description: |- The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: |- The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. type: string type: object type: array duration: description: |- The amount of time that a time series must fail to report new data to be considered failing. Currently, only values that are a multiple of a minute--e.g. 60s, 120s, or 300s --are supported. type: string filter: description: |- A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. type: string trigger: description: |- The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations. properties: count: description: |- The absolute number of time series that must fail the predicate for the condition to be triggered. type: integer percent: description: |- The percentage of time series that must fail the predicate for the condition to be triggered. type: number type: object required: - duration type: object conditionMatchedLog: description: |- A condition that checks for log messages matching given constraints. If set, no other conditions can be present. properties: filter: description: A logs-based filter. type: string labelExtractors: additionalProperties: type: string description: |- A map from a label key to an extractor expression, which is used to extract the value for this label key. Each entry in this map is a specification for how data should be extracted from log entries that match filter. Each combination of extracted values is treated as a separate rule for the purposes of triggering notifications. Label keys and corresponding values can be used in notifications generated by this condition. type: object required: - filter type: object conditionMonitoringQueryLanguage: description: A Monitoring Query Language query that outputs a boolean stream. properties: duration: description: |- The amount of time that a time series must violate the threshold to be considered failing. Currently, only values that are a multiple of a minute--e.g., 0, 60, 120, or 300 seconds--are supported. If an invalid value is given, an error will be returned. When choosing a duration, it is useful to keep in mind the frequency of the underlying time series data (which may also be affected by any alignments specified in the aggregations field); a good duration is long enough so that a single outlier does not generate spurious alerts, but short enough that unhealthy states are detected and alerted on quickly. type: string evaluationMissingData: description: |- A condition control that determines how metric-threshold conditions are evaluated when data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. type: string query: description: Monitoring Query Language query that outputs a boolean stream. type: string trigger: description: |- The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations, or by the ratio, if denominator_filter and denominator_aggregations are specified. properties: count: description: |- The absolute number of time series that must fail the predicate for the condition to be triggered. type: integer percent: description: |- The percentage of time series that must fail the predicate for the condition to be triggered. type: number type: object required: - duration - query type: object conditionThreshold: description: |- A condition that compares a time series against a threshold. properties: aggregations: description: |- Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field. items: properties: alignmentPeriod: description: |- The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. type: string crossSeriesReducer: description: |- The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. type: string groupByFields: description: |- The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: |- The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. type: string type: object type: array comparison: description: |- The comparison to apply between the time series (indicated by filter and aggregation) and the threshold (indicated by threshold_value). The comparison is applied on each time series, with the time series on the left-hand side and the threshold on the right-hand side. Only COMPARISON_LT and COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. type: string denominatorAggregations: description: |- Specifies the alignment of data points in individual time series selected by denominatorFilter as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources).When computing ratios, the aggregations and denominator_aggregations fields must use the same alignment period and produce time series that have the same periodicity and labels.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field. items: properties: alignmentPeriod: description: |- The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned. type: string crossSeriesReducer: description: |- The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. type: string groupByFields: description: |- The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: |- The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. type: string type: object type: array denominatorFilter: description: |- A filter that identifies a time series that should be used as the denominator of a ratio that will be compared with the threshold. If a denominator_filter is specified, the time series specified by the filter field will be used as the numerator.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. type: string duration: description: |- The amount of time that a time series must violate the threshold to be considered failing. Currently, only values that are a multiple of a minute--e.g., 0, 60, 120, or 300 seconds--are supported. If an invalid value is given, an error will be returned. When choosing a duration, it is useful to keep in mind the frequency of the underlying time series data (which may also be affected by any alignments specified in the aggregations field); a good duration is long enough so that a single outlier does not generate spurious alerts, but short enough that unhealthy states are detected and alerted on quickly. type: string evaluationMissingData: description: |- A condition control that determines how metric-threshold conditions are evaluated when data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. type: string filter: description: |- A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length. type: string forecastOptions: description: |- When this field is present, the 'MetricThreshold' condition forecasts whether the time series is predicted to violate the threshold within the 'forecastHorizon'. When this field is not set, the 'MetricThreshold' tests the current value of the timeseries against the threshold. properties: forecastHorizon: description: |- The length of time into the future to forecast whether a timeseries will violate the threshold. If the predicted value is found to violate the threshold, and the violation is observed in all forecasts made for the Configured 'duration', then the timeseries is considered to be failing. type: string required: - forecastHorizon type: object thresholdValue: description: |- A value against which to compare the time series. type: number trigger: description: |- The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations, or by the ratio, if denominator_filter and denominator_aggregations are specified. properties: count: description: |- The absolute number of time series that must fail the predicate for the condition to be triggered. type: integer percent: description: |- The percentage of time series that must fail the predicate for the condition to be triggered. type: number type: object required: - comparison - duration type: object displayName: description: |- A short name or phrase used to identify the condition in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple conditions in the same policy. type: string name: description: |- The unique resource name for this condition. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] [CONDITION_ID] is assigned by Stackdriver Monitoring when the condition is created as part of a new or updated alerting policy. type: string required: - displayName type: object type: array displayName: description: |- A short name or phrase used to identify the policy in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple policies in the same project. The name is limited to 512 Unicode characters. type: string documentation: description: |- Documentation that is included with notifications and incidents related to this policy. Best practice is for the documentation to include information to help responders understand, mitigate, escalate, and correct the underlying problems detected by the alerting policy. Notification channels that have limited capacity might not show this documentation. properties: content: description: |- The text of the documentation, interpreted according to mimeType. The content may not exceed 8,192 Unicode characters and may not exceed more than 10,240 bytes when encoded in UTF-8 format, whichever is smaller. type: string mimeType: description: |- The format of the content field. Presently, only the value "text/markdown" is supported. type: string type: object enabled: description: Whether or not the policy is enabled. The default is true. type: boolean notificationChannels: items: description: Identifies the notification channels to which notifications should be sent when incidents are opened or closed or when new violations occur on an already opened incident. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - combiner - conditions - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationRecord: description: |- A read-only record of the creation of the alerting policy. If provided in a call to create or update, this field will be ignored. items: properties: mutateTime: description: When the change occurred. type: string mutatedBy: description: The email address of the user making the change. type: string type: object type: array name: description: |- The unique resource name for this policy. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringdashboards.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringDashboard plural: monitoringdashboards shortNames: - gcpmonitoringdashboard - gcpmonitoringdashboards singular: monitoringdashboard preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: columnLayout: description: The content is divided into equally spaced columns and the widgets are arranged vertically. properties: columns: description: The columns of content to display. items: properties: weight: description: The relative weight of this column. The column weight is used to adjust the width of columns on the screen (relative to peers). Greater the weight, greater the width of the column on the screen. If omitted, a value of 1 is used while rendering. format: int64 type: integer widgets: description: The display widgets arranged vertically in this column. items: properties: blank: description: A blank space. type: object x-kubernetes-preserve-unknown-fields: true logsPanel: properties: filter: description: A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries. type: string resourceNames: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object scorecard: description: A scorecard summarizing time series data. properties: gaugeView: description: Will cause the scorecard to show a gauge chart. properties: lowerBound: description: The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this. format: double type: number upperBound: description: The upper bound for this gauge chart. The value of the chart should always be less than or equal to this. format: double type: number type: object sparkChartView: description: Will cause the scorecard to show a spark chart. properties: minAlignmentPeriod: description: The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint. type: string sparkChartType: description: 'Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR' type: string required: - sparkChartType type: object thresholds: description: 'The thresholds used to determine the state of the scorecard given the time series'' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: ''BELOW'', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.' items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object text: description: A raw string or markdown displaying textual content. properties: content: description: The text content to be displayed. type: string format: description: 'How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' type: string type: object title: description: Optional. The title of the widget. type: string xyChart: description: A chart of time series data. properties: chartOptions: description: Display options for the chart. properties: mode: description: 'The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS' type: string type: object dataSets: description: Required. The data displayed in this chart. items: properties: legendTemplate: description: 'A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label''s value. ' type: string minAlignmentPeriod: description: Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals. type: string plotType: description: 'How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP' type: string timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object type: array thresholds: description: Threshold lines drawn horizontally across the chart. items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeshiftDuration: description: The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string xAxis: description: The properties applied to the X axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object yAxis: description: The properties applied to the Y axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object required: - dataSets type: object type: object type: array type: object type: array type: object displayName: description: Required. The mutable, human-readable name. type: string gridLayout: description: Content is arranged with a basic layout that re-flows a simple list of informational elements like widgets or tiles. properties: columns: description: The number of columns into which the view's width is divided. If omitted or set to zero, a system default will be used while rendering. format: int64 type: integer widgets: description: The informational elements that are arranged into the columns row-first. items: properties: blank: description: A blank space. type: object x-kubernetes-preserve-unknown-fields: true logsPanel: properties: filter: description: A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries. type: string resourceNames: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object scorecard: description: A scorecard summarizing time series data. properties: gaugeView: description: Will cause the scorecard to show a gauge chart. properties: lowerBound: description: The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this. format: double type: number upperBound: description: The upper bound for this gauge chart. The value of the chart should always be less than or equal to this. format: double type: number type: object sparkChartView: description: Will cause the scorecard to show a spark chart. properties: minAlignmentPeriod: description: The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint. type: string sparkChartType: description: 'Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR' type: string required: - sparkChartType type: object thresholds: description: 'The thresholds used to determine the state of the scorecard given the time series'' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: ''BELOW'', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.' items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object text: description: A raw string or markdown displaying textual content. properties: content: description: The text content to be displayed. type: string format: description: 'How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' type: string type: object title: description: Optional. The title of the widget. type: string xyChart: description: A chart of time series data. properties: chartOptions: description: Display options for the chart. properties: mode: description: 'The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS' type: string type: object dataSets: description: Required. The data displayed in this chart. items: properties: legendTemplate: description: 'A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label''s value. ' type: string minAlignmentPeriod: description: Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals. type: string plotType: description: 'How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP' type: string timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object type: array thresholds: description: Threshold lines drawn horizontally across the chart. items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeshiftDuration: description: The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string xAxis: description: The properties applied to the X axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object yAxis: description: The properties applied to the Y axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object required: - dataSets type: object type: object type: array type: object mosaicLayout: description: The content is arranged as a grid of tiles, with each content widget occupying one or more tiles. properties: columns: description: The number of columns in the mosaic grid. format: int64 type: integer tiles: description: The tiles to display. items: properties: height: description: The height of the tile, measured in grid squares. format: int64 type: integer widget: description: The informational widget contained in the tile. properties: blank: description: A blank space. type: object x-kubernetes-preserve-unknown-fields: true logsPanel: properties: filter: description: A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries. type: string resourceNames: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object scorecard: description: A scorecard summarizing time series data. properties: gaugeView: description: Will cause the scorecard to show a gauge chart. properties: lowerBound: description: The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this. format: double type: number upperBound: description: The upper bound for this gauge chart. The value of the chart should always be less than or equal to this. format: double type: number type: object sparkChartView: description: Will cause the scorecard to show a spark chart. properties: minAlignmentPeriod: description: The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint. type: string sparkChartType: description: 'Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR' type: string required: - sparkChartType type: object thresholds: description: 'The thresholds used to determine the state of the scorecard given the time series'' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: ''BELOW'', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.' items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object text: description: A raw string or markdown displaying textual content. properties: content: description: The text content to be displayed. type: string format: description: 'How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' type: string type: object title: description: Optional. The title of the widget. type: string xyChart: description: A chart of time series data. properties: chartOptions: description: Display options for the chart. properties: mode: description: 'The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS' type: string type: object dataSets: description: Required. The data displayed in this chart. items: properties: legendTemplate: description: 'A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label''s value. ' type: string minAlignmentPeriod: description: Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals. type: string plotType: description: 'How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP' type: string timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object type: array thresholds: description: Threshold lines drawn horizontally across the chart. items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeshiftDuration: description: The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string xAxis: description: The properties applied to the X axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object yAxis: description: The properties applied to the Y axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object required: - dataSets type: object type: object width: description: The width of the tile, measured in grid squares. format: int64 type: integer xPos: description: The zero-indexed position of the tile in grid squares relative to the left edge of the grid. format: int64 type: integer yPos: description: The zero-indexed position of the tile in grid squares relative to the top edge of the grid. format: int64 type: integer type: object type: array type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project id of the resource. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rowLayout: description: The content is divided into equally spaced rows and the widgets are arranged horizontally. properties: rows: description: The rows of content to display. items: properties: weight: description: The relative weight of this row. The row weight is used to adjust the height of rows on the screen (relative to peers). Greater the weight, greater the height of the row on the screen. If omitted, a value of 1 is used while rendering. format: int64 type: integer widgets: description: The display widgets arranged horizontally in this row. items: properties: blank: description: A blank space. type: object x-kubernetes-preserve-unknown-fields: true logsPanel: properties: filter: description: A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries. type: string resourceNames: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object scorecard: description: A scorecard summarizing time series data. properties: gaugeView: description: Will cause the scorecard to show a gauge chart. properties: lowerBound: description: The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this. format: double type: number upperBound: description: The upper bound for this gauge chart. The value of the chart should always be less than or equal to this. format: double type: number type: object sparkChartView: description: Will cause the scorecard to show a spark chart. properties: minAlignmentPeriod: description: The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint. type: string sparkChartType: description: 'Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR' type: string required: - sparkChartType type: object thresholds: description: 'The thresholds used to determine the state of the scorecard given the time series'' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: ''BELOW'', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.' items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object text: description: A raw string or markdown displaying textual content. properties: content: description: The text content to be displayed. type: string format: description: 'How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' type: string type: object title: description: Optional. The title of the widget. type: string xyChart: description: A chart of time series data. properties: chartOptions: description: Display options for the chart. properties: mode: description: 'The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS' type: string type: object dataSets: description: Required. The data displayed in this chart. items: properties: legendTemplate: description: 'A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label''s value. ' type: string minAlignmentPeriod: description: Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals. type: string plotType: description: 'How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP' type: string timeSeriesQuery: description: Required. Fields for querying time series data from the Stackdriver metrics API. properties: timeSeriesFilter: description: Filter parameters to fetch time series. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after `aggregation` is applied. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object required: - filter type: object timeSeriesFilterRatio: description: Parameters to fetch a ratio between two time series filters. properties: denominator: description: The denominator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object numerator: description: The numerator of the ratio. properties: aggregation: description: By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object filter: description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query. type: string required: - filter type: object pickTimeSeriesFilter: description: Ranking based time series filter. properties: direction: description: 'How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM' type: string numTimeSeries: description: How many time series to allow to pass through the filter. format: int64 type: integer rankingMethod: description: '`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' type: string type: object secondaryAggregation: description: Apply a second aggregation after the ratio is computed. properties: alignmentPeriod: description: The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored. type: string crossSeriesReducer: description: 'The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' type: string groupByFields: description: The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored. items: type: string type: array perSeriesAligner: description: An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned. type: string type: object type: object timeSeriesQueryLanguage: description: A query used to fetch time series. type: string unitOverride: description: The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`. type: string type: object required: - timeSeriesQuery type: object type: array thresholds: description: Threshold lines drawn horizontally across the chart. items: properties: color: description: 'The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED' type: string direction: description: 'The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' type: string label: description: A label for the threshold. type: string value: description: The value of the threshold. The value should be defined in the native scale of the metric. format: double type: number type: object type: array timeshiftDuration: description: The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string xAxis: description: The properties applied to the X axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object yAxis: description: The properties applied to the Y axis. properties: label: description: The label of the axis. type: string scale: description: 'The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10' type: string type: object required: - dataSets type: object type: object type: array type: object type: array type: object required: - displayName - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: \`etag\` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. An \`etag\` is returned in the response to \`GetDashboard\`, and users are expected to put that etag in the request to \`UpdateDashboard\` to ensure that their change will be applied to the same version of the Dashboard configuration. The field should not be passed during dashboard creation. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringgroups.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringGroup plural: monitoringgroups shortNames: - gcpmonitoringgroup - gcpmonitoringgroups singular: monitoringgroup preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: A user-assigned name for this group, used only for display purposes. type: string filter: description: The filter used to determine which monitored resources belong to this group. type: string isCluster: description: If true, the members of this group are considered to be a cluster. The system can perform additional analysis on groups that are clusters. type: boolean parentRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project of the group Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - filter type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringMetricDescriptor plural: monitoringmetricdescriptors shortNames: - gcpmonitoringmetricdescriptor - gcpmonitoringmetricdescriptors singular: monitoringmetricdescriptor preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. A detailed description of the metric, which can be used in documentation. type: string displayName: description: Immutable. A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. type: string labels: description: Immutable. The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed. items: properties: description: description: Immutable. A human-readable description for the label. type: string key: description: 'Immutable. The key for this label. The key must meet the following criteria: * Does not exceed 100 characters. * Matches the following regular expression: `a-zA-Z*` * The first character must be an upper- or lower-case letter. * The remaining characters must be letters, digits, or underscores.' type: string valueType: description: 'Immutable. The type of data that can be assigned to the label. Possible values: STRING, BOOL, INT64' type: string type: object type: array launchStage: description: 'Immutable. Optional. The launch stage of the metric definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string metadata: description: Immutable. Optional. Metadata which can be used to guide usage of the metric. properties: ingestDelay: description: Immutable. The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. type: string launchStage: description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string samplePeriod: description: Immutable. The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. type: string type: object metricKind: description: 'Immutable. Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, GAUGE, DELTA, CUMULATIVE' type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: description: 'Immutable. The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" "appengine.googleapis.com/http/server/response_latencies"' type: string unit: description: 'Immutable. The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component: { "." Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, "new users per day" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new users). Alternatively, "thousands of page views per day" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean "5300 page views per day"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means "3 percent").' type: string valueType: description: 'Immutable. Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: STRING, BOOL, INT64' type: string required: - metricKind - projectRef - type - valueType type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array monitoredResourceTypes: description: Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The resource name of the metric descriptor. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringMonitoredProject plural: monitoringmonitoredprojects shortNames: - gcpmonitoringmonitoredproject - gcpmonitoringmonitoredprojects singular: monitoringmonitoredproject preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: metricsScope: description: 'Immutable. Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - metricsScope type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time when this `MonitoredProject` was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringNotificationChannel plural: monitoringnotificationchannels shortNames: - gcpmonitoringnotificationchannel - gcpmonitoringnotificationchannels singular: monitoringnotificationchannel preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters. type: string enabled: description: Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future. type: boolean forceDelete: description: |- If true, the notification channel will be deleted regardless of its use in alert policies (the policies will be updated to remove the channel). If false, channels that are still referenced by an existing alerting policy will fail to be deleted in a delete operation. type: boolean labels: additionalProperties: type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string sensitiveLabels: description: |- Different notification type behaviors are configured primarily using the the 'labels' field on this resource. This block contains the labels which contain secrets or passwords so that they can be marked sensitive and hidden from plan output. The name of the field, eg: password, will be the key in the 'labels' map in the api request. Credentials may not be specified in both locations and will cause an error. Changing from one location to a different credential configuration in the config will require an apply to update state. properties: authToken: description: 'An authorization token for a notification channel. Channel types that support this field include: slack.' oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object password: description: 'An password for a notification channel. Channel types that support this field include: webhook_basicauth.' oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object serviceKey: description: 'An servicekey token for a notification channel. Channel types that support this field include: pagerduty.' oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object type: object type: description: The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as "email", "slack", etc... type: string required: - type type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The full REST resource name for this channel. The syntax is: projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] The [CHANNEL_ID] is automatically assigned by the server on creation. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer verificationStatus: description: Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringServiceLevelObjective plural: monitoringservicelevelobjectives shortNames: - gcpmonitoringservicelevelobjective - gcpmonitoringservicelevelobjectives singular: monitoringservicelevelobjective preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: calendarPeriod: description: 'A calendar period, semantically "since the start of the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' type: string displayName: description: Name used for UI elements listing this SLO. type: string goal: description: The fraction of service that must be good in order for this objective to be met. `0 < goal <= 0.999`. format: double type: number projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rollingPeriod: description: A rolling time period, semantically "in the past ``". Must be an integer multiple of 1 day no larger than 30 days. type: string serviceLevelIndicator: description: The definition of good service, used to measure and calculate the quality of the `Service`'s performance with respect to a single aspect of service quality. properties: basicSli: description: Basic SLI on a well-known service type. properties: availability: description: Good service is defined to be the count of requests made to this service that return successfully. type: object x-kubernetes-preserve-unknown-fields: true latency: description: Good service is defined to be the count of requests made to this service that are fast enough with respect to `latency.threshold`. properties: experience: description: 'A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING' type: string threshold: description: Good service is defined to be the count of requests made to this service that return in no more than `threshold`. type: string type: object location: description: 'OPTIONAL: The set of locations to which this SLI is relevant. Telemetry from other locations will not be used to calculate performance for this SLI. If omitted, this SLI applies to all locations in which the Service has activity. For service types that don''t support breaking down by location, setting this field will result in an error.' items: type: string type: array method: description: 'OPTIONAL: The set of RPCs to which this SLI is relevant. Telemetry from other methods will not be used to calculate performance for this SLI. If omitted, this SLI applies to all the Service''s methods. For service types that don''t support breaking down by method, setting this field will result in an error.' items: type: string type: array operationAvailability: description: Good service is defined to be the count of operations performed by this service that return successfully type: object x-kubernetes-preserve-unknown-fields: true operationLatency: description: Good service is defined to be the count of operations performed by this service that are fast enough with respect to `operation_latency.threshold`. properties: experience: description: 'A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING' type: string threshold: description: Good service is defined to be the count of operations that are completed in no more than `threshold`. type: string type: object version: description: 'OPTIONAL: The set of API versions to which this SLI is relevant. Telemetry from other API versions will not be used to calculate performance for this SLI. If omitted, this SLI applies to all API versions. For service types that don''t support breaking down by version, setting this field will result in an error.' items: type: string type: array type: object requestBased: description: Request-based SLIs properties: distributionCut: description: '`distribution_cut` is used when `good_service` is a count of values aggregated in a `Distribution` that fall into a good range. The `total_service` is the total count of all values aggregated in the `Distribution`.' properties: distributionFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` aggregating values. Must have `ValueType = DISTRIBUTION` and `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string range: description: Range of values considered "good." For a one-sided range, set one bound to an infinite value. properties: max: description: Range maximum. format: double type: number min: description: Range minimum. format: double type: number type: object type: object goodTotalRatio: description: '`good_total_ratio` is used when the ratio of `good_service` to `total_service` is computed from two `TimeSeries`.' properties: badServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying bad service, either demanded service that was not provided or demanded service that was of inadequate quality. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string goodServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying good service provided. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string totalServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying total demanded service. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string type: object type: object windowsBased: description: Windows-based SLIs properties: goodBadMetricFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` with `ValueType = BOOL`. The window is good if any `true` values appear in the window. type: string goodTotalRatioThreshold: description: A window is good if its `performance` is high enough. properties: basicSliPerformance: description: '`BasicSli` to evaluate to judge window quality.' properties: availability: description: Good service is defined to be the count of requests made to this service that return successfully. type: object x-kubernetes-preserve-unknown-fields: true latency: description: Good service is defined to be the count of requests made to this service that are fast enough with respect to `latency.threshold`. properties: experience: description: 'A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING' type: string threshold: description: Good service is defined to be the count of requests made to this service that return in no more than `threshold`. type: string type: object location: description: 'OPTIONAL: The set of locations to which this SLI is relevant. Telemetry from other locations will not be used to calculate performance for this SLI. If omitted, this SLI applies to all locations in which the Service has activity. For service types that don''t support breaking down by location, setting this field will result in an error.' items: type: string type: array method: description: 'OPTIONAL: The set of RPCs to which this SLI is relevant. Telemetry from other methods will not be used to calculate performance for this SLI. If omitted, this SLI applies to all the Service''s methods. For service types that don''t support breaking down by method, setting this field will result in an error.' items: type: string type: array operationAvailability: description: Good service is defined to be the count of operations performed by this service that return successfully type: object x-kubernetes-preserve-unknown-fields: true operationLatency: description: Good service is defined to be the count of operations performed by this service that are fast enough with respect to `operation_latency.threshold`. properties: experience: description: 'A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING' type: string threshold: description: Good service is defined to be the count of operations that are completed in no more than `threshold`. type: string type: object version: description: 'OPTIONAL: The set of API versions to which this SLI is relevant. Telemetry from other API versions will not be used to calculate performance for this SLI. If omitted, this SLI applies to all API versions. For service types that don''t support breaking down by version, setting this field will result in an error.' items: type: string type: array type: object performance: description: '`RequestBasedSli` to evaluate to judge window quality.' properties: distributionCut: description: '`distribution_cut` is used when `good_service` is a count of values aggregated in a `Distribution` that fall into a good range. The `total_service` is the total count of all values aggregated in the `Distribution`.' properties: distributionFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` aggregating values. Must have `ValueType = DISTRIBUTION` and `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string range: description: Range of values considered "good." For a one-sided range, set one bound to an infinite value. properties: max: description: Range maximum. format: double type: number min: description: Range minimum. format: double type: number type: object type: object goodTotalRatio: description: '`good_total_ratio` is used when the ratio of `good_service` to `total_service` is computed from two `TimeSeries`.' properties: badServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying bad service, either demanded service that was not provided or demanded service that was of inadequate quality. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string goodServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying good service provided. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string totalServiceFilter: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying total demanded service. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`. type: string type: object type: object threshold: description: If window `performance >= threshold`, the window is counted as good. format: double type: number type: object metricMeanInRange: description: A window is good if the metric's value is in a good range, averaged across returned streams. properties: range: description: Range of values considered "good." For a one-sided range, set one bound to an infinite value. properties: max: description: Range maximum. format: double type: number min: description: Range minimum. format: double type: number type: object timeSeries: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying the `TimeSeries` to use for evaluating window quality. type: string type: object metricSumInRange: description: A window is good if the metric's value is in a good range, summed across returned streams. properties: range: description: Range of values considered "good." For a one-sided range, set one bound to an infinite value. properties: max: description: Range maximum. format: double type: number min: description: Range minimum. format: double type: number type: object timeSeries: description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying the `TimeSeries` to use for evaluating window quality. type: string type: object windowPeriod: description: Duration over which window quality is evaluated. Must be an integer fraction of a day and at least `60s`. type: string type: object type: object serviceRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The service for the resource Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - goal - projectRef - serviceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time stamp of the `Create` or most recent `Update` command on this `Slo`. format: date-time type: string deleteTime: description: Time stamp of the `Update` or `Delete` command that made this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, because it is always empty in the current version. It is populated in `ServiceLevelObjective`s representing previous versions in the output of `ListServiceLevelObjectiveVersions`. Because all old configuration versions are stored, `Update` operations mark the obsoleted version as deleted. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer serviceManagementOwned: description: Output only. If set, this SLO is managed at the [Service Management](https://cloud.google.com/service-management/overview) level. Therefore the service yaml file is the source of truth for this SLO, and API `Update` and `Delete` operations are forbidden. type: boolean type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringService plural: monitoringservices shortNames: - gcpmonitoringservice - gcpmonitoringservices singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: Name used for UI elements listing this Service. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string telemetry: description: Configuration for how to query telemetry on a Service. properties: resourceName: description: The full name of the resource that defines this service. Formatted as described in https://cloud.google.com/apis/design/resource_names. type: string type: object required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp kind: MonitoringUptimeCheckConfig plural: monitoringuptimecheckconfigs shortNames: - gcpmonitoringuptimecheckconfig - gcpmonitoringuptimecheckconfigs singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: contentMatchers: description: The content that is expected to appear in the data returned by the target server against which the check is run. Currently, only the first entry in the `content_matchers` list is supported, and additional entries will be ignored. This field is optional and should only be specified if a content match is required as part of the/ Uptime check. items: properties: content: type: string matcher: description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string required: - content type: object type: array displayName: description: A human-friendly name for the Uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced. Required. type: string httpCheck: description: Contains information needed to make an HTTP or HTTPS check. properties: authInfo: description: The authentication information. Optional when creating an HTTP check; defaults to empty. properties: password: oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object username: type: string required: - password - username type: object body: description: 'The request body associated with the HTTP POST request. If `content_type` is `URL_ENCODED`, the body passed in must be URL-encoded. Users can provide a `Content-Length` header via the `headers` field or the API will do so. If the `request_method` is `GET` and `body` is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note: As with all `bytes` fields JSON representations are base64 encoded. e.g.: "foo=bar" in URL-encoded form is "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=".' type: string contentType: description: 'Immutable. The content type to use for the check. Possible values: TYPE_UNSPECIFIED, URL_ENCODED' type: string headers: additionalProperties: type: string description: The list of headers to send as part of the Uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100. type: object maskHeaders: description: Immutable. Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if `mask_headers` is set to `true` then the headers will be obscured with `******.` type: boolean path: description: Optional (defaults to "/"). The path to the page against which to run the check. Will be combined with the `host` (specified within the `monitored_resource`) and `port` to construct the full URL. If the provided path does not begin with "/", a "/" will be prepended automatically. type: string port: description: Optional (defaults to 80 when `use_ssl` is `false`, and 443 when `use_ssl` is `true`). The TCP port on the HTTP server against which to run the check. Will be combined with host (specified within the `monitored_resource`) and `path` to construct the full URL. format: int64 type: integer requestMethod: description: Immutable. The HTTP request method to use for the check. If set to `METHOD_UNSPECIFIED` then `request_method` defaults to `GET`. type: string useSsl: description: If `true`, use HTTPS instead of HTTP to run the check. type: boolean validateSsl: description: Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where `monitored_resource` is set to `uptime_url`. If `use_ssl` is `false`, setting `validate_ssl` to `true` has no effect. type: boolean type: object monitoredResource: description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' properties: filterLabels: additionalProperties: type: string description: Immutable. type: object type: description: Immutable. type: string required: - filterLabels - type type: object period: description: How often, in seconds, the Uptime check is performed. Currently, the only supported values are `60s` (1 minute), `300s` (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceGroup: description: Immutable. The group resource associated with the configuration. properties: groupRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceType: description: 'Immutable. The resource type of the group members. Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string selectedRegions: description: The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions must be provided to include a minimum of 3 locations. Not specifying this field will result in Uptime checks running from all available regions. items: type: string type: array tcpCheck: description: Contains information needed to make a TCP check. properties: port: description: The TCP port on the server against which to run the check. Will be combined with host (specified within the `monitored_resource`) to construct the full URL. Required. format: int64 type: integer required: - port type: object timeout: description: The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Required. type: string required: - displayName - projectRef - timeout type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp kind: NetworkConnectivityHub plural: networkconnectivityhubs shortNames: - gcpnetworkconnectivityhub - gcpnetworkconnectivityhubs singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: An optional description of the hub. type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time the hub was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer routingVpcs: description: The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub. items: properties: uri: description: The URI of the VPC network. type: string type: object type: array state: description: 'Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' type: string uniqueId: description: Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id. type: string updateTime: description: Output only. The time the hub was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp kind: NetworkConnectivitySpoke plural: networkconnectivityspokes shortNames: - gcpnetworkconnectivityspoke - gcpnetworkconnectivityspokes singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: An optional description of the spoke. type: string hubRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Immutable. The URI of the hub that this spoke is attached to. Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object linkedInterconnectAttachments: description: Immutable. A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. properties: siteToSiteDataTransfer: description: Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. type: boolean uris: description: Immutable. items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - siteToSiteDataTransfer - uris type: object linkedRouterApplianceInstances: description: Immutable. The URIs of linked Router appliance resources properties: instances: description: Immutable. The list of router appliance instances items: properties: ipAddress: description: Immutable. The IP address on the VM to use for peering. type: string virtualMachineRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URI of the virtual machine resource Allowed value: The `selfLink` field of a `ComputeInstance` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object type: array siteToSiteDataTransfer: description: Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. type: boolean required: - instances - siteToSiteDataTransfer type: object linkedVpnTunnels: description: Immutable. The URIs of linked VPN tunnel resources properties: siteToSiteDataTransfer: description: Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. type: boolean uris: description: Immutable. items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array required: - siteToSiteDataTransfer - uris type: object location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - hubRef - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time the spoke was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' type: string uniqueId: description: Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id. type: string updateTime: description: Output only. The time the spoke was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp kind: NetworkManagementConnectivityTest plural: networkmanagementconnectivitytests shortNames: - gcpnetworkmanagementconnectivitytest - gcpnetworkmanagementconnectivitytests singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: |- The user-supplied description of the Connectivity Test. Maximum of 512 characters. type: string destination: description: |- Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test. properties: instance: description: A Compute Engine instance URI. type: string ipAddress: description: |- The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a global load balancer VIP. type: string network: description: A Compute Engine network URI. type: string port: description: |- The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP. type: integer projectId: description: |- Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: 1. Only the IP address is specified, and the IP address is within a GCP project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project. type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object protocol: description: IP Protocol of the test. When not provided, "TCP" is assumed. type: string relatedProjects: description: |- Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries. items: type: string type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string source: description: |- Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test. properties: instance: description: A Compute Engine instance URI. type: string ipAddress: description: |- The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a global load balancer VIP. type: string network: description: A Compute Engine network URI. type: string networkType: description: 'Type of the network where the endpoint is located. Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' type: string port: description: |- The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP. type: integer projectId: description: |- Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: 1. Only the IP address is specified, and the IP address is within a GCP project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project. type: string type: object required: - destination - projectRef - source type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: group: networksecurity.cnrm.cloud.google.com names: categories: - gcp kind: NetworkSecurityAuthorizationPolicy plural: networksecurityauthorizationpolicies shortNames: - gcpnetworksecurityauthorizationpolicy - gcpnetworksecurityauthorizationpolicies singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: action: description: 'Required. The action to take when a rule match is found. Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, ALLOW, DENY' type: string description: description: Optional. Free-text description of the resource. type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Optional. List of rules to match. If not set, the action specified in the ‘action’ field will be applied without any additional rule checks. items: properties: destinations: description: Optional. List of attributes for the traffic destination. If not set, the action specified in the ‘action’ field will be applied without any rule checks for the destination. items: properties: hosts: description: Required. List of host names to match. Matched against HOST header in http requests. Each host can be an exact match, or a prefix match (example, “mydomain.*”) or a suffix match (example, *.myorg.com”) or a presence(any) match “*”. items: type: string type: array httpHeaderMatch: description: Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases. properties: headerName: description: Required. The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method". type: string regexMatch: description: 'Required. The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header''s port specifier.' type: string required: - headerName - regexMatch type: object methods: description: Optional. A list of HTTP methods to match. Should not be set for gRPC services. items: type: string type: array ports: description: Required. List of destination ports to match. items: format: int64 type: integer type: array required: - hosts - ports type: object type: array sources: description: Optional. List of attributes for the traffic source. If not set, the action specified in the ‘action’ field will be applied without any rule checks for the source. items: properties: ipBlocks: description: Optional. List of CIDR ranges to match based on source IP address. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. items: type: string type: array principals: description: Optional. List of peer identities to match for authorization. Each peer can be an exact match, or a prefix match (example, “namespace/*”) or a suffix match (example, */service-account”) or a presence match “*”. items: type: string type: array type: object type: array type: object type: array required: - action - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: group: networksecurity.cnrm.cloud.google.com names: categories: - gcp kind: NetworkSecurityClientTLSPolicy plural: networksecurityclienttlspolicies shortNames: - gcpnetworksecurityclienttlspolicy - gcpnetworksecurityclienttlspolicies singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clientCertificate: description: Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. properties: certificateProviderInstance: description: The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. properties: pluginInstance: description: Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. type: string required: - pluginInstance type: object grpcEndpoint: description: gRPC specific configuration to access the gRPC server to obtain the cert and private key. properties: targetUri: description: Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with “unix:”. type: string required: - targetUri type: object type: object description: description: Optional. Free-text description of the resource. type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serverValidationCa: description: Required. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. items: properties: certificateProviderInstance: description: The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. properties: pluginInstance: description: Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. type: string required: - pluginInstance type: object grpcEndpoint: description: gRPC specific configuration to access the gRPC server to obtain the CA certificate. properties: targetUri: description: Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with “unix:”. type: string required: - targetUri type: object type: object type: array sni: description: 'Optional. Server Name Indication string to present to the server during TLS handshake. E.g: "secure.example.com".' type: string required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: group: networksecurity.cnrm.cloud.google.com names: categories: - gcp kind: NetworkSecurityServerTLSPolicy plural: networksecurityservertlspolicies shortNames: - gcpnetworksecurityservertlspolicy - gcpnetworksecurityservertlspolicies singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: allowOpen: description: Optional. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. type: boolean description: description: Optional. Free-text description of the resource. type: string location: description: Immutable. The location for the resource type: string mtlsPolicy: description: Optional. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections. properties: clientValidationCa: description: Required. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. items: properties: certificateProviderInstance: description: The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. properties: pluginInstance: description: Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. type: string required: - pluginInstance type: object grpcEndpoint: description: gRPC specific configuration to access the gRPC server to obtain the CA certificate. properties: targetUri: description: Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with “unix:”. type: string required: - targetUri type: object type: object type: array required: - clientValidationCa type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serverCertificate: description: Optional. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported. properties: certificateProviderInstance: description: The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. properties: pluginInstance: description: Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. type: string required: - pluginInstance type: object grpcEndpoint: description: gRPC specific configuration to access the gRPC server to obtain the cert and private key. properties: targetUri: description: Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with “unix:”. type: string required: - targetUri type: object type: object required: - location type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesEdgeCacheKeyset plural: networkservicesedgecachekeysets shortNames: - gcpnetworkservicesedgecachekeyset - gcpnetworkservicesedgecachekeysets singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description of the resource. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publicKey: description: |- An ordered list of Ed25519 public keys to use for validating signed requests. You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. You may specify no more than one Google-managed public key. If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. items: properties: id: description: |- The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. type: string managed: description: Set to true to have the CDN automatically manage this public key value. type: boolean value: description: |- The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object required: - id type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string validationSharedKeys: description: |- An ordered list of shared keys to use for validating signed requests. Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. items: properties: secretVersion: description: |- The name of the secret version in Secret Manager. The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. * If you are using HMAC-SHA1, we suggest 20-byte secrets. * If you are using HMAC-SHA256, we suggest 32-byte secrets. See RFC 2104, Section 3 for more details on these recommendations. type: string required: - secretVersion type: object type: array required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesEdgeCacheOrigin plural: networkservicesedgecacheorigins shortNames: - gcpnetworkservicesedgecacheorigin - gcpnetworkservicesedgecacheorigins singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: awsV4Authentication: description: Enable AWS Signature Version 4 origin authentication. properties: accessKeyId: description: The access key ID your origin uses to identify the key. type: string originRegion: description: The name of the AWS region that your origin is in. type: string secretAccessKeyVersion: description: |- The Secret Manager secret version of the secret access key used by your origin. This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. type: string required: - accessKeyId - originRegion - secretAccessKeyVersion type: object description: description: A human-readable description of the resource. type: string failoverOrigin: description: |- The Origin resource to try when the current origin cannot be reached. After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. A reference to a Topic resource. type: string maxAttempts: description: |- The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, retryConditions and failoverOrigin to control its own cache fill failures. The total number of allowed attempts to cache fill across this and failover origins is limited to four. The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. The last valid, non-retried response from all origins will be returned to the client. If no origin returns a valid response, an HTTP 502 will be returned to the client. Defaults to 1. Must be a value greater than 0 and less than 4. type: integer originAddress: description: |- A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string originOverrideAction: description: |- The override actions, including url rewrites and header additions, for requests that use this origin. properties: headerAction: description: |- The header actions, including adding and removing headers, for request handled by this origin. properties: requestHeadersToAdd: description: |- Describes a header to add. You may add a maximum of 25 request headers. items: properties: headerName: description: The name of the header to add. type: string headerValue: description: The value of the header to add. type: string replace: description: |- Whether to replace all existing headers with the same name. By default, added header values are appended to the response or request headers with the same field names. The added values are separated by commas. To overwrite existing values, set 'replace' to 'true'. type: boolean required: - headerName - headerValue type: object type: array type: object urlRewrite: description: |- The URL rewrite configuration for request that are handled by this origin. properties: hostRewrite: description: |- Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of the hostRewrite. This value must be between 1 and 255 characters. type: string type: object type: object originRedirect: description: Follow redirects from this origin. properties: redirectConditions: description: |- The set of redirect response codes that the CDN follows. Values of [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) are accepted. items: type: string type: array type: object port: description: |- The port to connect to the origin on. Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. type: integer projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object protocol: description: |- The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retryConditions: description: |- Specifies one or more retry conditions for the configured origin. If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. The default retryCondition is "CONNECT_FAILURE". retryConditions apply to this origin, and not subsequent failoverOrigin(s), which may specify their own retryConditions and maxAttempts. Valid values are: - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. items: type: string type: array timeout: description: The connection and HTTP timeout configuration for this origin. properties: connectTimeout: description: |- The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. Defaults to 5 seconds. The timeout must be a value between 1s and 15s. The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. type: string maxAttemptsTimeout: description: |- The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. Defaults to 15 seconds. The timeout must be a value between 1s and 30s. If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. type: string readTimeout: description: |- The maximum duration to wait between reads of a single HTTP connection/stream. Defaults to 15 seconds. The timeout must be a value between 1s and 30s. The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. If the response headers have already been written to the connection, the response will be truncated and logged. type: string responseTimeout: description: |- The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. Defaults to 30 seconds. The timeout must be a value between 1s and 120s. The responseTimeout starts after the connection has been established. This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object required: - originAddress - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesEdgeCacheService plural: networkservicesedgecacheservices shortNames: - gcpnetworkservicesedgecacheservice - gcpnetworkservicesedgecacheservices singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: A human-readable description of the resource. type: string disableHttp2: description: |- Disables HTTP/2. HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. type: boolean disableQuic: description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. type: boolean edgeSecurityPolicy: description: Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. type: string edgeSslCertificates: description: |- URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. items: type: string type: array logConfig: description: Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. properties: enable: description: Specifies whether to enable logging for traffic served by this service. type: boolean sampleRate: description: |- Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. This field can only be specified if logging is enabled for this service. type: number type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object requireTls: description: |- Require TLS (HTTPS) for all clients connecting to this service. Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). You must have at least one (1) edgeSslCertificate specified to enable this. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string routing: description: Defines how requests are routed, modified, cached and/or which origin content is filled from. properties: hostRule: description: The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply. items: properties: description: description: A human-readable description of the hostRule. type: string hosts: description: |- The list of host patterns to match. Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. When multiple hosts are specified, hosts are matched in the following priority: 1. Exact domain names: ''www.foo.com''. 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. 4. Special wildcard ''*'' matching any domain. Notes: The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. You may specify up to 10 hosts. items: type: string type: array pathMatcher: description: The name of the pathMatcher associated with this hostRule. type: string required: - hosts - pathMatcher type: object type: array pathMatcher: description: The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion. items: properties: description: description: A human-readable description of the resource. type: string name: description: The name to which this PathMatcher is referred by the HostRule. type: string routeRule: description: The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods. items: properties: description: description: A human-readable description of the routeRule. type: string headerAction: description: The header actions, including adding & removing headers, for requests that match this route. properties: requestHeaderToAdd: description: Describes a header to add. items: properties: headerName: description: The name of the header to add. type: string headerValue: description: The value of the header to add. type: string replace: description: Whether to replace all existing headers with the same name. type: boolean required: - headerName - headerValue type: object type: array requestHeaderToRemove: description: A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. items: properties: headerName: description: The name of the header to remove. type: string required: - headerName type: object type: array responseHeaderToAdd: description: |- Headers to add to the response prior to sending it back to the client. Response headers are only sent to the client, and do not have an effect on the cache serving the response. items: properties: headerName: description: The name of the header to add. type: string headerValue: description: The value of the header to add. type: string replace: description: Whether to replace all existing headers with the same name. type: boolean required: - headerName - headerValue type: object type: array responseHeaderToRemove: description: A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. items: properties: headerName: description: |- Headers to remove from the response prior to sending it back to the client. Response headers are only sent to the client, and do not have an effect on the cache serving the response. type: string required: - headerName type: object type: array type: object matchRule: description: |- The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. items: properties: fullPathMatch: description: For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. type: string headerMatch: description: Specifies a list of header match criteria, all of which must match corresponding headers in the request. items: properties: exactMatch: description: The value of the header should exactly match contents of exactMatch. type: string headerName: description: The header name to match on. type: string invertMatch: description: |- If set to false (default), the headerMatch is considered a match if the match criteria above are met. If set to true, the headerMatch is considered a match if the match criteria above are NOT met. type: boolean prefixMatch: description: The value of the header must start with the contents of prefixMatch. type: string presentMatch: description: A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. type: boolean suffixMatch: description: The value of the header must end with the contents of suffixMatch. type: string required: - headerName type: object type: array ignoreCase: description: Specifies that prefixMatch and fullPathMatch matches are case sensitive. type: boolean pathTemplateMatch: description: |- For satisfying the matchRule condition, the path of the request must match the wildcard pattern specified in pathTemplateMatch after removing any query parameters and anchor that may be part of the original URL. pathTemplateMatch must be between 1 and 255 characters (inclusive). The pattern specified by pathTemplateMatch may have at most 5 wildcard operators and at most 5 variable captures in total. type: string prefixMatch: description: For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. type: string queryParameterMatch: description: Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. items: properties: exactMatch: description: The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. type: string name: description: The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails. type: string presentMatch: description: Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. type: boolean required: - name type: object type: array type: object type: array origin: description: |- The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" Only one of origin or urlRedirect can be set. type: string priority: description: |- The priority of this route rule, where 1 is the highest priority. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. type: string routeAction: description: In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin. properties: cdnPolicy: description: The policy to use for defining caching and signed request behaviour for requests that match this route. properties: addSignatures: description: |- Enable signature generation or propagation on this route. This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. properties: actions: description: 'The actions to take to add signatures to responses. Possible values: ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", "PROPAGATE_TOKEN_HLS_COOKIELESS"].' items: type: string type: array copiedParameters: description: |- The parameters to copy from the verified token to the generated token. Only the following parameters may be copied: * 'PathGlobs' * 'paths' * 'acl' * 'URLPrefix' * 'IPRanges' * 'SessionID' * 'id' * 'Data' * 'data' * 'payload' * 'Headers' You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. items: type: string type: array keyset: description: |- The keyset to use for signature generation. The following are both valid paths to an EdgeCacheKeyset resource: * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' * 'yourKeyset' This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. type: string tokenQueryParameter: description: |- The query parameter in which to put the generated token. If not specified, defaults to 'edge-cache-token'. If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. type: string tokenTtl: description: |- The duration the token is valid starting from the moment the token is first generated. Defaults to '86400s' (1 day). The TTL must be >= 0 and <= 604,800 seconds (1 week). This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - actions type: object cacheKeyPolicy: description: Defines the request parameters that contribute to the cache key. properties: excludeHost: description: |- If true, requests to different hosts will be cached separately. Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. type: boolean excludeQueryString: description: |- If true, exclude query string parameters from the cache key If false (the default), include the query string parameters in the cache key according to includeQueryParameters and excludeQueryParameters. If neither includeQueryParameters nor excludeQueryParameters is set, the entire query string will be included. type: boolean excludedQueryParameters: description: |- Names of query string parameters to exclude from cache keys. All other parameters will be included. Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. items: type: string type: array includeProtocol: description: If true, http and https requests will be cached separately. type: boolean includedCookieNames: description: |- Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. Cookie names: - must be valid RFC 6265 "cookie-name" tokens - are case sensitive - cannot start with "Edge-Cache-" (case insensitive) Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. You may specify up to three cookie names. items: type: string type: array includedHeaderNames: description: |- Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. - Header names must be valid HTTP RFC 7230 header field values. - Header field names are case insensitive - To include the HTTP method, use ":method" Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. items: type: string type: array includedQueryParameters: description: |- Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. items: type: string type: array type: object cacheMode: description: |- Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. type: string clientTtl: description: |- Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. - The TTL must be > 0 and <= 86400s (1 day) - The clientTtl cannot be larger than the defaultTtl (if set) - Fractions of a second are not allowed. Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. A duration in seconds terminated by 's'. Example: "3s". type: string defaultTtl: description: |- Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Defaults to 3600s (1 hour). - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) - The value of defaultTTL cannot be set to a value greater than that of maxTTL. - Fractions of a second are not allowed. - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. A duration in seconds terminated by 's'. Example: "3s". type: string maxTtl: description: |- Specifies the maximum allowed TTL for cached content served by this origin. Defaults to 86400s (1 day). Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) - Setting a TTL of "0" means "always revalidate" - The value of maxTtl must be equal to or greater than defaultTtl. - Fractions of a second are not allowed. When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. A duration in seconds terminated by 's'. Example: "3s". type: string negativeCaching: description: |- Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. By default, the CDNPolicy will apply the following default TTLs to these status codes: - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s These defaults can be overridden in negativeCachingPolicy. type: boolean negativeCachingPolicy: additionalProperties: type: string description: |- Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. type: object signedRequestKeyset: description: The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge. type: string signedRequestMaximumExpirationTtl: description: |- Limit how far into the future the expiration time of a signed request may be. When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. - The TTL must be > 0. - Fractions of a second are not allowed. By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. type: string signedRequestMode: description: |- Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. You must also set a signedRequestKeyset to enable signed requests. When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. type: string signedTokenOptions: description: |- Additional options for signed tokens. signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. properties: allowedSignatureAlgorithms: description: |- The allowed signature algorithms to use. Defaults to using only ED25519. You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. items: type: string type: array tokenQueryParameter: description: |- The query parameter in which to find the token. The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. Defaults to 'edge-cache-token'. type: string type: object type: object corsPolicy: description: CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set. properties: allowCredentials: description: |- In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials response header. type: boolean allowHeaders: description: Specifies the content for the Access-Control-Allow-Headers response header. items: type: string type: array allowMethods: description: Specifies the content for the Access-Control-Allow-Methods response header. items: type: string type: array allowOrigins: description: |- Specifies the list of origins that will be allowed to do CORS requests. This translates to the Access-Control-Allow-Origin response header. items: type: string type: array disabled: description: If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. type: boolean exposeHeaders: description: Specifies the content for the Access-Control-Allow-Headers response header. items: type: string type: array maxAge: description: |- Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). - Setting the value to -1 forces a pre-flight check for all requests (not recommended) - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. - This translates to the Access-Control-Max-Age header. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - maxAge type: object urlRewrite: description: The URL rewrite configuration for requests that match this route. properties: hostRewrite: description: Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite. type: string pathPrefixRewrite: description: Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite. type: string pathTemplateRewrite: description: |- Prior to forwarding the request to the selected origin, if the request matched a pathTemplateMatch, the matching portion of the request's path is replaced re-written using the pattern specified by pathTemplateRewrite. pathTemplateRewrite must be between 1 and 255 characters (inclusive), must start with a '/', and must only use variables captured by the route's pathTemplate matchers. pathTemplateRewrite may only be used when all of a route's MatchRules specify pathTemplate. Only one of pathPrefixRewrite and pathTemplateRewrite may be specified. type: string type: object type: object urlRedirect: description: The URL redirect configuration for requests that match this route. properties: hostRedirect: description: The host that will be used in the redirect response instead of the one that was supplied in the request. type: string httpsRedirect: description: |- If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This can only be set if there is at least one (1) edgeSslCertificate set on the service. type: boolean pathRedirect: description: |- The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The path value must be between 1 and 1024 characters. type: string prefixRedirect: description: |- The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. type: string redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. The supported values are: - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. - 'FOUND', which corresponds to 302. - 'SEE_OTHER' which corresponds to 303. - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. type: string stripQuery: description: If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. type: boolean type: object required: - matchRule - priority type: object type: array required: - name - routeRule type: object type: array required: - hostRule - pathMatcher type: object sslPolicy: description: |- URL of the SslPolicy resource that will be associated with the EdgeCacheService. If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - projectRef - routing type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array ipv4Addresses: description: The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. items: type: string type: array ipv6Addresses: description: The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesEndpointPolicy plural: networkservicesendpointpolicies shortNames: - gcpnetworkservicesendpointpolicy - gcpnetworkservicesendpointpolicies singular: networkservicesendpointpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: authorizationPolicyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object clientTlsPolicyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string endpointMatcher: description: Required. A matcher that selects endpoints to which the policies should be applied. properties: metadataLabelMatcher: description: The matcher is based on node metadata presented by xDS clients. properties: metadataLabelMatchCriteria: description: 'Specifies how matching should be done. Supported values are: MATCH_ANY: At least one of the Labels specified in the matcher should match the metadata presented by xDS client. MATCH_ALL: The metadata presented by the xDS client should contain all of the labels specified here. The selection is determined based on the best match. For example, suppose there are three EndpointPolicy resources P1, P2 and P3 and if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL , and P3 has MATCH_ALL . If a client with label connects, the config from P1 will be selected. If a client with label connects, the config from P2 will be selected. If a client with label connects, the config from P3 will be selected. If there is more than one best match, (for example, if a config P4 with selector exists and if a client with label connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, MATCH_ANY, MATCH_ALL' type: string metadataLabels: description: The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list can have at most 64 entries. The list can be empty if the match criteria is MATCH_ANY, to specify a wildcard match (i.e this matches any client). items: properties: labelName: description: Required. Label name presented as key in xDS Node Metadata. type: string labelValue: description: Required. Label value presented as value corresponding to the above key, in xDS Node Metadata. type: string required: - labelName - labelValue type: object type: array type: object type: object location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serverTlsPolicyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object trafficPortSelector: description: Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports. properties: ports: description: Optional. A list of ports. Can be port numbers or port range (example, specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected. items: type: string type: array type: object type: description: 'Required. The type of endpoint config. This is primarily used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, SIDECAR_PROXY, GRPC_SERVER' type: string required: - endpointMatcher - location - projectRef - type type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicesgateways.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesGateway plural: networkservicesgateways shortNames: - gcpnetworkservicesgateway - gcpnetworkservicesgateways singular: networkservicesgateway preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addresses: description: One or more addresses with ports in format of ":" that the Gateway must receive traffic on. The proxy binds to the ports specified. IP address can be anything that is allowed by the underlying infrastructure (auto-allocation, static IP, BYOIP). items: type: string type: array description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string location: description: Immutable. The location for the resource type: string ports: description: Required. One or more ports that the Gateway must receive traffic on. The proxy binds to the ports specified. Gateway listen on 0.0.0.0 on the ports specified below. items: format: int64 type: integer type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string scope: description: Immutable. Required. Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens. type: string serverTlsPolicyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: description: 'Immutable. Immutable. The type of the customer managed gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' type: string required: - location - ports - projectRef - scope type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesGRPCRoute plural: networkservicesgrpcroutes shortNames: - gcpnetworkservicesgrpcroute - gcpnetworkservicesgrpcroutes singular: networkservicesgrpcroute preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string gateways: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array hostnames: description: 'Required. Service hostnames with an optional port for which this route describes traffic. Format: [:] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (*.). The wildcard label must appear by itself as the first label. Hostname can be “precise” which is a domain name without the terminating dot of a network host (e.g. “foo.example.com”) or “wildcard”, which is a domain name prefixed with a single wildcard label (e.g. *.example.com). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or ‘-’, and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Router must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to be associated with the same route, it is not possible to associate two routes both with "*.bar.com" or both with "bar.com". In the case that multiple routes match the hostname, the most specific match will be selected. For example, "foo.bar.baz.com" will take precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence over "*.baz.com". If a port is specified, then gRPC clients must use the channel URI with the port to match this rule (i.e. "xds:///service:123"), otherwise they must supply the URI without a port (i.e. "xds:///service").' items: type: string type: array location: description: Immutable. The location for the resource type: string meshes: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Required. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied. items: properties: action: description: Required. A detailed rule defining how to route traffic. This field is required. properties: destinations: description: Optional. The destination services to which traffic should be forwarded. If multiple destinations are specified, traffic will be split between Backend Service(s) according to the weight field of these destinations. items: properties: serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object weight: description: 'Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.' format: int64 type: integer required: - serviceRef type: object type: array faultInjectionPolicy: description: Optional. The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy properties: abort: description: The specification for aborting to client requests. properties: httpStatus: description: The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. format: int64 type: integer percentage: description: The percentage of traffic which will be aborted. The value must be between [0, 100] format: int64 type: integer type: object delay: description: The specification for injecting delay to client requests. properties: fixedDelay: description: Specify a fixed delay before forwarding the request. type: string percentage: description: The percentage of traffic on which delay will be injected. The value must be between [0, 100] format: int64 type: integer type: object type: object retryPolicy: description: Optional. Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number of retries. This number must be > 0. If not specpfied, default to 1. format: int64 type: integer retryConditions: description: '- connect-failure: Router will retry on failures connecting to Backend Services, for example due to connection timeouts. - refused-stream: Router will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: Router will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Router will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Router will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Router will retry if the gRPC status code in the response header is set to unavailable' items: type: string type: array type: object timeout: description: Optional. Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries. type: string type: object matches: description: Optional. Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. If no matches field is specified, this rule will unconditionally match traffic. items: properties: headers: description: Optional. Specifies a collection of headers to match. items: properties: key: description: Required. The key of the header. type: string type: description: 'Optional. Specifies how to match against the value of the header. If not specified, a default value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, MATCH_ANY, MATCH_ALL' type: string value: description: Required. The value of the header. type: string required: - key - value type: object type: array method: description: Optional. A gRPC method to match against. If this field is empty or omitted, will match all methods. properties: caseSensitive: description: Optional. Specifies that matches are case sensitive. The default value is true. case_sensitive must not be used with a type of REGULAR_EXPRESSION. type: boolean grpcMethod: description: Required. Name of the method to match against. If unspecified, will match all methods. type: string grpcService: description: Required. Name of the service to match against. If unspecified, will match all services. type: string type: description: 'Optional. Specifies how to match against the name. If not specified, a default value of "EXACT" is used. Possible values: TYPE_UNSPECIFIED, EXACT, REGULAR_EXPRESSION' type: string required: - grpcMethod - grpcService type: object type: object type: array required: - action type: object type: array required: - hostnames - location - projectRef - rules type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesHTTPRoute plural: networkserviceshttproutes shortNames: - gcpnetworkserviceshttproute - gcpnetworkserviceshttproutes singular: networkserviceshttproute preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string gateways: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array hostnames: description: Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that ip addresses are not allowed. Wildcard hosts are supported as "*" (no prefix or suffix allowed). items: type: string type: array location: description: Immutable. The location for the resource type: string meshes: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Required. Rules that define how traffic is routed and handled. items: properties: action: description: The detailed rule defining how to route matched traffic. properties: corsPolicy: description: The specification for allowing client side cross-origin requests. properties: allowCredentials: description: In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false. type: boolean allowHeaders: description: Specifies the content for Access-Control-Allow-Headers header. items: type: string type: array allowMethods: description: Specifies the content for Access-Control-Allow-Methods header. items: type: string type: array allowOriginRegexes: description: Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax. items: type: string type: array allowOrigins: description: Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes. items: type: string type: array disabled: description: If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. type: boolean exposeHeaders: description: Specifies the content for Access-Control-Expose-Headers header. items: type: string type: array maxAge: description: Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. type: string type: object destinations: description: The destination to which traffic should be forwarded. items: properties: serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object weight: description: 'Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.' format: int64 type: integer type: object type: array faultInjectionPolicy: description: The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy properties: abort: description: The specification for aborting to client requests. properties: httpStatus: description: The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. format: int64 type: integer percentage: description: The percentage of traffic which will be aborted. The value must be between [0, 100] format: int64 type: integer type: object delay: description: The specification for injecting delay to client requests. properties: fixedDelay: description: Specify a fixed delay before forwarding the request. type: string percentage: description: The percentage of traffic on which delay will be injected. The value must be between [0, 100] format: int64 type: integer type: object type: object redirect: description: If set, the request is directed as configured by this field. properties: hostRedirect: description: The host that will be used in the redirect response instead of the one that was supplied in the request. type: string httpsRedirect: description: If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. The default is set to false. type: boolean pathRedirect: description: The path that will be used in the redirect response instead of the one that was supplied in the request. path_redirect can not be supplied together with prefix_redirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. type: string portRedirect: description: The port that will be used in the redirected request instead of the one that was supplied in the request. format: int64 type: integer prefixRewrite: description: Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows URLs be dynamically created based on the request. type: string responseCode: description: 'The HTTP Status code to use for the redirect. Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' type: string stripQuery: description: if set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. type: boolean type: object requestHeaderModifier: description: The specification for modifying the headers of a matching request prior to delivery of the request to the destination. properties: add: additionalProperties: type: string description: Add the headers with given map where key is the name of the header, value is the value of the header. type: object remove: description: Remove headers (matching by header names) specified in the list. items: type: string type: array set: additionalProperties: type: string description: Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header. type: object type: object requestMirrorPolicy: description: Specifies the policy on how requests intended for the routes destination are shadowed to a separate mirrored destination. Proxy will not wait for the shadow destination to respond before returning the response. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow. properties: destination: description: The destination the requests will be mirrored to. The weight of the destination will be ignored. properties: serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object weight: description: 'Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.' format: int64 type: integer type: object type: object responseHeaderModifier: description: The specification for modifying the headers of a response prior to sending the response back to the client. properties: add: additionalProperties: type: string description: Add the headers with given map where key is the name of the header, value is the value of the header. type: object remove: description: Remove headers (matching by header names) specified in the list. items: type: string type: array set: additionalProperties: type: string description: Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header. type: object type: object retryPolicy: description: Specifies the retry policy associated with this route. properties: numRetries: description: Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1. format: int64 type: integer perTryTimeout: description: Specifies a non-zero timeout per retry attempt. type: string retryConditions: description: 'Specifies one or more conditions when this retry policy applies. Valid values are: 5xx: Proxy will attempt a retry if the destination service responds with any 5xx response code, of if the destination service does not respond at all, example: disconnect, reset, read timeout, connection failure and refused streams. gateway-error: Similar to 5xx, but only applies to response codes 502, 503, 504. reset: Proxy will attempt a retry if the destination service does not respond at all (disconnect/reset/read timeout) connect-failure: Proxy will retry on failures connecting to destination for example due to connection timeouts. retriable-4xx: Proxy will retry fro retriable 4xx response codes. Currently the only retriable error supported is 409. refused-stream: Proxy will retry if the destination resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.' items: type: string type: array type: object timeout: description: Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries. type: string urlRewrite: description: The specification for rewrite URL before forwarding requests to the destination. properties: hostRewrite: description: Prior to forwarding the request to the selected destination, the requests host header is replaced by this value. type: string pathPrefixRewrite: description: Prior to forwarding the request to the selected destination, the matching portion of the requests path is replaced by this value. type: string type: object type: object matches: description: A list of matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. items: properties: fullPathMatch: description: The HTTP request path value should exactly match this value. Only one of full_path_match, prefix_match, or regex_match should be used. type: string headers: description: Specifies a list of HTTP request headers to match against. ALL of the supplied headers must be matched. items: properties: exactMatch: description: The value of the header should match exactly the content of exact_match. type: string header: description: The name of the HTTP header to match against. type: string invertMatch: description: If specified, the match result will be inverted before checking. Default value is set to false. type: boolean prefixMatch: description: The value of the header must start with the contents of prefix_match. type: string presentMatch: description: A header with header_name must exist. The match takes place whether or not the header has a value. type: boolean rangeMatch: description: If specified, the rule will match if the request header value is within the range. properties: end: description: End of the range (exclusive) format: int64 type: integer start: description: Start of the range (inclusive) format: int64 type: integer type: object regexMatch: description: 'The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' type: string suffixMatch: description: The value of the header must end with the contents of suffix_match. type: string type: object type: array ignoreCase: description: Specifies if prefix_match and full_path_match matches are case sensitive. The default value is false. type: boolean prefixMatch: description: The HTTP request path value must begin with specified prefix_match. prefix_match must begin with a /. Only one of full_path_match, prefix_match, or regex_match should be used. type: string queryParameters: description: Specifies a list of query parameters to match against. ALL of the query parameters must be matched. items: properties: exactMatch: description: The value of the query parameter must exactly match the contents of exact_match. Only one of exact_match, regex_match, or present_match must be set. type: string presentMatch: description: Specifies that the QueryParameterMatcher matches if request contains query parameter, irrespective of whether the parameter has a value or not. Only one of exact_match, regex_match, or present_match must be set. type: boolean queryParameter: description: The name of the query parameter to match. type: string regexMatch: description: The value of the query parameter must match the regular expression specified by regex_match. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of exact_match, regex_match, or present_match must be set. type: string type: object type: array regexMatch: description: The HTTP request path value must satisfy the regular expression specified by regex_match after removing any query parameters and anchor supplied with the original URL. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of full_path_match, prefix_match, or regex_match should be used. type: string type: object type: array type: object type: array required: - hostnames - location - projectRef - rules type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicesmeshes.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesMesh plural: networkservicesmeshes shortNames: - gcpnetworkservicesmesh - gcpnetworkservicesmeshes singular: networkservicesmesh preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string interceptionPort: description: Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to be redirected to this port regardless of its actual ip:port destination. If unset, a port '15001' is used as the interception port. This field is only valid if the type of Mesh is SIDECAR. format: int64 type: integer location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicestcproutes.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesTCPRoute plural: networkservicestcproutes shortNames: - gcpnetworkservicestcproute - gcpnetworkservicestcproutes singular: networkservicestcproute preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string gateways: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array location: description: Immutable. The location for the resource type: string meshes: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match. items: properties: action: description: Required. The detailed rule defining how to route matched traffic. properties: destinations: description: Optional. The destination services to which traffic should be forwarded. At least one destination service is required. items: properties: serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object weight: description: 'Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.' format: int64 type: integer required: - serviceRef type: object type: array originalDestination: description: Optional. If true, Router will use the destination IP and port of the original connection as the destination of the request. Default is false. type: boolean type: object matches: description: Optional. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are “OR”ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic. items: properties: address: description: 'Required. Must be specified in the CIDR range format. A CIDR range consists of an IP Address and a prefix length to construct the subnet mask. By default, the prefix length is 32 (i.e. matches a single IP address). Only IPV4 addresses are supported. Examples: “10.0.0.1” - matches against this exact IP address. “10.0.0.0/8" - matches against any IP address within the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" - matches against any IP address''.' type: string port: description: Required. Specifies the destination port to match against. type: string required: - address - port type: object type: array required: - action type: object type: array required: - location - projectRef - rules type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com spec: group: networkservices.cnrm.cloud.google.com names: categories: - gcp kind: NetworkServicesTLSRoute plural: networkservicestlsroutes shortNames: - gcpnetworkservicestlsroute - gcpnetworkservicestlsroutes singular: networkservicestlsroute preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A free-text description of the resource. Max length 1024 characters. type: string gateways: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array location: description: Immutable. The location for the resource type: string meshes: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rules: description: Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match. items: properties: action: description: Required. The detailed rule defining how to route matched traffic. properties: destinations: description: Required. The destination services to which traffic should be forwarded. At least one destination service is required. items: properties: serviceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object weight: description: 'Optional. Specifies the proportion of requests forwareded to the backend referenced by the service_name field. This is computed as: weight/Sum(weights in destinations) Weights in all destinations does not need to sum up to 100.' format: int64 type: integer required: - serviceRef type: object type: array required: - destinations type: object matches: description: Required. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation. items: properties: alpn: description: 'Optional. ALPN (Application-Layer Protocol Negotiation) to match against. Examples: "http/1.1", "h2". At least one of sni_host and alpn is required. Up to 5 alpns across all matches can be set.' items: type: string type: array sniHost: description: Optional. SNI (server name indicator) to match against. SNI will be matched against all wildcard domains, i.e. www.example.com will be first matched against www.example.com, then *.example.com, then *.com. Partial wildcards are not supported, and values like *w.example.com are invalid. At least one of sni_host and alpn is required. Up to 5 sni hosts across all matches can be set. items: type: string type: array type: object type: array required: - action - matches type: object type: array required: - location - projectRef - rules type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: Output only. Server-defined URL of this resource type: string updateTime: description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: notebooksenvironments.notebooks.cnrm.cloud.google.com spec: group: notebooks.cnrm.cloud.google.com names: categories: - gcp kind: NotebooksEnvironment plural: notebooksenvironments shortNames: - gcpnotebooksenvironment - gcpnotebooksenvironments singular: notebooksenvironment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: containerImage: description: Use a container image to start the notebook instance. properties: repository: description: |- The path to the container image repository. For example: gcr.io/{project_id}/{imageName}. type: string tag: description: The tag of the container image. If not specified, this defaults to the latest tag. type: string required: - repository type: object description: description: A brief description of this environment. type: string displayName: description: Display name of this environment for the UI. type: string locationRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `NotebooksLocation` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object postStartupScript: description: |- Path to a Bash script that automatically runs after a notebook instance fully boots up. The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string vmImage: description: Use a Compute Engine VM image to start the notebook instance. properties: imageFamily: description: Use this VM image family to find the image; the newest image in this family will be used. type: string imageName: description: Use VM image name to find the image. type: string project: description: |- The name of the Google Cloud project that this VM image belongs to. Format: projects/{project_id}. type: string required: - project type: object required: - locationRef - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com spec: group: orgpolicy.cnrm.cloud.google.com names: categories: - gcp kind: OrgPolicyCustomConstraint plural: orgpolicycustomconstraints shortNames: - gcporgpolicycustomconstraint - gcporgpolicycustomconstraints singular: orgpolicycustomconstraint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: actionType: description: 'The action to take if the condition is met. Possible values: ["ALLOW", "DENY"].' type: string condition: description: A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). type: string description: description: A human-friendly description of the constraint to display as an error message when the policy is violated. type: string displayName: description: A human-friendly name for the constraint. type: string methodTypes: description: A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). items: type: string type: array parent: description: Immutable. The parent of the resource, an organization. Format should be 'organizations/{organization_id}'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string resourceTypes: description: Immutable. Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'. items: type: string type: array required: - actionType - condition - methodTypes - parent - resourceTypes type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The timestamp representing when the constraint was last updated. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com spec: group: osconfig.cnrm.cloud.google.com names: categories: - gcp kind: OSConfigGuestPolicy plural: osconfigguestpolicies shortNames: - gcposconfigguestpolicy - gcposconfigguestpolicies singular: osconfigguestpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: assignment: description: Specifies the VMs that are assigned this policy. This allows you to target sets or groups of VMs by different parameters such as labels, names, OS, or zones. Empty assignments will target ALL VMs underneath this policy. Conflict Management Policies that exist higher up in the resource hierarchy (closer to the Org) will override those lower down if there is a conflict. At the same level in the resource hierarchy (ie. within a project), the service will prevent the creation of multiple policies that conflict with each other. If there are multiple policies that specify the same config (eg. package, software recipe, repository, etc.), the service will ensure that no VM could potentially receive instructions from both policies. To create multiple policies that specify different versions of a package or different configs for different Operating Systems, each policy must be mutually exclusive in their targeting according to labels, OS, or other criteria. Different configs are identified for conflicts in different ways. Packages are identified by their name and the package manager(s) they target. Package repositories are identified by their unique id where applicable. Some package managers don't have a unique identifier for repositories and where that's the case, no uniqueness is validated by the service. Note that if OS Inventory is disabled, a VM will not be assigned a policy that targets by OS because the service will see this VM's OS as unknown. properties: groupLabels: description: Targets instances matching at least one of these label sets. This allows an assignment to target disparate groups, for example "env=prod or env=staging". items: properties: labels: additionalProperties: type: string description: Google Compute Engine instance labels that must be present for an instance to be included in this assignment group. type: object type: object type: array instanceNamePrefixes: description: Targets VM instances whose name starts with one of these prefixes. Like labels, this is another way to group VM instances when targeting configs, for example prefix="prod-". Only supported for project-level policies. items: type: string type: array instances: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array osTypes: description: Targets VM instances matching at least one of the following OS types. VM instances must match all supplied criteria for a given OsType to be included. items: properties: osArchitecture: description: Targets VM instances with OS Inventory enabled and having the following OS architecture. type: string osShortName: description: Targets VM instances with OS Inventory enabled and having the following OS short name, for example "debian" or "windows". type: string osVersion: description: Targets VM instances with OS Inventory enabled and having the following following OS version. type: string type: object type: array zones: description: Targets instances in any of these zones. Leave empty to target instances in any zone. Zonal targeting is uncommon and is supported to facilitate the management of changes by zone. items: type: string type: array type: object description: description: Description of the GuestPolicy. Length of the description is limited to 1024 characters. type: string packageRepositories: description: List of package repository configurations assigned to the VM instance. items: properties: apt: description: An Apt Repository. properties: archiveType: description: 'Type of archive files in this repository. The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' type: string components: description: Required. List of components for this repository. Must contain at least one item. items: type: string type: array distribution: description: Required. Distribution of this repository. type: string gpgKey: description: URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing all the keys in any applied guest policy. type: string uri: description: Required. URI for this repository. type: string required: - distribution - uri type: object goo: description: A Goo Repository. properties: name: description: Required. The name of the repository. type: string url: description: Required. The url of the repository. type: string required: - name - url type: object yum: description: A Yum Repository. properties: baseUrl: description: Required. The location of the repository directory. type: string displayName: description: The display name of the repository. type: string gpgKeys: description: URIs of GPG keys. items: type: string type: array id: description: Required. A one word, unique name for this repository. This is the `repo id` in the Yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. type: string required: - baseUrl - id type: object zypper: description: A Zypper Repository. properties: baseUrl: description: Required. The location of the repository directory. type: string displayName: description: The display name of the repository. type: string gpgKeys: description: URIs of GPG keys. items: type: string type: array id: description: Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. type: string required: - baseUrl - id type: object type: object type: array packages: description: List of package configurations assigned to the VM instance. items: properties: desiredState: description: 'The desired_state the agent should maintain for this package. The default is to ensure the package is installed. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' type: string manager: description: 'Type of package manager that can be used to install this package. If a system does not have the package manager, the package is not installed or removed no error message is returned. By default, or if you specify `ANY`, the agent attempts to install and remove this package using the default package manager. This is useful when creating a policy that applies to different types of systems. The default behavior is ANY. Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, GOO' type: string name: description: Required. The name of the package. A package is uniquely identified for conflict validation by checking the package name and the manager(s) that the package targets. type: string type: object type: array recipes: description: Optional. A list of Recipes to install on the VM. items: properties: artifacts: description: Resources available to be used in the steps in the recipe. items: properties: allowInsecure: description: 'Defaults to false. When false, recipes are subject to validations based on the artifact type: Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. GCS: An object generation number must be specified.' type: boolean gcs: description: A Google Cloud Storage artifact. properties: bucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object generation: description: Must be provided if allow_insecure is false. Generation number of the Google Cloud Storage object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `1234567`. format: int64 type: integer object: description: 'Name of the Google Cloud Storage object. As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `foo/bar`.' type: string type: object id: description: Required. Id of the artifact, which the installation and update steps of this recipe can reference. Artifacts in a recipe cannot have the same id. type: string remote: description: A generic remote artifact. properties: checksum: description: Must be provided if `allow_insecure` is `false`. SHA256 checksum in hex format, to compare to the checksum of the artifact. If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any of the steps. type: string uri: description: 'URI from which to fetch the object. It should contain both the protocol and path following the format: {protocol}://{location}.' type: string type: object type: object type: array desiredState: description: 'Default is INSTALLED. The desired state the agent should maintain for this recipe. INSTALLED: The software recipe is installed on the instance but won''t be updated to new versions. UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, if a higher version of the recipe is assigned to this instance. REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' type: string installSteps: description: Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. Any steps taken (including partially completed steps) are not rolled back. items: properties: archiveExtraction: description: Extracts an archive into the specified directory. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string destination: description: Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows. type: string type: description: 'Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT' type: string type: object dpkgInstallation: description: Installs a deb file via dpkg. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string type: object fileCopy: description: Copies a file onto the instance. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string destination: description: Required. The absolute path on the instance to put the file. type: string overwrite: description: Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false. type: boolean permissions: description: 'Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4' type: string type: object fileExec: description: Executes an artifact or local file. properties: allowedExitCodes: description: Defaults to [0]. A list of possible return values that the program can return to indicate a success. items: format: int64 type: integer type: array args: description: Arguments to be passed to the provided executable. items: type: string type: array artifactId: description: The id of the relevant artifact in the recipe. type: string localPath: description: The absolute path of the file on the local filesystem. type: string type: object msiInstallation: description: Installs an MSI file. properties: allowedExitCodes: description: Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] items: format: int64 type: integer type: array artifactId: description: Required. The id of the relevant artifact in the recipe. type: string flags: description: The flags to use when installing the MSI defaults to ["/i"] (i.e. the install flag). items: type: string type: array type: object rpmInstallation: description: Installs an rpm file via the rpm utility. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string type: object scriptRun: description: Runs commands in a shell. properties: allowedExitCodes: description: Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] items: format: int64 type: integer type: array interpreter: description: 'The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL' type: string script: description: Required. The shell script to be executed. type: string type: object type: object type: array name: description: Required. Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. Names are also used to identify resources which helps to determine whether guest policies have conflicts. This means that requests to create multiple recipes with the same name and version are rejected since they could potentially have conflicting assignments. type: string updateSteps: description: Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. Any steps taken (including partially completed steps) are not rolled back. items: properties: archiveExtraction: description: Extracts an archive into the specified directory. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string destination: description: Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows. type: string type: description: 'Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT' type: string type: object dpkgInstallation: description: Installs a deb file via dpkg. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string type: object fileCopy: description: Copies a file onto the instance. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string destination: description: Required. The absolute path on the instance to put the file. type: string overwrite: description: Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false. type: boolean permissions: description: 'Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4' type: string type: object fileExec: description: Executes an artifact or local file. properties: allowedExitCodes: description: Defaults to [0]. A list of possible return values that the program can return to indicate a success. items: format: int64 type: integer type: array args: description: Arguments to be passed to the provided executable. items: type: string type: array artifactId: description: The id of the relevant artifact in the recipe. type: string localPath: description: The absolute path of the file on the local filesystem. type: string type: object msiInstallation: description: Installs an MSI file. properties: allowedExitCodes: description: Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] items: format: int64 type: integer type: array artifactId: description: Required. The id of the relevant artifact in the recipe. type: string flags: description: The flags to use when installing the MSI defaults to ["/i"] (i.e. the install flag). items: type: string type: array type: object rpmInstallation: description: Installs an rpm file via the rpm utility. properties: artifactId: description: Required. The id of the relevant artifact in the recipe. type: string type: object scriptRun: description: Runs commands in a shell. properties: allowedExitCodes: description: Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] items: format: int64 type: integer type: array interpreter: description: 'The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL' type: string script: description: Required. The shell script to be executed. type: string type: object type: object type: array version: description: The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78). type: string type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. Time this GuestPolicy was created. format: date-time type: string etag: description: The etag for this GuestPolicy. If this is provided on update, it must match the server's etag. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. Last time this GuestPolicy was updated. format: date-time type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com spec: group: osconfig.cnrm.cloud.google.com names: categories: - gcp kind: OSConfigOSPolicyAssignment plural: osconfigospolicyassignments shortNames: - gcposconfigospolicyassignment - gcposconfigospolicyassignments singular: osconfigospolicyassignment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: OS policy assignment description. Length of the description is limited to 1024 characters. type: string instanceFilter: description: Required. Filter to select VMs. properties: all: description: Target all VMs in the project. If true, no other criteria is permitted. type: boolean exclusionLabels: description: List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. items: properties: labels: additionalProperties: type: string description: Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. type: object type: object type: array inclusionLabels: description: List of label sets used for VM inclusion. If the list has more than one `LabelSet`, the VM is included if any of the label sets are applicable for the VM. items: properties: labels: additionalProperties: type: string description: Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. type: object type: object type: array inventories: description: List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. items: properties: osShortName: description: Required. The OS short name type: string osVersion: description: The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions. type: string required: - osShortName type: object type: array type: object location: description: Immutable. The location for the resource type: string osPolicies: description: Required. List of OS policies to be applied to the VMs. items: properties: allowNoResourceGroupMatch: description: This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to `true` if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce. type: boolean description: description: Policy description. Length of the description is limited to 1024 characters. type: string id: description: 'Required. The id of the OS policy with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the assignment.' type: string mode: description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, VALIDATION, ENFORCEMENT' type: string resourceGroups: description: Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag `allow_no_resource_group_match` items: properties: inventoryFilters: description: 'List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either `RHEL` or `CentOS` operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name=''rhel'' and inventory_filters[1].os_short_name=''centos'' If the list is empty, this resource group will be applied to the target VM unconditionally.' items: properties: osShortName: description: Required. The OS short name type: string osVersion: description: The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions. type: string required: - osShortName type: object type: array resources: description: Required. List of resources configured for this resource group. The resources are executed in the exact order specified here. items: properties: exec: description: Exec resource properties: enforce: description: What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce. properties: args: description: Optional arguments to pass to the source during execution. items: type: string type: array file: description: A remote or local file. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object interpreter: description: 'Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL' type: string outputFilePath: description: Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes. type: string script: description: An inline script. The size of the script is limited to 1024 characters. type: string required: - interpreter type: object validate: description: Required. What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate. properties: args: description: Optional arguments to pass to the source during execution. items: type: string type: array file: description: A remote or local file. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object interpreter: description: 'Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL' type: string outputFilePath: description: Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes. type: string script: description: An inline script. The size of the script is limited to 1024 characters. type: string required: - interpreter type: object required: - validate type: object file: description: File resource properties: content: description: A a file with this content. The size of the content is limited to 1024 characters. type: string file: description: A remote or local source. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object path: description: Required. The absolute path of the file within the VM. type: string permissions: description: 'Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4' type: string state: description: 'Required. Desired state of the file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' type: string required: - path - state type: object id: description: 'Required. The id of the resource with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the OS policy.' type: string pkg: description: Package resource properties: apt: description: A package managed by Apt. properties: name: description: Required. Package name. type: string required: - name type: object deb: description: A deb package file. properties: pullDeps: description: 'Whether dependencies should also be installed. - install when false: `dpkg -i package` - install when true: `apt-get update && apt-get -y install package.deb`' type: boolean source: description: Required. A deb package. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object required: - source type: object desiredState: description: 'Required. The desired state the agent should maintain for this package. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' type: string googet: description: A package managed by GooGet. properties: name: description: Required. Package name. type: string required: - name type: object msi: description: An MSI package. properties: properties: description: Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. items: type: string type: array source: description: Required. The MSI package. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object required: - source type: object rpm: description: An rpm package file. properties: pullDeps: description: 'Whether dependencies should also be installed. - install when false: `rpm --upgrade --replacepkgs package.rpm` - install when true: `yum -y install package.rpm` or `zypper -y install package.rpm`' type: boolean source: description: Required. An rpm package. properties: allowInsecure: description: 'Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.' type: boolean gcs: description: A Cloud Storage object. properties: bucket: description: Required. Bucket of the Cloud Storage object. type: string generation: description: Generation number of the Cloud Storage object. format: int64 type: integer object: description: Required. Name of the Cloud Storage object. type: string required: - bucket - object type: object localPath: description: A local path within the VM to use. type: string remote: description: A generic remote file. properties: sha256Checksum: description: SHA256 checksum of the remote file. type: string uri: description: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. type: string required: - uri type: object type: object required: - source type: object yum: description: A package managed by YUM. properties: name: description: Required. Package name. type: string required: - name type: object zypper: description: A package managed by Zypper. properties: name: description: Required. Package name. type: string required: - name type: object required: - desiredState type: object repository: description: Package repository resource properties: apt: description: An Apt Repository. properties: archiveType: description: 'Required. Type of archive files in this repository. Possible values: ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' type: string components: description: Required. List of components for this repository. Must contain at least one item. items: type: string type: array distribution: description: Required. Distribution of this repository. type: string gpgKey: description: URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. type: string uri: description: Required. URI for this repository. type: string required: - archiveType - components - distribution - uri type: object goo: description: A Goo Repository. properties: name: description: Required. The name of the repository. type: string url: description: Required. The url of the repository. type: string required: - name - url type: object yum: description: A Yum Repository. properties: baseUrl: description: Required. The location of the repository directory. type: string displayName: description: The display name of the repository. type: string gpgKeys: description: URIs of GPG keys. items: type: string type: array id: description: Required. A one word, unique name for this repository. This is the `repo id` in the yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for resource conflicts. type: string required: - baseUrl - id type: object zypper: description: A Zypper Repository. properties: baseUrl: description: Required. The location of the repository directory. type: string displayName: description: The display name of the repository. type: string gpgKeys: description: URIs of GPG keys. items: type: string type: array id: description: Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts. type: string required: - baseUrl - id type: object type: object required: - id type: object type: array required: - resources type: object type: array required: - id - mode - resourceGroups type: object type: array projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rollout: description: 'Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.' properties: disruptionBudget: description: Required. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. properties: fixed: description: Specifies a fixed value. format: int64 type: integer percent: description: Specifies the relative value defined as a percentage, which will be multiplied by a reference value. format: int64 type: integer type: object minWaitDuration: description: Required. This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the `disruption_budget` at least until this duration of time has passed after configuration changes are applied. type: string required: - disruptionBudget - minWaitDuration type: object skipAwaitRollout: description: Set to true to skip awaiting rollout during resource creation and update. type: boolean required: - instanceFilter - location - osPolicies - projectRef - rollout type: object status: properties: baseline: description: Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision. For a given OS policy assignment, there is only one revision with a value of `true` for this field. type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array deleted: description: Output only. Indicates that this revision deletes the OS policy assignment. type: boolean etag: description: The etag for this OS policy assignment. If this is provided on update, it must match the server's etag. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer reconciling: description: 'Output only. Indicates that reconciliation is in progress for the revision. This value is `true` when the `rollout_state` is one of: * IN_PROGRESS * CANCELLING' type: boolean revisionCreateTime: description: Output only. The timestamp that the revision was created. format: date-time type: string revisionId: description: Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment type: string rolloutState: description: 'Output only. OS policy assignment rollout state Possible values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, SUCCEEDED' type: string uid: description: Output only. Server generated unique id for the OS policy assignment resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com spec: group: osconfig.cnrm.cloud.google.com names: categories: - gcp kind: OSConfigPatchDeployment plural: osconfigpatchdeployments shortNames: - gcposconfigpatchdeployment - gcposconfigpatchdeployments singular: osconfigpatchdeployment preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. Description of the patch deployment. Length of the description is limited to 1024 characters. type: string duration: description: |- Immutable. Duration of the patch. After the duration ends, the patch times out. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string instanceFilter: description: Immutable. VM instances to patch. properties: all: description: Immutable. Target all VM instances in the project. If true, no other criteria is permitted. type: boolean groupLabels: description: Immutable. Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances. items: properties: labels: additionalProperties: type: string description: Immutable. Compute Engine instance labels that must be present for a VM instance to be targeted by this filter. type: object required: - labels type: object type: array instanceNamePrefixes: description: |- Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group VMs when targeting configs, for example prefix="prod-". items: type: string type: array instances: description: |- Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. items: type: string type: array zones: description: Immutable. Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone. items: type: string type: array type: object oneTimeSchedule: description: Immutable. Schedule a one-time execution. properties: executeTime: description: |- Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string required: - executeTime type: object patchConfig: description: Immutable. Patch configuration that is applied. properties: apt: description: Immutable. Apt update settings. Use this setting to override the default apt patch rules. properties: excludes: description: Immutable. List of packages to exclude from update. These packages will be excluded. items: type: string type: array exclusivePackages: description: |- Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields. items: type: string type: array type: description: 'Immutable. By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: ["DIST", "UPGRADE"].' type: string type: object goo: description: Immutable. goo update settings. Use this setting to override the default goo patch rules. properties: enabled: description: Immutable. goo update settings. Use this setting to override the default goo patch rules. type: boolean required: - enabled type: object migInstancesAllowed: description: Immutable. Allows the patch job to run on Managed instance groups (MIGs). type: boolean postStep: description: Immutable. The ExecStep to run after the patch update. properties: linuxExecStepConfig: description: Immutable. The ExecStepConfig for all Linux VMs targeted by the PatchJob. properties: allowedSuccessCodes: description: Immutable. Defaults to [0]. A list of possible return values that the execution can return to indicate a success. items: type: integer type: array gcsObject: description: Immutable. A Cloud Storage object containing the executable. properties: bucket: description: Immutable. Bucket of the Cloud Storage object. type: string generationNumber: description: Immutable. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. type: string object: description: Immutable. Name of the Cloud Storage object. type: string required: - bucket - generationNumber - object type: object interpreter: description: |- Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. type: string localPath: description: Immutable. An absolute path to the executable on the VM. type: string type: object windowsExecStepConfig: description: Immutable. The ExecStepConfig for all Windows VMs targeted by the PatchJob. properties: allowedSuccessCodes: description: Immutable. Defaults to [0]. A list of possible return values that the execution can return to indicate a success. items: type: integer type: array gcsObject: description: Immutable. A Cloud Storage object containing the executable. properties: bucket: description: Immutable. Bucket of the Cloud Storage object. type: string generationNumber: description: Immutable. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. type: string object: description: Immutable. Name of the Cloud Storage object. type: string required: - bucket - generationNumber - object type: object interpreter: description: |- Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. type: string localPath: description: Immutable. An absolute path to the executable on the VM. type: string type: object type: object preStep: description: Immutable. The ExecStep to run before the patch update. properties: linuxExecStepConfig: description: Immutable. The ExecStepConfig for all Linux VMs targeted by the PatchJob. properties: allowedSuccessCodes: description: Immutable. Defaults to [0]. A list of possible return values that the execution can return to indicate a success. items: type: integer type: array gcsObject: description: Immutable. A Cloud Storage object containing the executable. properties: bucket: description: Immutable. Bucket of the Cloud Storage object. type: string generationNumber: description: Immutable. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. type: string object: description: Immutable. Name of the Cloud Storage object. type: string required: - bucket - generationNumber - object type: object interpreter: description: |- Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. type: string localPath: description: Immutable. An absolute path to the executable on the VM. type: string type: object windowsExecStepConfig: description: Immutable. The ExecStepConfig for all Windows VMs targeted by the PatchJob. properties: allowedSuccessCodes: description: Immutable. Defaults to [0]. A list of possible return values that the execution can return to indicate a success. items: type: integer type: array gcsObject: description: Immutable. A Cloud Storage object containing the executable. properties: bucket: description: Immutable. Bucket of the Cloud Storage object. type: string generationNumber: description: Immutable. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. type: string object: description: Immutable. Name of the Cloud Storage object. type: string required: - bucket - generationNumber - object type: object interpreter: description: |- Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. type: string localPath: description: Immutable. An absolute path to the executable on the VM. type: string type: object type: object rebootConfig: description: 'Immutable. Post-patch reboot settings. Possible values: ["DEFAULT", "ALWAYS", "NEVER"].' type: string windowsUpdate: description: Immutable. Windows update settings. Use this setting to override the default Windows patch rules. properties: classifications: description: 'Immutable. Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: ["CRITICAL", "SECURITY", "DEFINITION", "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", "UPDATE"].' items: type: string type: array excludes: description: Immutable. List of KBs to exclude from update. items: type: string type: array exclusivePatches: description: |- Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. This field must not be used with other patch configurations. items: type: string type: array type: object yum: description: Immutable. Yum update settings. Use this setting to override the default yum patch rules. properties: excludes: description: Immutable. List of packages to exclude from update. These packages will be excluded. items: type: string type: array exclusivePackages: description: |- Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields. items: type: string type: array minimal: description: Immutable. Will cause patch to run yum update-minimal instead. type: boolean security: description: Immutable. Adds the --security flag to yum update. Not supported on all platforms. type: boolean type: object zypper: description: Immutable. zypper update settings. Use this setting to override the default zypper patch rules. properties: categories: description: Immutable. Install only patches with these categories. Common categories include security, recommended, and feature. items: type: string type: array excludes: description: Immutable. List of packages to exclude from update. items: type: string type: array exclusivePatches: description: |- Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. This field must not be used with any other patch configuration fields. items: type: string type: array severities: description: Immutable. Install only patches with these severities. Common severities include critical, important, moderate, and low. items: type: string type: array withOptional: description: Immutable. Adds the --with-optional flag to zypper patch. type: boolean withUpdate: description: Immutable. Adds the --with-update flag, to zypper patch. type: boolean type: object type: object patchDeploymentId: description: |- Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the project. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object recurringSchedule: description: Immutable. Schedule recurring executions. properties: endTime: description: |- Immutable. The end time at which a recurring patch deployment schedule is no longer active. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string lastExecuteTime: description: |- The time the last patch job ran successfully. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string monthly: description: Immutable. Schedule with monthly executions. properties: monthDay: description: |- Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" will not run in February, April, June, etc. type: integer weekDayOfMonth: description: Immutable. Week day in a month. properties: dayOfWeek: description: 'Immutable. A day of the week. Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' type: string weekOrdinal: description: Immutable. Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. type: integer required: - dayOfWeek - weekOrdinal type: object type: object nextExecuteTime: description: |- The time the next patch job is scheduled to run. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string startTime: description: |- Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string timeOfDay: description: Immutable. Time of the day to run a recurring deployment. properties: hours: description: |- Immutable. Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. type: integer minutes: description: Immutable. Minutes of hour of day. Must be from 0 to 59. type: integer nanos: description: Immutable. Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. type: integer seconds: description: Immutable. Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. type: integer type: object timeZone: description: |- Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are determined by the chosen time zone. properties: id: description: Immutable. IANA Time Zone Database time zone, e.g. "America/New_York". type: string version: description: Immutable. IANA Time Zone Database version number, e.g. "2019a". type: string required: - id type: object weekly: description: Immutable. Schedule with weekly executions. properties: dayOfWeek: description: 'Immutable. IANA Time Zone Database time zone, e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' type: string required: - dayOfWeek type: object required: - timeOfDay - timeZone type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string rollout: description: Immutable. Rollout strategy of the patch job. properties: disruptionBudget: description: |- Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. properties: fixed: description: Immutable. Specifies a fixed value. type: integer percentage: description: Immutable. Specifies the relative value defined as a percentage, which will be multiplied by a reference value. type: integer type: object mode: description: 'Immutable. Mode of the patch rollout. Possible values: ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' type: string required: - disruptionBudget - mode type: object required: - instanceFilter - patchDeploymentId - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- Time the patch deployment was created. Timestamp is in RFC3339 text format. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string lastExecuteTime: description: |- The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string name: description: |- Unique name for the patch deployment resource in a project. The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: |- Time the patch deployment was last updated. Timestamp is in RFC3339 text format. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com spec: group: oslogin.cnrm.cloud.google.com names: categories: - gcp kind: OSLoginSSHPublicKey plural: osloginsshpublickeys shortNames: - gcposloginsshpublickey - gcposloginsshpublickeys singular: osloginsshpublickey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: expirationTimeUsec: description: An expiration time in microseconds since epoch. type: string key: description: Immutable. Public key text in SSH format, defined by RFC4253 section 6.6. type: string project: description: Immutable. The project ID of the Google Cloud Platform project. type: string resourceID: description: Immutable. Optional. The service-generated fingerprint of the resource. Used for acquisition only. Leave unset to create a new resource. type: string user: description: Immutable. The user email. type: string required: - key - user type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array fingerprint: description: The SHA-256 fingerprint of the SSH public key. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: privatecacapools.privateca.cnrm.cloud.google.com spec: group: privateca.cnrm.cloud.google.com names: categories: - gcp kind: PrivateCACAPool plural: privatecacapools shortNames: - gcpprivatecacapool - gcpprivatecacapools singular: privatecacapool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: issuancePolicy: description: Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool. properties: allowedIssuanceModes: description: Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates. properties: allowConfigBasedIssuance: description: Optional. When true, allows callers to create Certificates by specifying a CertificateConfig. type: boolean allowCsrBasedIssuance: description: Optional. When true, allows callers to create Certificates by specifying a CSR. type: boolean type: object allowedKeyTypes: description: Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. items: properties: ellipticCurve: description: Represents an allowed Elliptic Curve key type. properties: signatureAlgorithm: description: 'Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, ECDSA_P256, ECDSA_P384, EDDSA_25519' type: string type: object rsa: description: Represents an allowed RSA key type. properties: maxModulusSize: description: Optional. The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes. format: int64 type: integer minModulusSize: description: Optional. The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply. format: int64 type: integer type: object type: object type: array baselineValues: description: Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail. properties: additionalExtensions: description: Optional. Describes custom X.509 extensions. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object value: description: Required. The value of this X.509 extension. type: string required: - objectId - value type: object type: array aiaOcspServers: description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array caOptions: description: Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. type: boolean maxIssuerPathLength: description: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate. format: int64 type: integer zeroMaxIssuerPathLength: description: Optional. When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate. type: boolean type: object keyUsage: description: Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Describes high-level ways in which a key may be used. properties: certSign: description: The key may be used to sign certificates. type: boolean contentCommitment: description: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: The key may be used to encipher data. type: boolean decipherOnly: description: The key may be used to decipher only. type: boolean digitalSignature: description: The key may be used for digital signatures. type: boolean encipherOnly: description: The key may be used to encipher only. type: boolean keyAgreement: description: The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Detailed scenarios in which a key may be used. properties: clientAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object policyIds: description: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object identityConstraints: description: Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. properties: allowSubjectAltNamesPassthrough: description: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded. type: boolean allowSubjectPassthrough: description: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded. type: boolean celExpression: description: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel properties: description: description: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string type: object required: - allowSubjectAltNamesPassthrough - allowSubjectPassthrough type: object maximumLifetime: description: Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it. type: string passthroughExtensions: description: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values. properties: additionalExtensions: description: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array knownExtensions: description: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions. items: type: string type: array type: object type: object location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object publishingOptions: description: Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. properties: publishCaCert: description: Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates. type: boolean publishCrl: description: Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked. type: boolean type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string tier: description: 'Immutable. Required. Immutable. The Tier of this CaPool. Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' type: string required: - location - projectRef - tier type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com spec: group: privateca.cnrm.cloud.google.com names: categories: - gcp kind: PrivateCACertificateAuthority plural: privatecacertificateauthorities shortNames: - gcpprivatecacertificateauthority - gcpprivatecacertificateauthorities singular: privatecacertificateauthority preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: caPoolRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The caPool for the resource Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object config: description: Immutable. Required. Immutable. The config used to create a self-signed X.509 certificate or CSR. properties: subjectConfig: description: Immutable. Required. Specifies some of the values in a certificate that are related to the subject. properties: subject: description: Immutable. Required. Contains distinguished name fields such as the common name, location and organization. properties: commonName: description: Immutable. The "common name" of the subject. type: string countryCode: description: Immutable. The country code of the subject. type: string locality: description: Immutable. The locality or city of the subject. type: string organization: description: Immutable. The organization of the subject. type: string organizationalUnit: description: Immutable. The organizational_unit of the subject. type: string postalCode: description: Immutable. The postal code of the subject. type: string province: description: Immutable. The province, territory, or regional state of the subject. type: string streetAddress: description: Immutable. The street address of the subject. type: string type: object subjectAltName: description: Immutable. Optional. The subject alternative name fields. properties: customSans: description: Immutable. Contains additional subject alternative name values. items: properties: critical: description: Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Immutable. Required. The OID for this X.509 extension. properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object value: description: Immutable. Required. The value of this X.509 extension. type: string required: - objectId - value type: object type: array dnsNames: description: Immutable. Contains only valid, fully-qualified host names. items: type: string type: array emailAddresses: description: Immutable. Contains only valid RFC 2822 E-mail addresses. items: type: string type: array ipAddresses: description: Immutable. Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. items: type: string type: array uris: description: Immutable. Contains only valid RFC 3986 URIs. items: type: string type: array type: object required: - subject type: object x509Config: description: Immutable. Required. Describes how some of the technical X.509 fields in a certificate should be populated. properties: additionalExtensions: description: Immutable. Optional. Describes custom X.509 extensions. items: properties: critical: description: Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Immutable. Required. The OID for this X.509 extension. properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object value: description: Immutable. Required. The value of this X.509 extension. type: string required: - objectId - value type: object type: array caOptions: description: Immutable. Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Immutable. Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. type: boolean maxIssuerPathLength: description: Immutable. Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate. format: int64 type: integer zeroMaxIssuerPathLength: description: Immutable. Optional. When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate. type: boolean type: object keyUsage: description: Immutable. Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Immutable. Describes high-level ways in which a key may be used. properties: certSign: description: Immutable. The key may be used to sign certificates. type: boolean contentCommitment: description: Immutable. The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: Immutable. The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: Immutable. The key may be used to encipher data. type: boolean decipherOnly: description: Immutable. The key may be used to decipher only. type: boolean digitalSignature: description: Immutable. The key may be used for digital signatures. type: boolean encipherOnly: description: Immutable. The key may be used to encipher only. type: boolean keyAgreement: description: Immutable. The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: Immutable. The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Immutable. Detailed scenarios in which a key may be used. properties: clientAuth: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Immutable. Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object policyIds: description: Immutable. Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object required: - subjectConfig - x509Config type: object gcsBucketRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object keySpec: description: Immutable. Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR. properties: algorithm: description: 'Immutable. The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as `HSM`. Possible values: RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, EC_P256_SHA256, EC_P384_SHA384' type: string cloudKmsKeyVersionRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: The resource name for an existing Cloud KMS CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. This option enables full flexibility in the key's capabilities and properties. type: string name: description: |- [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object lifetime: description: Immutable. Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. Possible values: SELF_SIGNED, SUBORDINATE' type: string required: - caPoolRef - config - keySpec - lifetime - location - projectRef - type type: object status: properties: accessUrls: description: Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs. properties: caCertificateAccessUrl: description: The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated. type: string crlAccessUrls: description: The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated. items: type: string type: array type: object caCertificateDescriptions: description: Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root. items: properties: aiaIssuingCertificateUrls: description: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array authorityKeyId: description: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 properties: keyId: description: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. type: string type: object certFingerprint: description: The hash of the x.509 certificate. properties: sha256Hash: description: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate. type: string type: object crlDistributionPoints: description: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 items: type: string type: array publicKey: description: The public key that corresponds to an issued certificate. properties: format: description: 'Required. The format of the public key. Possible values: PEM' type: string key: description: Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field. type: string type: object subjectDescription: description: Describes some of the values in a certificate that are related to the subject and lifetime. properties: hexSerialNumber: description: The serial number encoded in lowercase hexadecimal. type: string lifetime: description: For convenience, the actual lifetime of an issued certificate. type: string notAfterTime: description: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second. format: date-time type: string notBeforeTime: description: The time at which the certificate becomes valid. format: date-time type: string subject: description: Contains distinguished name fields such as the common name, location and organization. properties: commonName: description: The "common name" of the subject. type: string countryCode: description: The country code of the subject. type: string locality: description: The locality or city of the subject. type: string organization: description: The organization of the subject. type: string organizationalUnit: description: The organizational_unit of the subject. type: string postalCode: description: The postal code of the subject. type: string province: description: The province, territory, or regional state of the subject. type: string streetAddress: description: The street address of the subject. type: string type: object subjectAltName: description: The subject alternative name fields. properties: customSans: description: Contains additional subject alternative name values. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object value: description: Required. The value of this X.509 extension. type: string type: object type: array dnsNames: description: Contains only valid, fully-qualified host names. items: type: string type: array emailAddresses: description: Contains only valid RFC 2822 E-mail addresses. items: type: string type: array ipAddresses: description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. items: type: string type: array uris: description: Contains only valid RFC 3986 URIs. items: type: string type: array type: object type: object subjectKeyId: description: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. properties: keyId: description: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. type: string type: object x509Description: description: Describes some of the technical X.509 fields in a certificate. properties: additionalExtensions: description: Optional. Describes custom X.509 extensions. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object value: description: Required. The value of this X.509 extension. type: string type: object type: array aiaOcspServers: description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array caOptions: description: Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. type: boolean maxIssuerPathLength: description: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate. format: int64 type: integer type: object keyUsage: description: Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Describes high-level ways in which a key may be used. properties: certSign: description: The key may be used to sign certificates. type: boolean contentCommitment: description: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: The key may be used to encipher data. type: boolean decipherOnly: description: The key may be used to decipher only. type: boolean digitalSignature: description: The key may be used for digital signatures. type: boolean encipherOnly: description: The key may be used to encipher only. type: boolean keyAgreement: description: The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Detailed scenarios in which a key may be used. properties: clientAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object type: array type: object policyIds: description: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object type: array type: object type: object type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array config: properties: publicKey: description: Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR. properties: format: description: 'Required. The format of the public key. Possible values: PEM' type: string key: description: Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field. type: string type: object x509Config: properties: aiaOcspServers: description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array type: object type: object createTime: description: Output only. The time at which this CertificateAuthority was created. format: date-time type: string deleteTime: description: Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state. format: date-time type: string expireTime: description: Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer pemCaCertificates: description: Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate. items: type: string type: array state: description: 'Output only. The State for this CertificateAuthority. Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, DELETED' type: string subordinateConfig: description: Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate. properties: certificateAuthority: description: Required. This can refer to a CertificateAuthority in the same project that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. type: string pemIssuerChain: description: Required. Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself. properties: pemCertificates: description: Required. Expected to be in leaf-to-root order according to RFC 5246. items: type: string type: array type: object type: object tier: description: 'Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' type: string updateTime: description: Output only. The time at which this CertificateAuthority was last updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: privatecacertificates.privateca.cnrm.cloud.google.com spec: group: privateca.cnrm.cloud.google.com names: categories: - gcp kind: PrivateCACertificate plural: privatecacertificates shortNames: - gcpprivatecacertificate - gcpprivatecacertificates singular: privatecacertificate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: caPoolRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The ca_pool for the resource Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object certificateAuthorityRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The certificate authority for the resource Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object certificateTemplateRef: description: Immutable. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object config: description: Immutable. Immutable. A description of the certificate and key that does not require X.509 or ASN.1. properties: publicKey: description: Immutable. Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR. properties: format: description: 'Immutable. Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' type: string key: description: Immutable. Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field. type: string required: - format - key type: object subjectConfig: description: Immutable. Required. Specifies some of the values in a certificate that are related to the subject. properties: subject: description: Immutable. Required. Contains distinguished name fields such as the common name, location and organization. properties: commonName: description: Immutable. The "common name" of the subject. type: string countryCode: description: Immutable. The country code of the subject. type: string locality: description: Immutable. The locality or city of the subject. type: string organization: description: Immutable. The organization of the subject. type: string organizationalUnit: description: Immutable. The organizational_unit of the subject. type: string postalCode: description: Immutable. The postal code of the subject. type: string province: description: Immutable. The province, territory, or regional state of the subject. type: string streetAddress: description: Immutable. The street address of the subject. type: string type: object subjectAltName: description: Immutable. Optional. The subject alternative name fields. properties: dnsNames: description: Immutable. Contains only valid, fully-qualified host names. items: type: string type: array emailAddresses: description: Immutable. Contains only valid RFC 2822 E-mail addresses. items: type: string type: array ipAddresses: description: Immutable. Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. items: type: string type: array uris: description: Immutable. Contains only valid RFC 3986 URIs. items: type: string type: array type: object required: - subject type: object x509Config: description: Immutable. Required. Describes how some of the technical X.509 fields in a certificate should be populated. properties: additionalExtensions: description: Immutable. Optional. Describes custom X.509 extensions. items: properties: critical: description: Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Immutable. Required. The OID for this X.509 extension. properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object value: description: Immutable. Required. The value of this X.509 extension. type: string required: - objectId - value type: object type: array aiaOcspServers: description: Immutable. Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array caOptions: description: Immutable. Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Immutable. Optional. When true, the "CA" in Basic Constraints extension will be set to true. type: boolean maxIssuerPathLength: description: Immutable. Optional. Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. format: int64 type: integer nonCa: description: Immutable. Optional. When true, the "CA" in Basic Constraints extension will be set to false. If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. type: boolean zeroMaxIssuerPathLength: description: Immutable. Optional. When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate. type: boolean type: object keyUsage: description: Immutable. Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Immutable. Describes high-level ways in which a key may be used. properties: certSign: description: Immutable. The key may be used to sign certificates. type: boolean contentCommitment: description: Immutable. The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: Immutable. The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: Immutable. The key may be used to encipher data. type: boolean decipherOnly: description: Immutable. The key may be used to decipher only. type: boolean digitalSignature: description: Immutable. The key may be used for digital signatures. type: boolean encipherOnly: description: Immutable. The key may be used to encipher only. type: boolean keyAgreement: description: Immutable. The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: Immutable. The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Immutable. Detailed scenarios in which a key may be used. properties: clientAuth: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Immutable. Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object policyIds: description: Immutable. Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Immutable. Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object required: - subjectConfig - x509Config type: object lifetime: description: Immutable. Required. Immutable. The desired lifetime of a certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain. type: string location: description: Immutable. The location for the resource type: string pemCsr: description: Immutable. Immutable. A pem-encoded X.509 certificate signing request (CSR). type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subjectMode: description: 'Immutable. Immutable. Specifies how the Certificate''s identity fields are to be decided. If this is omitted, the `DEFAULT` subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, DEFAULT, REFLECTED_SPIFFE' type: string required: - caPoolRef - lifetime - location - projectRef type: object status: properties: certificateDescription: description: Output only. A structured description of the issued X.509 certificate. properties: aiaIssuingCertificateUrls: description: Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array authorityKeyId: description: Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 properties: keyId: description: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. type: string type: object certFingerprint: description: The hash of the x.509 certificate. properties: sha256Hash: description: The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate. type: string type: object crlDistributionPoints: description: Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 items: type: string type: array publicKey: description: The public key that corresponds to an issued certificate. properties: format: description: 'Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' type: string key: description: Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field. type: string type: object subjectDescription: description: Describes some of the values in a certificate that are related to the subject and lifetime. properties: hexSerialNumber: description: The serial number encoded in lowercase hexadecimal. type: string lifetime: description: For convenience, the actual lifetime of an issued certificate. type: string notAfterTime: description: The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second. format: date-time type: string notBeforeTime: description: The time at which the certificate becomes valid. format: date-time type: string subject: description: Contains distinguished name fields such as the common name, location and / organization. properties: commonName: description: The "common name" of the subject. type: string countryCode: description: The country code of the subject. type: string locality: description: The locality or city of the subject. type: string organization: description: The organization of the subject. type: string organizationalUnit: description: The organizational_unit of the subject. type: string postalCode: description: The postal code of the subject. type: string province: description: The province, territory, or regional state of the subject. type: string streetAddress: description: The street address of the subject. type: string type: object subjectAltName: description: The subject alternative name fields. properties: customSans: description: Contains additional subject alternative name values. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object value: description: Required. The value of this X.509 extension. type: string type: object type: array dnsNames: description: Contains only valid, fully-qualified host names. items: type: string type: array emailAddresses: description: Contains only valid RFC 2822 E-mail addresses. items: type: string type: array ipAddresses: description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. items: type: string type: array uris: description: Contains only valid RFC 3986 URIs. items: type: string type: array type: object type: object subjectKeyId: description: Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. properties: keyId: description: Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. type: string type: object x509Description: description: Describes some of the technical X.509 fields in a certificate. properties: additionalExtensions: description: Optional. Describes custom X.509 extensions. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object value: description: Required. The value of this X.509 extension. type: string type: object type: array aiaOcspServers: description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array caOptions: description: Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. type: boolean maxIssuerPathLength: description: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate. format: int64 type: integer type: object keyUsage: description: Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Describes high-level ways in which a key may be used. properties: certSign: description: The key may be used to sign certificates. type: boolean contentCommitment: description: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: The key may be used to encipher data. type: boolean decipherOnly: description: The key may be used to decipher only. type: boolean digitalSignature: description: The key may be used for digital signatures. type: boolean encipherOnly: description: The key may be used to encipher only. type: boolean keyAgreement: description: The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Detailed scenarios in which a key may be used. properties: clientAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object type: array type: object policyIds: description: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array type: object type: array type: object type: object conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time at which this Certificate was created. format: date-time type: string issuerCertificateAuthority: description: Output only. The resource name of the issuing CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer pemCertificate: description: Output only. The pem-encoded, signed X.509 certificate. type: string pemCertificateChain: description: Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. items: type: string type: array revocationDetails: description: Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present. properties: revocationState: description: 'Indicates why a Certificate was revoked. Possible values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' type: string revocationTime: description: The time at which this Certificate was revoked. format: date-time type: string type: object updateTime: description: Output only. The time at which this Certificate was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com spec: group: privateca.cnrm.cloud.google.com names: categories: - gcp kind: PrivateCACertificateTemplate plural: privatecacertificatetemplates shortNames: - gcpprivatecacertificatetemplate - gcpprivatecacertificatetemplates singular: privatecacertificatetemplate preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. A human-readable description of scenarios this template is intended for. type: string identityConstraints: description: Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. properties: allowSubjectAltNamesPassthrough: description: Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded. type: boolean allowSubjectPassthrough: description: Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded. type: boolean celExpression: description: Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel properties: description: description: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. type: string expression: description: Textual representation of an expression in Common Expression Language syntax. type: string location: description: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. type: string title: description: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. type: string type: object required: - allowSubjectAltNamesPassthrough - allowSubjectPassthrough type: object location: description: Immutable. The location for the resource type: string passthroughExtensions: description: Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. properties: additionalExtensions: description: Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array knownExtensions: description: Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions. items: type: string type: array type: object predefinedValues: description: Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. properties: additionalExtensions: description: Optional. Describes custom X.509 extensions. items: properties: critical: description: Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). type: boolean objectId: description: Required. The OID for this X.509 extension. properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object value: description: Required. The value of this X.509 extension. type: string required: - objectId - value type: object type: array aiaOcspServers: description: Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate. items: type: string type: array caOptions: description: Optional. Describes options in this X509Parameters that are relevant in a CA certificate. properties: isCa: description: Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate. type: boolean maxIssuerPathLength: description: Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate. format: int64 type: integer type: object keyUsage: description: Optional. Indicates the intended use for keys that correspond to a certificate. properties: baseKeyUsage: description: Describes high-level ways in which a key may be used. properties: certSign: description: The key may be used to sign certificates. type: boolean contentCommitment: description: The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". type: boolean crlSign: description: The key may be used sign certificate revocation lists. type: boolean dataEncipherment: description: The key may be used to encipher data. type: boolean decipherOnly: description: The key may be used to decipher only. type: boolean digitalSignature: description: The key may be used for digital signatures. type: boolean encipherOnly: description: The key may be used to encipher only. type: boolean keyAgreement: description: The key may be used in a key agreement protocol. type: boolean keyEncipherment: description: The key may be used to encipher other keys. type: boolean type: object extendedKeyUsage: description: Detailed scenarios in which a key may be used. properties: clientAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. type: boolean codeSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". type: boolean emailProtection: description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". type: boolean ocspSigning: description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". type: boolean serverAuth: description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. type: boolean timeStamping: description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". type: boolean type: object unknownExtendedKeyUsages: description: Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object policyIds: description: Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. items: properties: objectIdPath: description: Required. The parts of an OID path. The most significant parts of the path come first. items: format: int64 type: integer type: array required: - objectIdPath type: object type: array type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The time at which this CertificateTemplate was created. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. The time at which this CertificateTemplate was updated. format: date-time type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: projects.resourcemanager.cnrm.cloud.google.com spec: group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp kind: Project plural: projects shortNames: - gcpproject - gcpprojects singular: project preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: oneOf: - required: - folderRef - required: - organizationRef - not: anyOf: - required: - folderRef - required: - organizationRef properties: billingAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `BillingAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object folderRef: description: |- The folder that this resource belongs to. Changing this forces the resource to be migrated to the newly specified folder. Only one of folderRef or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `folderId` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object name: description: The display name of the project. type: string organizationRef: description: |- The organization that this resource belongs to. Changing this forces the resource to be migrated to the newly specified organization. Only one of folderRef or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The projectId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - name type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array number: description: The numeric identifier of the project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsublitereservations.pubsublite.cnrm.cloud.google.com spec: group: pubsublite.cnrm.cloud.google.com names: categories: - gcp kind: PubSubLiteReservation plural: pubsublitereservations shortNames: - gcppubsublitereservation - gcppubsublitereservations singular: pubsublitereservation preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: The region of the pubsub lite reservation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string throughputCapacity: description: |- The reserved throughput capacity. Every unit of throughput capacity is equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed messages. type: integer required: - projectRef - region - throughputCapacity type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com spec: group: pubsublite.cnrm.cloud.google.com names: categories: - gcp kind: PubSubLiteSubscription plural: pubsublitesubscriptions shortNames: - gcppubsublitesubscription - gcppubsublitesubscriptions singular: pubsublitesubscription preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: deliveryConfig: description: The settings for this subscription's message delivery. properties: deliveryRequirement: description: 'When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' type: string required: - deliveryRequirement type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: The region of the pubsub lite topic. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string topic: description: Immutable. A reference to a Topic resource. type: string zone: description: The zone of the pubsub lite topic. type: string required: - projectRef - topic - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsublitetopics.pubsublite.cnrm.cloud.google.com spec: group: pubsublite.cnrm.cloud.google.com names: categories: - gcp kind: PubSubLiteTopic plural: pubsublitetopics shortNames: - gcppubsublitetopic - gcppubsublitetopics singular: pubsublitetopic preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: partitionConfig: description: The settings for this topic's partitions. properties: capacity: description: The capacity configuration. properties: publishMibPerSec: description: Subscribe throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. type: integer subscribeMibPerSec: description: Publish throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. type: integer required: - publishMibPerSec - subscribeMibPerSec type: object count: description: The number of partitions in the topic. Must be at least 1. type: integer required: - count type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: The region of the pubsub lite topic. type: string reservationConfig: description: The settings for this topic's Reservation usage. properties: throughputReservation: description: The Reservation to use for this topic's throughput capacity. type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retentionConfig: description: The settings for a topic's message retention. properties: perPartitionBytes: description: |- The provisioned storage, in bytes, per partition. If the number of bytes stored in any of the topic's partitions grows beyond this value, older messages will be dropped to make room for newer ones, regardless of the value of period. type: string period: description: |- How long a published message is retained. If unset, messages will be retained as long as the bytes retained for each partition is below perPartitionBytes. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - perPartitionBytes type: object zone: description: The zone of the pubsub lite topic. type: string required: - projectRef - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsubschemas.pubsub.cnrm.cloud.google.com spec: group: pubsub.cnrm.cloud.google.com names: categories: - gcp kind: PubSubSchema plural: pubsubschemas shortNames: - gcppubsubschema - gcppubsubschemas singular: pubsubschema preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: definition: description: |- Immutable. The definition of the schema. This should contain a string representing the full definition of the schema that is a valid schema definition of the type specified in type. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: 'Immutable. The type of the schema definition Default value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", "PROTOCOL_BUFFER", "AVRO"].' type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com spec: group: pubsub.cnrm.cloud.google.com names: categories: - gcp kind: PubSubSubscription plural: pubsubsubscriptions shortNames: - gcppubsubsubscription - gcppubsubsubscriptions singular: pubsubsubscription preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: ackDeadlineSeconds: description: |- This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. type: integer bigqueryConfig: description: |- If delivery to BigQuery is used with this subscription, this field is used to configure it. Either pushConfig or bigQueryConfig can be set, but not both. If both are empty, then the subscriber will pull and ack messages using API methods. properties: dropUnknownFields: description: |- When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. type: boolean tableRef: description: The name of the table to which to write data. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, where {{value}} is the `name` field of a `BigQueryTable` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object useTopicSchema: description: When true, use the topic's schema as the columns to write to in BigQuery, if it exists. type: boolean writeMetadata: description: |- When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. type: boolean required: - tableRef type: object deadLetterPolicy: description: |- A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled. The Cloud Pub/Sub service account associated with this subscription's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription. properties: deadLetterTopicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object maxDeliveryAttempts: description: |- The maximum number of delivery attempts for any message. The value must be between 5 and 100. The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message). A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines. This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used. type: integer type: object enableExactlyOnceDelivery: description: |- If 'true', Pub/Sub provides the following guarantees for the delivery of a message with a given value of messageId on this Subscriptions': - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - An acknowledged message will not be resent to a subscriber. Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. type: boolean enableMessageOrdering: description: |- Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they may be delivered in any order. type: boolean expirationPolicy: description: |- A policy that specifies the conditions for this subscription's expiration. A subscription is considered active as long as any connected subscriber is successfully consuming messages from the subscription or is issuing operations on the subscription. If expirationPolicy is not set, a default policy with ttl of 31 days will be used. If it is set but ttl is "", the resource never expires. The minimum allowed value for expirationPolicy.ttl is 1 day. properties: ttl: description: |- Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. If ttl is set to "", the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s". type: string required: - ttl type: object filter: description: |- Immutable. The subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, you can't modify the filter. type: string messageRetentionDuration: description: |- How long to retain unacknowledged messages in the subscription's backlog, from the moment a message is published. If retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: '"600.5s"'. type: string pushConfig: description: |- If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods. properties: attributes: additionalProperties: type: string description: |- Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. type: object oidcToken: description: |- If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization header in the HTTP request for every pushed message. properties: audience: description: |- Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used. type: string serviceAccountEmail: description: |- Service account email to be used for generating the OIDC token. The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account. type: string required: - serviceAccountEmail type: object pushEndpoint: description: |- A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push". type: string required: - pushEndpoint type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retainAckedMessages: description: |- Indicates whether to retain acknowledged messages. If 'true', then messages are not expunged from the subscription's backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window. type: boolean retryPolicy: description: |- A policy that specifies how Pub/Sub retries message delivery for this subscription. If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message. properties: maximumBackoff: description: |- The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string minimumBackoff: description: |- The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string type: object topicRef: description: Reference to a PubSubTopic. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - topicRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: pubsubtopics.pubsub.cnrm.cloud.google.com spec: group: pubsub.cnrm.cloud.google.com names: categories: - gcp kind: PubSubTopic plural: pubsubtopics shortNames: - gcppubsubtopic - gcppubsubtopics singular: pubsubtopic preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: kmsKeyRef: description: |- The KMSCryptoKey to be used to protect access to messages published on this topic. Your project's Pub/Sub service account ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object messageRetentionDuration: description: |- Indicates the minimum duration to retain a message after it is published to the topic. If this field is set, messages published to the topic in the last messageRetentionDuration are always available to subscribers. For instance, it allows any attached subscription to seek to a timestamp that is up to messageRetentionDuration in the past. If this field is not set, message retention is controlled by settings on individual subscriptions. Cannot be more than 31 days or less than 10 minutes. type: string messageStoragePolicy: description: |- Policy constraining the set of Google Cloud Platform regions where messages published to the topic may be stored. If not present, then no constraints are in effect. properties: allowedPersistenceRegions: description: |- A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Messages published by publishers running in non-allowed GCP regions (or running outside of GCP altogether) will be routed for storage in one of the allowed regions. An empty list means that no regions are allowed, and is not a valid configuration. items: type: string type: array required: - allowedPersistenceRegions type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string schemaSettings: description: Settings for validating messages published against a schema. properties: encoding: description: 'The encoding of messages validated against schema. Default value: "ENCODING_UNSPECIFIED" Possible values: ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' type: string schemaRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, where {{value}} is the `name` field of a `PubSubSchema` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - schemaRef type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp kind: RecaptchaEnterpriseKey plural: recaptchaenterprisekeys shortNames: - gcprecaptchaenterprisekey - gcprecaptchaenterprisekeys singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: androidSettings: description: Settings for keys that can be used by Android apps. properties: allowAllPackageNames: description: If set to true, it means allowed_package_names will not be enforced. type: boolean allowedPackageNames: description: 'Android package names of apps allowed to use the key. Example: ''com.companyname.appname''' items: type: string type: array type: object displayName: description: Human-readable display name of this key. Modifiable by user. type: string iosSettings: description: Settings for keys that can be used by iOS apps. properties: allowAllBundleIds: description: If set to true, it means allowed_bundle_ids will not be enforced. type: boolean allowedBundleIds: description: 'iOS bundle ids of apps allowed to use the key. Example: ''com.companyname.productname.appname''' items: type: string type: array type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string testingOptions: description: Immutable. Options for user acceptance testing. properties: testingChallenge: description: 'Immutable. For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' type: string testingScore: description: Immutable. All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive. format: double type: number type: object webSettings: description: Settings for keys that can be used by websites. properties: allowAllDomains: description: If set to true, it means allowed_domains will not be enforced. type: boolean allowAmpTraffic: description: If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type. type: boolean allowedDomains: description: 'Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: ''example.com'' or ''subdomain.example.com''' items: type: string type: array challengeSecurityPreference: description: 'Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY' type: string integrationType: description: 'Immutable. Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' type: string required: - integrationType type: object required: - displayName - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp corresponding to the creation of this Key. format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: redisinstances.redis.cnrm.cloud.google.com spec: group: redis.cnrm.cloud.google.com names: categories: - gcp kind: RedisInstance plural: redisinstances shortNames: - gcpredisinstance - gcpredisinstances singular: redisinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: alternativeLocationId: description: |- Immutable. Only applicable to STANDARD_HA tier which protects the instance against zonal failures by provisioning it across two zones. If provided, it must be a different zone from the one provided in [locationId]. type: string authEnabled: description: |- Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled. type: boolean authString: description: Output only. AUTH String set on the instance. This field will only be populated if auth_enabled is true. type: string authorizedNetworkRef: description: |- The network to which the instance is connected. If left unspecified, the default network will be used. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object connectMode: description: 'Immutable. The connection mode of the Redis instance. Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS"].' type: string customerManagedKeyRef: description: |- Immutable. Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis instance. If this is provided, CMEK is enabled. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object displayName: description: An arbitrary and optional user-provided name for the instance. type: string locationId: description: |- Immutable. The zone where the instance will be provisioned. If not provided, the service will choose a zone for the instance. For STANDARD_HA tier, instances will be created across two zones for protection against zonal failures. If [alternativeLocationId] is also provided, it must be different from [locationId]. type: string maintenancePolicy: description: Maintenance policy for an instance. properties: createTime: description: |- Output only. The time when the policy was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string description: description: |- Optional. Description of what this policy is for. Create/Update methods return INVALID_ARGUMENT if the length is greater than 512. type: string updateTime: description: |- Output only. The time when the policy was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string weeklyMaintenanceWindow: description: |- Optional. Maintenance window that is applied to resources covered by this policy. Minimum 1. For the current version, the maximum number of weekly_window is expected to be one. items: properties: day: description: |- Required. The day of week that maintenance updates occur. - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - MONDAY: Monday - TUESDAY: Tuesday - WEDNESDAY: Wednesday - THURSDAY: Thursday - FRIDAY: Friday - SATURDAY: Saturday - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. type: string duration: description: |- Output only. Duration of the maintenance window. The current window is fixed at 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string startTime: description: Required. Start time of the window in UTC time. properties: hours: description: |- Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. type: integer seconds: description: |- Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. type: integer type: object required: - day - startTime type: object type: array type: object maintenanceSchedule: description: Upcoming maintenance schedule. properties: endTime: description: |- Output only. The end time of any upcoming scheduled maintenance for this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string scheduleDeadlineTime: description: |- Output only. The deadline that the maintenance schedule start time can not go beyond, including reschedule. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string startTime: description: |- Output only. The start time of any upcoming scheduled maintenance for this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object memorySizeGb: description: Redis memory size in GiB. type: integer persistenceConfig: description: Persistence configuration for an instance. properties: persistenceMode: description: "Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]." type: string rdbNextSnapshotTime: description: |- Output only. The next time that a snapshot attempt is scheduled to occur. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string rdbSnapshotPeriod: description: "Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." type: string rdbSnapshotStartTime: description: |- Optional. Date and time that the first snapshot was/will be attempted, and to which future snapshots will be aligned. If not provided, the current time will be used. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object readReplicasMode: description: |- Optional. Read replica mode. Can only be specified when trying to create the instance. If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the instance cannot scale up or down the number of replicas. - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. type: string redisConfigs: additionalProperties: type: string description: |- Redis configuration parameters, according to http://redis.io/topics/config. Please check Memorystore documentation for the list of supported parameters: https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object redisVersion: description: |- The version of Redis software. If not provided, latest supported version will be used. Please check the API documentation linked at the top for the latest valid values. type: string region: description: Immutable. The name of the Redis region of the instance. type: string replicaCount: description: |- Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0. type: integer reservedIpRange: description: |- Immutable. The CIDR range of internal addresses that are reserved for this instance. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be unique and non-overlapping with existing subnets in an authorized network. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string secondaryIpRange: description: |- Optional. Additional IP range for node placement. Required when enabling read replicas on an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address range associated with the private service access connection, or "auto". type: string tier: description: |- Immutable. The service tier of the instance. Must be one of these values: - BASIC: standalone instance - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. type: string transitEncryptionMode: description: |- Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - memorySizeGb - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. type: string currentLocationId: description: |- The current zone where the Redis endpoint is placed. For Basic Tier instances, this will always be the same as the [locationId] provided by the user at creation time. For Standard Tier instances, this can be either [locationId] or [alternativeLocationId] and can change after a failover event. type: string host: description: |- Hostname or IP address of the exposed Redis endpoint used by clients to connect to the service. type: string nodes: description: Output only. Info per node. items: properties: id: description: Node identifying string. e.g. 'node-0', 'node-1'. type: string zone: description: Location of the node. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer persistenceIamIdentity: description: |- Output only. Cloud IAM identity used by import / export operations to transfer data to/from Cloud Storage. Format is "serviceAccount:". The value may change over time for a given instance so should be checked before each import/export operation. type: string port: description: The port number of the exposed Redis endpoint. type: integer readEndpoint: description: |- Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'. type: string readEndpointPort: description: |- Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'. type: integer serverCaCerts: description: List of server CA certificates for the instance. items: properties: cert: description: The certificate data in PEM format. type: string createTime: description: The time when the certificate was created. type: string expireTime: description: The time when the certificate expires. type: string serialNumber: description: Serial number, as extracted from the certificate. type: string sha1Fingerprint: description: Sha1 Fingerprint of the certificate. type: string type: object type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com spec: group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp kind: ResourceManagerLien plural: resourcemanagerliens shortNames: - gcpresourcemanagerlien - gcpresourcemanagerliens singular: resourcemanagerlien preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: origin: description: |- Immutable. A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. type: string parent: properties: projectRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object reason: description: |- Immutable. Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string restrictions: description: |- Immutable. The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. e.g. ['resourcemanager.projects.delete']. items: type: string type: array required: - origin - parent - reason - restrictions type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time of creation. type: string name: description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp kind: ResourceManagerPolicy plural: resourcemanagerpolicies shortNames: - gcpresourcemanagerpolicy - gcpresourcemanagerpolicies singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: booleanPolicy: description: A boolean policy is a constraint that is either enforced or not. properties: enforced: description: If true, then the Policy is enforced. If false, then any configuration is acceptable. type: boolean required: - enforced type: object constraint: description: Immutable. The name of the Constraint the Policy is configuring, for example, serviceuser.services. type: string folderRef: description: |- The folder on which to configure the constraint. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object listPolicy: description: A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. . properties: allow: description: One or the other must be set. properties: all: description: The policy allows or denies all values. type: boolean values: description: The policy can define specific values that are allowed or denied. items: type: string type: array type: object deny: description: One or the other must be set. properties: all: description: The policy allows or denies all values. type: boolean values: description: The policy can define specific values that are allowed or denied. items: type: string type: array type: object inheritFromParent: description: If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy. type: boolean suggestedValue: description: The Google Cloud Console will try to default to a configuration that matches the value specified in this field. type: string type: object organizationRef: description: |- The organization on which to configure the constraint. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: |- The project on which to configure the constraint. Only one of projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object restorePolicy: description: A restore policy is a constraint to restore the default policy. properties: default: description: May only be set to true. If set, then the default Policy is restored. type: boolean required: - default type: object version: description: Version of the Policy. Default version is 0. type: integer required: - constraint type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: runjobs.run.cnrm.cloud.google.com spec: group: run.cnrm.cloud.google.com names: categories: - gcp kind: RunJob plural: runjobs shortNames: - gcprunjob - gcprunjobs singular: runjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: binaryAuthorization: description: Settings for the Binary Authorization feature. properties: breakglassJustification: description: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. type: string useDefault: description: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. type: boolean type: object client: description: Arbitrary identifier for the API client. type: string clientVersion: description: Arbitrary version identifier for the API client. type: string launchStage: description: |- The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. type: string location: description: Immutable. The location of the cloud run job. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string template: description: The template used to create executions for this Job. properties: parallelism: description: Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism. type: integer taskCount: description: 'Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.' type: integer template: description: Describes the task(s) that will be created when executing an execution. properties: containers: description: Holds the single container that defines the unit of execution for this task. items: properties: args: description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' items: type: string type: array command: description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' items: type: string type: array env: description: List of environment variables to set in the container. items: properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. type: string value: description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes.' type: string valueSource: description: Source for the environment variable's value. properties: secretKeyRef: description: Selects a secret and a specific version from Cloud Secret Manager. properties: secretRef: description: 'The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.' oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object versionRef: description: The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - secretRef - versionRef type: object type: object required: - name type: object type: array image: description: 'URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.' type: string livenessProbe: description: |- DEPRECATED. Cloud Run Job does not support liveness probe and `liveness_probe` field will be removed in a future major release. Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes This field is not supported in Cloud Run Job currently. properties: failureThreshold: description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. type: integer httpGet: description: HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. properties: httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: properties: name: description: The header field name. type: string value: description: The header field value. type: string required: - name type: object type: array path: description: Path to access on the HTTP server. Defaults to '/'. type: string type: object initialDelaySeconds: description: 'Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds. type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. properties: port: description: Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. type: integer type: object timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: |- List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. items: properties: containerPort: description: Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. type: integer name: description: If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". type: string type: object type: array resources: description: 'Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.' properties: limits: additionalProperties: type: string description: 'Only memory and CPU are supported. Note: The only supported values for CPU are ''1'', ''2'', ''4'', and ''8''. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.' type: object type: object startupProbe: description: |- DEPRECATED. Cloud Run Job does not support startup probe and `startup_probe` field will be removed in a future major release. Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes This field is not supported in Cloud Run Job currently. properties: failureThreshold: description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. type: integer httpGet: description: HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. properties: httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: properties: name: description: The header field name. type: string value: description: The header field value. type: string required: - name type: object type: array path: description: Path to access on the HTTP server. Defaults to '/'. type: string type: object initialDelaySeconds: description: 'Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds. type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. properties: port: description: Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. type: integer type: object timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' type: integer type: object volumeMounts: description: Volume to mount into the container's filesystem. items: properties: mountPath: description: Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run. type: string name: description: This must match the Name of a Volume. type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. type: string required: - image type: object type: array encryptionKeyRef: description: A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object executionEnvironment: description: 'The execution environment being used to host this Task. Possible values: ["EXECUTION_ENVIRONMENT_GEN1", "EXECUTION_ENVIRONMENT_GEN2"].' type: string maxRetries: description: Number of retries allowed per Task, before marking this Task failed. type: integer serviceAccountRef: description: Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object timeout: description: |- Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". type: string volumes: description: A list of Volumes to make available to containers. items: properties: emptyDir: description: Ephemeral storage used as a shared volume. properties: medium: description: 'The different types of medium supported for EmptyDir. Default value: "MEMORY" Possible values: ["MEMORY"].' type: string sizeLimit: description: 'Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field''s values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir.' type: string type: object name: description: Volume's name. type: string secret: description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.' properties: defaultMode: description: Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. type: integer items: description: If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. items: properties: mode: description: Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. type: integer path: description: The relative path of the secret in the container. type: string versionRef: description: The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - mode - path - versionRef type: object type: array secretRef: description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - secretRef type: object required: - name type: object type: array vpcAccess: description: VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. properties: egress: description: 'Traffic VPC egress settings. Possible values: ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"].' type: string type: object type: object required: - template type: object required: - location - projectRef - template type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array etag: description: A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. type: string executionCount: description: Number of executions created for this job. type: integer latestCreatedExecution: description: Name of the last created execution. items: properties: completionTime: description: |- Completion timestamp of the execution. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string createTime: description: |- Creation timestamp of the execution. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string name: description: Name of the execution. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer reconciling: description: |- Returns true if the Job is currently being acted upon by the system to bring it into the desired state. When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions. type: boolean terminalCondition: description: The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state. items: properties: executionReason: description: A reason for the execution condition. type: string lastTransitionTime: description: |- Last time the condition transitioned from one status to another. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string message: description: Human readable message indicating details about the current status. type: string reason: description: A common (service-level) reason for this condition. type: string revisionReason: description: A reason for the revision condition. type: string severity: description: How to interpret failures of this condition, one of Error, Warning, Info. type: string state: description: State of the condition. type: string type: description: 'type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready.' type: string type: object type: array uid: description: Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" name: runservices.run.cnrm.cloud.google.com spec: group: run.cnrm.cloud.google.com names: categories: - gcp kind: RunService plural: runservices shortNames: - gcprunservice - gcprunservices singular: runservice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: annotations: additionalProperties: type: string description: 'Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run will populate some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' namespaces. This field follows Kubernetes annotations'' namespacing, limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' type: object binaryAuthorization: description: Settings for the Binary Authorization feature. properties: breakglassJustification: description: If present, indicates to use Breakglass using this justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass type: string useDefault: description: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled type: boolean type: object client: description: Arbitrary identifier for the API client. type: string clientVersion: description: Arbitrary version identifier for the API client. type: string description: description: User-provided description of the Service. type: string ingress: description: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. type: string launchStage: description: 'The launch stage as defined by [Google Cloud Platform Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string template: description: Required. The template used to create revisions for this Service. properties: annotations: additionalProperties: type: string description: KRM-style annotations for the resource. type: object containerConcurrency: description: Sets the maximum number of requests that each serving instance can receive. format: int64 type: integer containers: description: Holds the single container that defines the unit of execution for this Revision. items: properties: args: description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: description: List of environment variables to set in the container. items: properties: name: description: Required. Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. type: string value: description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes.' type: string valueSource: description: Source for the environment variable's value. properties: secretKeyRef: description: Selects a secret and a specific version from Cloud Secret Manager. properties: secretRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object versionRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - secretRef type: object type: object required: - name type: object type: array image: description: 'Required. URL of the Container image in Google Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' type: string name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. items: properties: containerPort: description: Port number the container listens on. This must be a valid TCP port number, 0 < container_port < 65536. format: int64 type: integer name: description: If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". type: string type: object type: array resources: description: 'Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: cpuIdle: description: Determines whether CPU should be throttled or not outside of requests. type: boolean limits: additionalProperties: type: string description: 'Only memory and CPU are supported. Note: The only supported values for CPU are ''1'', ''2'', and ''4''. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object type: object volumeMounts: description: Volume to mount into the container's filesystem. items: properties: mountPath: description: Required. Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be `/cloudsql`. All instances defined in the Volume will be available as `/cloudsql/[instance]`. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run type: string name: description: Required. This must match the Name of a Volume. type: string required: - mountPath - name type: object type: array required: - image type: object type: array executionEnvironment: description: 'The sandbox environment to host this Revision. Possible values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, EXECUTION_ENVIRONMENT_GEN2' type: string labels: additionalProperties: type: string description: KRM-style labels for the resource. type: object revision: description: The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. type: string scaling: description: Scaling settings for this Revision. properties: maxInstanceCount: description: Maximum number of serving instances that this resource should have. format: int64 type: integer minInstanceCount: description: Minimum number of serving instances that this resource should have. format: int64 type: integer type: object serviceAccountRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object timeout: description: Max allowed time for an instance to respond to a request. type: string volumes: description: A list of Volumes to make available to containers. items: properties: cloudSqlInstance: description: For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. properties: instances: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `instanceName` field of a `SQLInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array type: object name: description: Required. Volume's name. type: string secret: description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: description: 'Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. This might be in conflict with other options that affect the file mode, like fsGroup, and as a result, other mode bits could be set.' format: int64 type: integer items: description: If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. items: properties: mode: description: 'Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume''s default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int64 type: integer path: description: Required. The relative path of the secret in the container. type: string versionRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - path type: object type: array secretRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - secretRef type: object required: - name type: object type: array vpcAccess: description: VPC Access configuration to use for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. properties: connectorRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: |- VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object egress: description: 'Traffic VPC egress settings. Possible values: VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' type: string type: object type: object traffic: description: Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest `Ready` Revision. items: properties: percent: description: Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. Cloud Run currently requires 100 percent for a single TrafficTarget entry. format: int64 type: integer revision: description: Revision to which to send this portion of traffic, if traffic allocation is by revision. type: string tag: description: Indicates a string to be part of the URI to exclusively reference this target. type: string type: description: 'The allocation type for this traffic target. Possible values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' type: string type: object type: array required: - location - projectRef - template type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. The creation time. format: date-time type: string creator: description: Output only. Email address of the authenticated creator. type: string deleteTime: description: Output only. The deletion time. format: date-time type: string etag: description: Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. type: string expireTime: description: Output only. For a deleted resource, the time after which it will be permamently deleted. format: date-time type: string labels: additionalProperties: type: string description: Map of string keys and values that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved. type: object lastModifier: description: Output only. Email address of the last authenticated modifier. type: string latestCreatedRevision: description: Output only. Name of the last created revision. See comments in `reconciling` for additional information on reconciliation process in Cloud Run. type: string latestReadyRevision: description: Output only. Name of the latest revision that is serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer reconciling: description: 'Output only. Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, `observed_generation`, `latest_ready_revison`, `traffic_statuses`, and `uri` will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in `terminal_condition.state`. If reconciliation succeeded, the following fields will match: `traffic` and `traffic_statuses`, `observed_generation` and `generation`, `latest_ready_revision` and `latest_created_revision`. If reconciliation failed, `traffic_statuses`, `observed_generation`, and `latest_ready_revision` will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in `terminal_condition` and `conditions`.' type: boolean resourceGeneration: description: Output only. A number that monotonically increases every time the user modifies the desired state. format: int64 type: integer terminalCondition: description: Output only. The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in `reconciling` for additional information on reconciliation process in Cloud Run. properties: jobReason: description: 'A reason for the job condition. Possible values: JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string lastTransitionTime: description: Last time the condition transitioned from one status to another. format: date-time type: string message: description: Human readable message indicating details about the current status. type: string reason: description: 'A common (service-level) reason for this condition. Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, POSTPONED_RETRY, INTERNAL' type: string revisionReason: description: 'A reason for the revision condition. Possible values: REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, NO_DEPLOYMENT' type: string severity: description: 'How to interpret failures of this condition, one of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, ERROR, WARNING, INFO' type: string state: description: 'State of the condition. Possible values: STATE_UNSPECIFIED, CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, CONDITION_SUCCEEDED' type: string type: description: 'type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready.' type: string type: object trafficStatuses: description: Output only. Detailed status information for corresponding traffic targets. See comments in `reconciling` for additional information on reconciliation process in Cloud Run. items: properties: percent: description: Specifies percent of the traffic to this Revision. format: int64 type: integer revision: description: Revision to which this traffic is sent. type: string tag: description: Indicates the string used in the URI to exclusively reference this target. type: string type: description: 'The allocation type for this traffic target. Possible values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' type: string uri: description: Displays the target URI. type: string type: object type: array uid: description: Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. type: string updateTime: description: Output only. The last-modified time. format: date-time type: string uri: description: Output only. The main URI in which this Service is serving traffic. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: group: secretmanager.cnrm.cloud.google.com names: categories: - gcp kind: SecretManagerSecret plural: secretmanagersecrets shortNames: - gcpsecretmanagersecret - gcpsecretmanagersecrets singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: expireTime: description: |- Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string replication: description: |- Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed after the Secret has been created. properties: automatic: description: Immutable. The Secret will automatically be replicated without any restrictions. type: boolean userManaged: description: Immutable. The Secret will automatically be replicated without any restrictions. properties: replicas: description: Immutable. The list of Replicas for this Secret. Cannot be empty. items: properties: customerManagedEncryption: description: Immutable. Customer Managed Encryption for the secret. properties: kmsKeyRef: description: Customer Managed Encryption for the secret. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeyRef type: object location: description: 'Immutable. The canonical IDs of the location to replicate data. For example: "us-east1".' type: string required: - location type: object type: array required: - replicas type: object type: object resourceID: description: Immutable. Optional. The secretId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rotation: description: The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation. properties: nextRotationTime: description: |- Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string rotationPeriod: description: |- Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object topics: description: A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. items: properties: topicRef: description: |- A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - topicRef type: object type: array ttl: description: |- Immutable. The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - replication type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time at which the Secret was created. type: string name: description: |- The resource name of the Secret. Format: 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: group: secretmanager.cnrm.cloud.google.com names: categories: - gcp kind: SecretManagerSecretVersion plural: secretmanagersecretversions shortNames: - gcpsecretmanagersecretversion - gcpsecretmanagersecretversions singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: enabled: description: The current state of the SecretVersion. type: boolean resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string secretData: description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object secretRef: description: Secret Manager secret resource oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - secretData - secretRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time at which the Secret was created. type: string destroyTime: description: The time at which the Secret was destroyed. Only present if state is DESTROYED. type: string name: description: |- The resource name of the SecretVersion. Format: 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer version: description: The version of the Secret. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com spec: group: securitycenter.cnrm.cloud.google.com names: categories: - gcp kind: SecurityCenterNotificationConfig plural: securitycenternotificationconfigs shortNames: - gcpsecuritycenternotificationconfig - gcpsecuritycenternotificationconfigs singular: securitycenternotificationconfig preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: configId: description: Immutable. This must be unique within the organization. type: string description: description: The description of the notification config (max of 1024 characters). type: string organizationRef: description: The organization that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object pubsubTopic: description: |- The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string streamingConfig: description: The config for triggering streaming-based notifications. properties: filter: description: |- Expression that defines the filter to apply across create/update events of assets or findings as specified by the event type. The expression is a list of zero or more restrictions combined via logical operators AND and OR. Parentheses are supported, and OR has higher precedence than AND. Restrictions have the form and may have a - character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * = for all value types. * >, <, >=, <= for integer values. * :, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals true and false without quotes. See [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) for information on how to write a filter. type: string required: - filter type: object required: - configId - organizationRef - pubsubTopic - streamingConfig type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name of this notification config, in the format 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer serviceAccount: description: |- The service account that needs "pubsub.topics.publish" permission to publish to the Pub/Sub topic. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: group: securitycenter.cnrm.cloud.google.com names: categories: - gcp kind: SecurityCenterSource plural: securitycentersources shortNames: - gcpsecuritycentersource - gcpsecuritycentersources singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the source (max of 1024 characters). type: string displayName: description: |- The source’s display name. A source’s display name must be unique amongst its siblings, for example, two sources with the same parent can't share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens, and underscores, and can be no longer than 32 characters. type: string organizationRef: description: The organization that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of an `Organization` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - organizationRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name of this source, in the format 'organizations/{{organization}}/sources/{{source}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp kind: ServiceDirectoryEndpoint plural: servicedirectoryendpoints shortNames: - gcpservicedirectoryendpoint - gcpservicedirectoryendpoints singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: addressRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `address` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object networkRef: description: |- Only the `external` field is supported to configure the reference. Immutable. The Google Compute Engine network (VPC) of the endpoint in the format projects//locations/global/networks/*. The project must be specified by project number (project id is rejected). Incorrectly formatted networks are rejected, but no other validation is performed on this field (ex. network or project existence, reachability, or permissions). oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object port: description: |- Port that the endpoint is running on, must be in the range of [0, 65535]. If unspecified, the default is 0. type: integer resourceID: description: Immutable. Optional. The endpointId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceRef: description: The ServiceDirectoryService that this endpoint belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ServiceDirectoryService` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - serviceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name for the endpoint in the format 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp kind: ServiceDirectoryNamespace plural: servicedirectorynamespaces shortNames: - gcpservicedirectorynamespace - gcpservicedirectorynamespaces singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: location: description: |- The location for the Namespace. A full list of valid locations can be found by running 'gcloud beta service-directory locations list'. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The namespaceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name for the namespace in the format 'projects/*/locations/*/namespaces/*'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp kind: ServiceDirectoryService plural: servicedirectoryservices shortNames: - gcpservicedirectoryservice - gcpservicedirectoryservices singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: namespaceRef: description: The ServiceDirectoryNamespace that this service belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The serviceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - namespaceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: |- The resource name for the service in the format 'projects/*/locations/*/namespaces/*/services/*'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: group: serviceusage.cnrm.cloud.google.com names: categories: - gcp kind: ServiceIdentity plural: serviceidentities shortNames: - gcpserviceidentity - gcpserviceidentities singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp kind: ServiceNetworkingConnection plural: servicenetworkingconnections shortNames: - gcpservicenetworkingconnection - gcpservicenetworkingconnections singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: networkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object reservedPeeringRanges: items: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeAddress` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: array service: description: Immutable. Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - networkRef - reservedPeeringRanges - service type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer peering: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: services.serviceusage.cnrm.cloud.google.com spec: group: serviceusage.cnrm.cloud.google.com names: categories: - gcp kind: Service plural: services shortNames: - gcpservice - gcpservices singular: service preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: group: serviceusage.cnrm.cloud.google.com names: categories: - gcp kind: ServiceUsageConsumerQuotaOverride plural: serviceusageconsumerquotaoverrides shortNames: - gcpserviceusageconsumerquotaoverride - gcpserviceusageconsumerquotaoverrides singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: dimensions: additionalProperties: type: string description: Immutable. If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. type: object force: description: |- If the new quota would decrease the existing quota by more than 10%, the request is rejected. If 'force' is 'true', that safety check is ignored. type: boolean limit: description: |- Immutable. The limit on the metric, e.g. '/project/region'. ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. E.g. use '/project/user' instead of '1/{project}/{user}'. type: string metric: description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. type: string overrideValue: description: The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string service: description: Immutable. The service that the metrics belong to, e.g. 'compute.googleapis.com'. type: string required: - limit - metric - overrideValue - projectRef - service type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp kind: SourceRepoRepository plural: sourcereporepositories shortNames: - gcpsourcereporepository - gcpsourcereporepositories singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: pubsubConfigs: description: |- How this repository publishes a change in the repository through Cloud Pub/Sub. Keyed by the topic names. items: properties: messageFormat: description: |- The format of the Cloud Pub/Sub messages. - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. - JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: ["PROTOBUF", "JSON"]. type: string serviceAccountRef: description: |- Service account used for publishing Cloud Pub/Sub messages. This service account needs to be in the same project as the pubsubConfig. When added, the caller needs to have iam.serviceAccounts.actAs permission on this service account. If unspecified, it defaults to the compute engine default service account. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `email` field of an `IAMServiceAccount` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object topicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - messageFormat - topicRef type: object type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer size: description: The disk usage of the repo, in bytes. type: integer url: description: URL to clone the repository from Google Cloud Source Repositories. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: spannerdatabases.spanner.cnrm.cloud.google.com spec: group: spanner.cnrm.cloud.google.com names: categories: - gcp kind: SpannerDatabase plural: spannerdatabases shortNames: - gcpspannerdatabase - gcpspannerdatabases singular: spannerdatabase preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: databaseDialect: description: |- Immutable. The dialect of the Cloud Spanner Database. If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. type: string ddl: description: |- An optional list of DDL statements to run inside the newly created database. Statements can create tables, indexes, etc. These statements execute atomically with the creation of the database: if there is an error in any statement, the database is not created. items: type: string type: array encryptionConfig: description: Immutable. Encryption configuration for the database. properties: kmsKeyRef: description: |- Fully qualified name of the KMS key to use to encrypt this database. This key must exist in the same location as the Spanner Database. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeyRef type: object instanceRef: description: The instance to create the database on. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SpannerInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string versionRetentionPeriod: description: |- The retention period for the database. The retention period must be between 1 hour and 7 days, and can be specified in days, hours, minutes, or seconds. For example, the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. If this property is used, you must avoid adding new DDL statements to 'ddl' that update the database's version_retention_period. type: string required: - instanceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: An explanation of the status of the database. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: spannerinstances.spanner.cnrm.cloud.google.com spec: group: spanner.cnrm.cloud.google.com names: categories: - gcp kind: SpannerInstance plural: spannerinstances shortNames: - gcpspannerinstance - gcpspannerinstances singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: config: description: |- Immutable. The name of the instance's configuration (similar but not quite the same as a region) which defines the geographic placement and replication of your databases in this instance. It determines where your data is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. In order to obtain a valid list please consult the [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string displayName: description: |- The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. type: string numNodes: type: integer processingUnits: type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - config - displayName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: 'Instance status: ''CREATING'' or ''READY''.' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: sqldatabases.sql.cnrm.cloud.google.com spec: group: sql.cnrm.cloud.google.com names: categories: - gcp kind: SQLDatabase plural: sqldatabases shortNames: - gcpsqldatabase - gcpsqldatabases singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: charset: description: |- The charset value. See MySQL's [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) for more details and supported values. Postgres databases only support a value of 'UTF8' at creation time. type: string collation: description: |- The collation value. See MySQL's [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) for more details and supported values. Postgres databases only support a value of 'en_US.UTF8' at creation time. type: string deletionPolicy: description: |- The deletion policy for the database. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be deleted from the API if there are users other than cloudsqlsuperuser with access. Possible values are: "ABANDON", "DELETE". Defaults to "DELETE". type: string instanceRef: description: The Cloud SQL instance. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - instanceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: sqlinstances.sql.cnrm.cloud.google.com spec: group: sql.cnrm.cloud.google.com names: categories: - gcp kind: SQLInstance plural: sqlinstances shortNames: - gcpsqlinstance - gcpsqlinstances singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: databaseVersion: default: MYSQL_5_6 description: The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions. type: string encryptionKMSCryptoKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object instanceType: description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string maintenanceVersion: description: Maintenance version. type: string masterInstanceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this. type: string replicaConfiguration: description: The configuration for replication. properties: caCertificate: description: Immutable. PEM representation of the trusted CA's x509 certificate. type: string clientCertificate: description: Immutable. PEM representation of the replica's x509 certificate. type: string clientKey: description: Immutable. PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate. type: string connectRetryInterval: description: Immutable. The number of seconds between connect retries. MySQL's default is 60 seconds. type: integer dumpFilePath: description: Immutable. Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename. type: string failoverTarget: description: Immutable. Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. type: boolean masterHeartbeatPeriod: description: Immutable. Time in ms between replication heartbeats. type: integer password: description: Immutable. Password for the replication connection. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object sslCipher: description: Immutable. Permissible ciphers for use in SSL encryption. type: string username: description: Immutable. Username for replication connection. type: string verifyServerCertificate: description: Immutable. True if the master's common name value is checked during the SSL handshake. type: boolean type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string rootPassword: description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object settings: description: The settings to use for the database. The configuration is detailed below. properties: activationPolicy: description: This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND. type: string activeDirectoryConfig: properties: domain: description: Domain name of the Active Directory for SQL Server (e.g., mydomain.com). type: string required: - domain type: object advancedMachineFeatures: properties: threadsPerCore: description: The number of threads per physical core. Can be 1 or 2. type: integer type: object authorizedGaeApplications: description: |- DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. Specifying this field has no-ops; it's recommended to remove this field from your configuration. items: type: string type: array availabilityType: description: |- The availability type of the Cloud SQL instance, high availability (REGIONAL) or single zone (ZONAL). For all instances, ensure that settings.backup_configuration.enabled is set to true. For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled is set to true. Defaults to ZONAL. type: string backupConfiguration: properties: backupRetentionSettings: properties: retainedBackups: description: Number of backups to retain. type: integer retentionUnit: description: The unit that 'retainedBackups' represents. Defaults to COUNT. type: string required: - retainedBackups type: object binaryLogEnabled: description: True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL. type: boolean enabled: description: True if backup configuration is enabled. type: boolean location: description: Location of the backup configuration. type: string pointInTimeRecoveryEnabled: description: True if Point-in-time recovery is enabled. type: boolean startTime: description: HH:MM format time indicating when backup configuration starts. type: string transactionLogRetentionDays: description: The number of days of transaction logs we retain for point in time restore, from 1-7. type: integer type: object collation: description: Immutable. The name of server instance collation. type: string connectorEnforcement: description: Specifies if connections must use Cloud SQL connectors. type: string crashSafeReplication: description: |- DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: boolean databaseFlags: items: properties: name: description: Name of the flag. type: string value: description: Value of the flag. type: string required: - name - value type: object type: array deletionProtectionEnabled: description: Configuration to protect against accidental instance deletion. type: boolean denyMaintenancePeriod: properties: endDate: description: End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01. type: string startDate: description: Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01. type: string time: description: 'Time in UTC when the "deny maintenance period" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00.' type: string required: - endDate - startDate - time type: object diskAutoresize: description: Enables auto-resizing of the storage size. Defaults to true. type: boolean diskAutoresizeLimit: description: The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit. type: integer diskSize: description: The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB. type: integer diskType: description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.' type: string insightsConfig: description: Configuration of Query Insights. properties: queryInsightsEnabled: description: True if Query Insights feature is enabled. type: boolean queryPlansPerMinute: description: Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5. type: integer queryStringLength: description: Maximum query length stored in bytes. Between 256 and 4500. Default to 1024. type: integer recordApplicationTags: description: True if Query Insights will record application tags from query when enabled. type: boolean recordClientAddress: description: True if Query Insights will record client address when enabled. type: boolean type: object ipConfiguration: properties: allocatedIpRange: description: 'The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.' type: string authorizedNetworks: items: properties: expirationTime: type: string name: type: string value: type: string required: - value type: object type: array enablePrivatePathForGoogleCloudServices: description: Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported. type: boolean ipv4Enabled: description: Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured. type: boolean privateNetworkRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object requireSsl: type: boolean type: object locationPreference: properties: followGaeApplication: description: A Google App Engine application whose zone to remain in. Must be in the same region as this instance. type: string secondaryZone: description: The preferred Compute Engine zone for the secondary/failover. type: string zone: description: The preferred compute engine zone. type: string type: object maintenanceWindow: description: Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time. properties: day: description: Day of week (1-7), starting on Monday. type: integer hour: description: Hour of day (0-23), ignored if day not set. type: integer updateTrack: description: Receive updates earlier (canary) or later (stable). type: string type: object passwordValidationPolicy: properties: complexity: description: Password complexity. type: string disallowUsernameSubstring: description: Disallow username as a part of the password. type: boolean enablePasswordPolicy: description: Whether the password policy is enabled or not. type: boolean minLength: description: Minimum number of characters allowed. type: integer passwordChangeInterval: description: Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL. type: string reuseInterval: description: Number of previous passwords that cannot be reused. type: integer required: - enablePasswordPolicy type: object pricingPlan: description: Pricing plan for this instance, can only be PER_USE. type: string replicationType: description: |- DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string sqlServerAuditConfig: properties: bucketRef: description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `url` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object retentionInterval: description: 'How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s"..' type: string uploadInterval: description: 'How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' type: string type: object tier: description: The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types. type: string timeZone: description: Immutable. The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format. type: string required: - tier type: object required: - settings type: object status: properties: availableMaintenanceVersions: description: Available Maintenance versions. items: type: string type: array conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array connectionName: description: The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy. type: string firstIpAddress: type: string instanceType: description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string ipAddress: items: properties: ipAddress: type: string timeToRetire: type: string type: type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer privateIpAddress: type: string publicIpAddress: type: string selfLink: description: The URI of the created resource. type: string serverCaCert: properties: cert: description: The CA Certificate used to connect to the SQL Instance via SSL. type: string commonName: description: The CN valid for the CA Cert. type: string createTime: description: Creation time of the CA Cert. type: string expirationTime: description: Expiration time of the CA Cert. type: string sha1Fingerprint: description: SHA Fingerprint of the CA Cert. type: string type: object serviceAccountEmailAddress: description: The service account email address assigned to the instance. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: sqlsslcerts.sql.cnrm.cloud.google.com spec: group: sql.cnrm.cloud.google.com names: categories: - gcp kind: SQLSSLCert plural: sqlsslcerts shortNames: - gcpsqlsslcert - gcpsqlsslcerts singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: commonName: description: Immutable. The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created. type: string instanceRef: description: The Cloud SQL instance. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated sha1Fingerprint of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - commonName - instanceRef type: object status: properties: cert: description: The actual certificate data for this client certificate. type: string certSerialNumber: description: The serial number extracted from the certificate data. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. type: string expirationTime: description: The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer privateKey: description: The private key associated with the client certificate. type: string serverCaCert: description: The CA cert of the server this client cert was generated from. type: string sha1Fingerprint: description: The SHA1 Fingerprint of the certificate. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: sqlusers.sql.cnrm.cloud.google.com spec: group: sql.cnrm.cloud.google.com names: categories: - gcp kind: SQLUser plural: sqlusers shortNames: - gcpsqluser - gcpsqlusers singular: sqluser preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: host: description: Immutable. The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. type: string instanceRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object password: description: |- The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object passwordPolicy: properties: allowedFailedAttempts: description: Number of failed attempts allowed before the user get locked. type: integer enableFailedAttemptsCheck: description: If true, the check that will lock user after too many failed login attempts will be enabled. type: boolean enablePasswordVerification: description: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL. type: boolean passwordExpirationDuration: description: Password expiration duration with one week grace period. type: string status: items: properties: locked: description: If true, user does not have login privileges. type: boolean passwordExpirationTime: description: Password expiration duration with one week grace period. type: string type: object type: array type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string type: description: |- Immutable. The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". type: string required: - instanceRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer sqlServerUserDetails: items: properties: disabled: description: If the user has been disabled. type: boolean serverRoles: description: The server roles for this user in the database. items: type: string type: array type: object type: array type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: group: storage.cnrm.cloud.google.com names: categories: - gcp kind: StorageBucketAccessControl plural: storagebucketaccesscontrols shortNames: - gcpstoragebucketaccesscontrol - gcpstoragebucketaccesscontrols singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bucketRef: description: Reference to the bucket. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object entity: description: |- Immutable. The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. type: string role: description: 'The access permission for the entity. Possible values: ["OWNER", "READER", "WRITER"].' type: string required: - bucketRef - entity type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array domain: description: The domain associated with the entity. type: string email: description: The email address associated with the entity. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagebuckets.storage.cnrm.cloud.google.com spec: group: storage.cnrm.cloud.google.com names: categories: - gcp kind: StorageBucket plural: storagebuckets shortNames: - gcpstoragebucket - gcpstoragebuckets singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: autoclass: description: Immutable. The bucket's autoclass configuration. properties: enabled: description: Immutable. While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern. type: boolean required: - enabled type: object bucketPolicyOnly: description: |- DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. Enables Bucket PolicyOnly access to a bucket. type: boolean cors: description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. items: properties: maxAgeSeconds: description: The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses. type: integer method: description: 'The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".' items: type: string type: array origin: description: 'The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".' items: type: string type: array responseHeader: description: The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains. items: type: string type: array type: object type: array customPlacementConfig: description: The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty. properties: dataLocations: description: 'Immutable. The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.' items: type: string type: array required: - dataLocations type: object defaultEventBasedHold: description: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. type: boolean encryption: description: The bucket's encryption configuration. properties: kmsKeyRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - kmsKeyRef type: object lifecycleRule: description: The bucket's Lifecycle Rules configuration. items: properties: action: description: The Lifecycle Rule's action configuration. A single block of this type is supported. properties: storageClass: description: 'The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' type: string type: description: 'The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.' type: string required: - type type: object condition: description: The Lifecycle Rule's condition configuration. properties: age: description: Minimum age of an object in days to satisfy this condition. type: integer createdBefore: description: Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition. type: string customTimeBefore: description: Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition. type: string daysSinceCustomTime: description: Number of days elapsed since the user-specified timestamp set on an object. type: integer daysSinceNoncurrentTime: description: "Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects." type: integer matchesPrefix: description: One or more matching name prefixes to satisfy this condition. items: type: string type: array matchesStorageClass: description: 'Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' items: type: string type: array matchesSuffix: description: One or more matching name suffixes to satisfy this condition. items: type: string type: array noncurrentTimeBefore: description: Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition. type: string numNewerVersions: description: Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition. type: integer withState: description: 'Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".' type: string type: object required: - action - condition type: object type: array location: default: US description: Immutable. The Google Cloud Storage location. type: string logging: description: The bucket's Access & Storage Logs configuration. properties: logBucket: description: The bucket that will receive log objects. type: string logObjectPrefix: description: The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name. type: string required: - logBucket type: object publicAccessPrevention: description: Prevents public access to a bucket. type: string requesterPays: description: Enables Requester Pays on a storage bucket. type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string retentionPolicy: description: Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. properties: isLocked: description: 'If set to true, the bucket will be locked and permanently restrict edits to the bucket''s retention policy. Caution: Locking a bucket is an irreversible action.' type: boolean retentionPeriod: description: The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds. type: integer required: - retentionPeriod type: object storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' type: string uniformBucketLevelAccess: description: Enables uniform bucket-level access on a bucket. type: boolean versioning: description: The bucket's Versioning configuration. properties: enabled: description: While set to true, versioning is fully enabled for this bucket. type: boolean required: - enabled type: object website: description: Configuration if the bucket acts as a website. properties: mainPageSuffix: description: Behaves as the bucket's directory index where missing objects are treated as potential directories. type: string notFoundPage: description: The custom object to return when a requested resource is not found. type: string type: object type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string url: description: The base URL of the bucket, in the format gs://. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: group: storage.cnrm.cloud.google.com names: categories: - gcp kind: StorageDefaultObjectAccessControl plural: storagedefaultobjectaccesscontrols shortNames: - gcpstoragedefaultobjectaccesscontrol - gcpstoragedefaultobjectaccesscontrols singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bucketRef: description: Reference to the bucket. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object entity: description: |- The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers. type: string object: description: The name of the object, if applied to an object. type: string role: description: 'The access permission for the entity. Possible values: ["OWNER", "READER"].' type: string required: - bucketRef - entity - role type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array domain: description: The domain associated with the entity. type: string email: description: The email address associated with the entity. type: string entityId: description: The ID for the entity. type: string generation: description: The content generation of the object, if applied to an object. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer projectTeam: description: The project team associated with the entity. properties: projectNumber: description: The project team associated with the entity. type: string team: description: 'The team. Possible values: ["editors", "owners", "viewers"].' type: string type: object type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagehmackeys.storage.cnrm.cloud.google.com spec: group: storage.cnrm.cloud.google.com names: categories: - gcp kind: StorageHMACKey plural: storagehmackeys shortNames: - gcpstoragehmackey - gcpstoragehmackeys singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated accessId of the resource. Used for acquisition only. Leave unset to create a new resource. type: string serviceAccountEmail: description: Immutable. The email address of the key's associated service account. type: string state: description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - projectRef - serviceAccountEmail type: object status: properties: accessId: description: The access ID of the HMAC Key. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer secret: description: HMAC secret key material. type: string timeCreated: description: '''The creation time of the HMAC key in RFC 3339 format. ''.' type: string updated: description: '''The last modification time of the HMAC key metadata in RFC 3339 format.''.' type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagenotifications.storage.cnrm.cloud.google.com spec: group: storage.cnrm.cloud.google.com names: categories: - gcp kind: StorageNotification plural: storagenotifications shortNames: - gcpstoragenotification - gcpstoragenotifications singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object customAttributes: additionalProperties: type: string description: Immutable. A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription. type: object eventTypes: description: 'Immutable. List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE".' items: type: string type: array objectNamePrefix: description: Immutable. Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix. type: string payloadFormat: description: Immutable. The desired content of the Payload. One of "JSON_API_V1" or "NONE". type: string resourceID: description: Immutable. Optional. The service-generated notificationId of the resource. Used for acquisition only. Leave unset to create a new resource. type: string topicRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - bucketRef - payloadFormat - topicRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array notificationId: description: The ID of the created notification. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The URI of the created resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp kind: StorageTransferAgentPool plural: storagetransferagentpools shortNames: - gcpstoragetransferagentpool - gcpstoragetransferagentpools singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: bandwidthLimit: description: Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'. properties: limitMbps: description: Bandwidth rate in megabytes per second, distributed across all the agents in the pool. type: string required: - limitMbps type: object displayName: description: Specifies the client-specified AgentPool description. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: Specifies the state of the AgentPool. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp kind: StorageTransferJob plural: storagetransferjobs shortNames: - gcpstoragetransferjob - gcpstoragetransferjobs singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Unique description to identify the Transfer Job. type: string notificationConfig: description: Notification configuration. properties: eventTypes: description: Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", "TRANSFER_OPERATION_ABORTED". items: type: string type: array payloadFormat: description: The desired format of the notification message payloads. One of "NONE" or "JSON". type: string topicRef: description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - payloadFormat - topicRef type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string schedule: description: Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run. properties: repeatInterval: description: 'Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' type: string scheduleEndDate: description: The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. properties: day: description: Day of month. Must be from 1 to 31 and valid for the year and month. type: integer month: description: Month of year. Must be from 1 to 12. type: integer year: description: Year of date. Must be from 1 to 9999. type: integer required: - day - month - year type: object scheduleStartDate: description: The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day. properties: day: description: Day of month. Must be from 1 to 31 and valid for the year and month. type: integer month: description: Month of year. Must be from 1 to 12. type: integer year: description: Year of date. Must be from 1 to 9999. type: integer required: - day - month - year type: object startTimeOfDay: description: The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone. properties: hours: description: Hours of day in 24 hour format. Should be from 0 to 23. type: integer minutes: description: Minutes of hour of day. Must be from 0 to 59. type: integer nanos: description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. type: integer seconds: description: Seconds of minutes of the time. Must normally be from 0 to 59. type: integer required: - hours - minutes - nanos - seconds type: object required: - scheduleStartDate type: object status: description: 'Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.' type: string transferSpec: description: Transfer specification. properties: awsS3DataSource: description: An AWS S3 data source. properties: awsAccessKey: description: AWS credentials block. properties: accessKeyId: description: AWS Key ID. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object secretAccessKey: description: AWS Secret Access Key. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object required: - accessKeyId - secretAccessKey type: object bucketName: description: S3 Bucket name. type: string path: description: S3 Bucket path in bucket to transfer. type: string roleArn: description: The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project. type: string required: - bucketName type: object azureBlobStorageDataSource: description: An Azure Blob Storage data source. properties: azureCredentials: description: ' Credentials used to authenticate API requests to Azure.' properties: sasToken: description: Azure shared access signature. oneOf: - not: required: - valueFrom required: - value - not: required: - value required: - valueFrom properties: value: description: Value of the field. Cannot be used if 'valueFrom' is specified. type: string valueFrom: description: Source for the field's value. Cannot be used if 'value' is specified. properties: secretKeyRef: description: Reference to a value with the given key in the given Secret in the resource's namespace. properties: key: description: Key that identifies the value to be extracted. type: string name: description: Name of the Secret to extract a value from. type: string required: - name - key type: object type: object type: object required: - sasToken type: object container: description: The container to transfer from the Azure Storage account. type: string path: description: Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. type: string storageAccount: description: The name of the Azure Storage account. type: string required: - azureCredentials - container - storageAccount type: object gcsDataSink: description: A Google Cloud Storage data sink. properties: bucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object path: description: Google Cloud Storage path in bucket to transfer. type: string required: - bucketRef type: object gcsDataSource: description: A Google Cloud Storage data source. properties: bucketRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object path: description: Google Cloud Storage path in bucket to transfer. type: string required: - bucketRef type: object httpDataSource: description: A HTTP URL data source. properties: listUrl: description: The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported. type: string required: - listUrl type: object objectConditions: description: Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink. properties: excludePrefixes: description: exclude_prefixes must follow the requirements described for include_prefixes. items: type: string type: array includePrefixes: description: If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions. items: type: string type: array lastModifiedBefore: description: 'If specified, only objects with a "last modification time" before this timestamp and objects that don''t have a "last modification time" are transferred. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' type: string lastModifiedSince: description: 'If specified, only objects with a "last modification time" on or after this timestamp and objects that don''t have a "last modification time" are transferred. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' type: string maxTimeElapsedSinceLastModification: description: 'A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' type: string minTimeElapsedSinceLastModification: description: 'A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' type: string type: object posixDataSink: description: A POSIX filesystem data sink. properties: rootDirectory: description: Root directory path to the filesystem. type: string required: - rootDirectory type: object posixDataSource: description: A POSIX filesystem data source. properties: rootDirectory: description: Root directory path to the filesystem. type: string required: - rootDirectory type: object sinkAgentPoolName: description: Immutable. Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used. type: string sourceAgentPoolName: description: Immutable. Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used. type: string transferOptions: description: Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink. properties: deleteObjectsFromSourceAfterTransfer: description: Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive. type: boolean deleteObjectsUniqueInSink: description: Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive. type: boolean overwriteObjectsAlreadyExistingInSink: description: Whether overwriting objects that already exist in the sink is allowed. type: boolean overwriteWhen: description: When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink. type: string type: object type: object required: - description - transferSpec type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array creationTime: description: When the Transfer Job was created. type: string deletionTime: description: When the Transfer Job was deleted. type: string lastModificationTime: description: When the Transfer Job was last modified. type: string name: description: The name of the Transfer Job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: tagstagbindings.tags.cnrm.cloud.google.com spec: group: tags.cnrm.cloud.google.com names: categories: - gcp kind: TagsTagBinding plural: tagstagbindings shortNames: - gcptagstagbinding - gcptagstagbindings singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: parentRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string tagValueRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `tagValues/{{value}}`, where {{value}} is the `name` field of a `TagsTagValue` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object required: - parentRef - tagValueRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array name: description: 'The generated id for the TagBinding. This is a string of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: tagstagkeys.tags.cnrm.cloud.google.com spec: group: tags.cnrm.cloud.google.com names: categories: - gcp kind: TagsTagKey plural: tagstagkeys shortNames: - gcptagstagkey - gcptagstagkeys singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: User-assigned description of the TagKey. Must not exceed 256 characters. type: string parent: description: Immutable. Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}. type: string purpose: description: |- Immutable. Optional. A purpose cannot be changed once set. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. type: string purposeData: additionalProperties: type: string description: |- Immutable. Optional. Purpose data cannot be changed once set. Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string shortName: description: |- Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - parent - shortName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- Output only. Creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string name: description: The generated numeric id for the TagKey. type: string namespacedName: description: Output only. Namespaced name of the TagKey. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: |- Output only. Update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: tagstagvalues.tags.cnrm.cloud.google.com spec: group: tags.cnrm.cloud.google.com names: categories: - gcp kind: TagsTagValue plural: tagstagvalues shortNames: - gcptagstagvalue - gcptagstagvalues singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: User-assigned description of the TagValue. Must not exceed 256 characters. type: string parentRef: oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: string of the format `tagKeys/{{value}}`, where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string shortName: description: |- Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - parentRef - shortName type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: |- Output only. Creation time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string name: description: The generated numeric id for the TagValue. type: string namespacedName: description: Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: |- Output only. Update time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: tpunodes.tpu.cnrm.cloud.google.com spec: group: tpu.cnrm.cloud.google.com names: categories: - gcp kind: TPUNode plural: tpunodes shortNames: - gcptpunode - gcptpunodes singular: tpunode preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: acceleratorType: description: Immutable. The type of hardware accelerators associated with this node. type: string cidrBlock: description: |- Immutable. The CIDR block that the TPU node will use when selecting an IP address. This CIDR block must be a /29 block; the Compute Engine networks API forbids a smaller block, and using a larger block would be wasteful (a node can only consume one IP address). Errors will occur if the CIDR block has already been used for a currently existing TPU node, the CIDR block conflicts with any subnetworks in the user's provided network, or the provided network is peered with another network that is using that CIDR block. type: string description: description: Immutable. The user-supplied description of the TPU. Maximum of 512 characters. type: string network: description: |- Immutable. The name of a network to peer the TPU node to. It must be a preexisting Compute Engine network inside of the project on which this API has been activated. If none is provided, "default" will be used. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string schedulingConfig: description: Immutable. Sets the scheduling options for this TPU instance. properties: preemptible: description: Immutable. Defines whether the TPU instance is preemptible. type: boolean required: - preemptible type: object tensorflowVersion: description: The version of Tensorflow running in the Node. type: string useServiceNetworking: description: |- Immutable. Whether the VPC peering for the node is set up through Service Networking API. The VPC Peering should be set up before provisioning the node. If this field is set, cidr_block field should not be specified. If the network that you want to peer the TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean zone: description: Immutable. The GCP location for the TPU. If it is not provided, the provider zone is used. type: string required: - acceleratorType - projectRef - tensorflowVersion - zone type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array networkEndpoints: description: |- The network endpoints where TPU workers can be accessed and sent work. It is recommended that Tensorflow clients of the node first reach out to the first (index 0) entry. items: properties: ipAddress: description: The IP address of this network endpoint. type: string port: description: The port of this network endpoint. type: integer type: object type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer serviceAccount: description: |- The service account used to run the tensor flow services within the node. To share resources, including Google Cloud Storage data, with the Tensorflow job running in the Node, this account must have permissions to that data. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIDataset plural: vertexaidatasets shortNames: - gcpvertexaidataset - gcpvertexaidatasets singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: displayName: description: The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters. type: string encryptionSpec: description: Immutable. Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key. properties: kmsKeyName: description: |- Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. type: string type: object metadataSchemaUri: description: Immutable. Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the dataset. eg us-central1. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - metadataSchemaUri - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the dataset was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string name: description: The resource name of the Dataset. This value is set by Google. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIEndpoint plural: vertexaiendpoints shortNames: - gcpvertexaiendpoint - gcpvertexaiendpoints singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the Endpoint. type: string displayName: description: Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters. type: string encryptionSpec: description: Immutable. Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key. properties: kmsKeyName: description: 'Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. The key needs to be in the same region as where the compute resource is created.' type: string required: - kmsKeyName type: object location: description: Immutable. The location for the resource. type: string network: description: 'Immutable. The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): ''projects/{project}/global/networks/{network}''. Where ''{project}'' is a project number, as in ''12345'', and ''{network}'' is network name.' type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region for the resource. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - displayName - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Output only. Timestamp when this Endpoint was created. type: string deployedModels: description: Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). items: properties: automaticResources: description: A description of resources that to large degree are decided by Vertex AI, and require only a modest additional configuration. items: properties: maxReplicaCount: description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, a no upper bound for scaling under heavy traffic will be assume, though Vertex AI may be unable to scale beyond certain replica number. type: integer minReplicaCount: description: The minimum number of replicas this DeployedModel will be always deployed on. If traffic against it increases, it may dynamically be deployed onto more replicas up to max_replica_count, and as traffic decreases, some of these extra replicas may be freed. If the requested value is too large, the deployment will error. type: integer type: object type: array createTime: description: Output only. Timestamp when the DeployedModel was created. type: string dedicatedResources: description: A description of resources that are dedicated to the DeployedModel, and that need a higher degree of manual configuration. items: properties: autoscalingMetricSpecs: description: The metric specifications that overrides a resource utilization metric (CPU utilization, accelerator's duty cycle, and so on) target value (default to 60 if not set). At most one entry is allowed per metric. If machine_spec.accelerator_count is above 0, the autoscaling will be based on both CPU utilization and accelerator's duty cycle metrics and scale up when either metrics exceeds its target value while scale down if both metrics are under their target value. The default target value is 60 for both metrics. If machine_spec.accelerator_count is 0, the autoscaling will be based on CPU utilization metric only with default target value 60 if not explicitly set. For example, in the case of Online Prediction, if you want to override target CPU utilization to 80, you should set autoscaling_metric_specs.metric_name to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' and autoscaling_metric_specs.target to '80'. items: properties: metricName: description: 'The resource metric name. Supported metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' type: string target: description: The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided. type: integer type: object type: array machineSpec: description: The specification of a single machine used by the prediction. items: properties: acceleratorCount: description: The number of accelerators to attach to the machine. type: integer acceleratorType: description: The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). type: string machineType: description: 'The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) See the [list of machine types supported for custom training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). For DeployedModel this field is optional, and the default value is ''n1-standard-2''. For BatchPredictionJob or as part of WorkerPoolSpec this field is required. TODO(rsurowka): Try to better unify the required vs optional.' type: string type: object type: array maxReplicaCount: description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type). type: integer minReplicaCount: description: The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed. type: integer type: object type: array displayName: description: The display name of the DeployedModel. If not provided upon creation, the Model's display_name is used. type: string enableAccessLogging: description: These logs are like standard server access logs, containing information like timestamp and latency for each prediction request. Note that Stackdriver logs may incur a cost, especially if your project receives prediction requests at a high queries per second rate (QPS). Estimate your costs before enabling this option. type: boolean enableContainerLogging: description: If true, the container of the DeployedModel instances will send 'stderr' and 'stdout' streams to Stackdriver Logging. Only supported for custom-trained Models and AutoML Tabular Models. type: boolean id: description: The ID of the DeployedModel. If not provided upon deployment, Vertex AI will generate a value for this ID. This value should be 1-10 characters, and valid characters are /[0-9]/. type: string model: description: The name of the Model that this is the deployment of. Note that the Model may be in a different location than the DeployedModel's Endpoint. type: string modelVersionId: description: Output only. The version ID of the model that is deployed. type: string privateEndpoints: description: Output only. Provide paths for users to send predict/explain/health requests directly to the deployed model services running on Cloud via private services access. This field is populated if network is configured. items: properties: explainHttpUri: description: Output only. Http(s) path to send explain requests. type: string healthHttpUri: description: Output only. Http(s) path to send health check requests. type: string predictHttpUri: description: Output only. Http(s) path to send prediction requests. type: string serviceAttachment: description: Output only. The name of the service attachment resource. Populated if private service connect is enabled. type: string type: object type: array serviceAccount: description: The service account that the DeployedModel's container runs as. Specify the email address of the service account. If this service account is not specified, the container runs as a service account that doesn't have access to the resource project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' permission on this service account. type: string sharedResources: description: 'The resource name of the shared DeploymentResourcePool to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' type: string type: object type: array etag: description: Used to perform consistent read-modify-write updates. If not set, a blind "overwrite" update happens. type: string modelDeploymentMonitoringJob: description: 'Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIFeaturestoreEntityTypeFeature plural: vertexaifeaturestoreentitytypefeatures shortNames: - gcpvertexaifeaturestoreentitytypefeature - gcpvertexaifeaturestoreentitytypefeatures singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Description of the feature. type: string entitytype: description: Immutable. The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string valueType: description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string required: - entitytype - valueType type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the entity type was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string etag: description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The timestamp when the entity type was most recently updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIFeaturestoreEntityType plural: vertexaifeaturestoreentitytypes shortNames: - gcpvertexaifeaturestoreentitytype - gcpvertexaifeaturestoreentitytypes singular: vertexaifeaturestoreentitytype preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Optional. Description of the EntityType. type: string featurestore: description: Immutable. The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. type: string monitoringConfig: description: |- The default monitoring configuration for all Features under this EntityType. If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. properties: categoricalThresholdConfig: description: Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING). properties: value: description: Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. type: number required: - value type: object importFeaturesAnalysis: description: The config for ImportFeatures Analysis Based Feature Monitoring. properties: anomalyDetectionBaseline: description: |- Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string state: description: |- Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string type: object numericalThresholdConfig: description: Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64). properties: value: description: Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. type: number required: - value type: object snapshotAnalysis: description: The config for Snapshot Analysis Based Feature Monitoring. properties: disabled: description: 'The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.' type: boolean monitoringInterval: description: |- DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string monitoringIntervalDays: description: |- Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. type: integer stalenessDays: description: Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days. type: integer type: object type: object offlineStorageTtlDays: description: Config for data retention policy in offline storage. TTL in days for feature values that will be stored in offline storage. The Feature Store offline storage periodically removes obsolete feature values older than offlineStorageTtlDays since the feature generation time. If unset (or explicitly set to 0), default to 4000 days TTL. type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - featurestore type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string etag: description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer region: description: The region of the EntityType. type: string updateTime: description: The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIFeaturestore plural: vertexaifeaturestores shortNames: - gcpvertexaifeaturestore - gcpvertexaifeaturestores singular: vertexaifeaturestore preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: encryptionSpec: description: If set, both of the online and offline data storage will be secured by this key. properties: kmsKeyName: description: 'The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.' type: string required: - kmsKeyName type: object forceDestroy: description: If set to true, any EntityTypes and Features for this Featurestore will also be deleted. type: boolean onlineServingConfig: description: Config for online serving resources. properties: fixedNodeCount: description: The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating. type: integer scaling: description: Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other. properties: maxNodeCount: description: The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'. type: integer minNodeCount: description: The minimum number of nodes to scale down to. Must be greater than or equal to 1. type: integer required: - maxNodeCount - minNodeCount type: object type: object onlineStorageTtlDays: description: TTL in days for feature values that will be stored in online serving storage. The Feature Store online storage periodically removes obsolete feature values older than onlineStorageTtlDays since the feature generation time. Note that onlineStorageTtlDays should be less than or equal to offlineStorageTtlDays for each EntityType under a featurestore. If not set, default to 4000 days. type: integer projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the dataset. eg us-central1. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string etag: description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIIndex plural: vertexaiindexes shortNames: - gcpvertexaiindex - gcpvertexaiindexes singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: The description of the Index. type: string displayName: description: The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters. type: string indexUpdateMethod: description: |- Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. type: string metadata: description: An additional information about the Index. properties: config: description: Immutable. The configuration of the Matching Engine Index. properties: algorithmConfig: description: The configuration with regard to the algorithms used for efficient search. properties: bruteForceConfig: description: |- Configuration options for using brute force search, which simply implements the standard linear search in the database for each query. type: object x-kubernetes-preserve-unknown-fields: true treeAhConfig: description: |- Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. properties: leafNodeEmbeddingCount: description: Number of embeddings on each leaf node. The default value is 1000 if not set. type: integer leafNodesToSearchPercent: description: |- The default percentage of leaf nodes that any query may be searched. Must be in range 1-100, inclusive. The default value is 10 (means 10%) if not set. type: integer type: object type: object approximateNeighborsCount: description: |- The default number of neighbors to find via approximate search before exact reordering is performed. Exact reordering is a procedure where results returned by an approximate search algorithm are reordered via a more expensive distance computation. Required if tree-AH algorithm is used. type: integer dimensions: description: The number of dimensions of the input vectors. type: integer distanceMeasureType: description: |- The distance measure used in nearest neighbor search. The value must be one of the followings: * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance * L1_DISTANCE: Manhattan (L_1) Distance * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. type: string featureNormType: description: |- Type of normalization to be carried out on each vector. The value must be one of the followings: * UNIT_L2_NORM: Unit L2 normalization type * NONE: No normalization type is specified. type: string required: - dimensions type: object contentsDeltaUri: description: |- Allows inserting, updating or deleting the contents of the Matching Engine Index. The string must be a valid Cloud Storage directory path. If this field is set when calling IndexService.UpdateIndex, then no other Index field can be also updated as part of the same call. The expected structure and format of the files this URI points to is described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. type: string isCompleteOverwrite: description: |- If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, then existing content of the Index will be replaced by the data from the contentsDeltaUri. type: boolean type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the index. eg us-central1. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the Index was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string deployedIndexes: description: The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first. items: properties: deployedIndexId: description: The ID of the DeployedIndex in the above IndexEndpoint. type: string indexEndpoint: description: A resource name of the IndexEndpoint. type: string type: object type: array etag: description: Used to perform consistent read-modify-write updates. type: string indexStats: description: Stats of the index resource. items: properties: shardsCount: description: The number of shards in the Index. type: integer vectorsCount: description: The number of vectors in the Index. type: string type: object type: array metadataSchemaUri: description: Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information. type: string name: description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer updateTime: description: The timestamp of when the Index was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAIMetadataStore plural: vertexaimetadatastores shortNames: - gcpvertexaimetadatastore - gcpvertexaimetadatastores singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Immutable. Description of the MetadataStore. type: string encryptionSpec: description: Immutable. Customer-managed encryption key spec for a MetadataStore. If set, this MetadataStore and all sub-resources of this MetadataStore will be secured by this key. properties: kmsKeyName: description: |- Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. type: string type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the Metadata Store. eg us-central1. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the MetadataStore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer state: description: State information of the MetadataStore. items: properties: diskUtilizationBytes: description: The disk utilization of the MetadataStore in bytes. type: string type: object type: array updateTime: description: The timestamp of when the MetadataStore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: group: vertexai.cnrm.cloud.google.com names: categories: - gcp kind: VertexAITensorboard plural: vertexaitensorboards shortNames: - gcpvertexaitensorboard - gcpvertexaitensorboards singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: description: description: Description of this Tensorboard. type: string displayName: description: User provided name of this Tensorboard. type: string encryptionSpec: description: Immutable. Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key. properties: kmsKeyName: description: |- Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. type: string required: - kmsKeyName type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the tensorboard. eg us-central1. type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string required: - displayName - projectRef - region type: object status: properties: blobStoragePathPrefix: description: Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'. type: string conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the Tensorboard was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string name: description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer runCount: description: The number of Runs stored in this Tensorboard. type: string updateTime: description: The timestamp of when the Tensorboard was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com spec: group: vpcaccess.cnrm.cloud.google.com names: categories: - gcp kind: VPCAccessConnector plural: vpcaccessconnectors shortNames: - gcpvpcaccessconnector - gcpvpcaccessconnectors singular: vpcaccessconnector preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: ipCidrRange: description: 'Immutable. The range of internal addresses that follows RFC 4632 notation. Example: ''10.132.0.0/28''.' type: string location: description: 'Location represents the geographical location of the VPCAccessConnector. Specify a region name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string machineType: description: Immutable. Machine type of VM Instance underlying connector. Default is e2-micro. type: string maxInstances: description: Immutable. Maximum value of instances in autoscaling group underlying the connector. type: integer maxThroughput: description: Immutable. Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. type: integer minInstances: description: Immutable. Minimum value of instances in autoscaling group underlying the connector. type: integer minThroughput: description: Immutable. Minimum throughput of the connector in Mbps. Default and min is 200. type: integer networkRef: description: Immutable. Name or self_link of the VPC network. Required if 'ip_cidr_range' is set. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subnet: description: Immutable. The subnet in which to house the connector. properties: nameRef: description: |- Immutable. Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}" oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object projectRef: description: Immutable. Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object required: - location - projectRef type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array connectedProjects: description: List of projects using the connector. items: type: string type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer selfLink: description: The fully qualified name of this VPC connector. type: string state: description: State of the VPC access connector. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: workflowsworkflows.workflows.cnrm.cloud.google.com spec: group: workflows.cnrm.cloud.google.com names: categories: - gcp kind: WorkflowsWorkflow plural: workflowsworkflows shortNames: - gcpworkflowsworkflow - gcpworkflowsworkflows singular: workflowsworkflow preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cryptoKeyName: description: |- The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}. type: string description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. type: string namePrefix: description: Immutable. type: string projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object region: description: Immutable. The region of the workflow. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string serviceAccount: description: |- Name of the service account associated with the latest workflow version. This service account represents the identity of the workflow and determines what permissions the workflow has. Format: projects/{project}/serviceAccounts/{account} or {account}. Using - as a wildcard for the {project} or not providing one at all will infer the project from the account. The {account} value can be the email address or the unique_id of the service account. If not provided, workflow will use the project's default service account. Modifying this field for an existing workflow results in a new workflow revision. type: string sourceContents: description: Workflow code to be executed. The size limit is 32KB. type: string required: - projectRef - region type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: The timestamp of when the workflow was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer revisionId: description: The revision of the workflow. A new one is generated if the service account or source contents is changed. type: string state: description: State of the workflow deployment. type: string updateTime: description: The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.106.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com spec: group: workstations.cnrm.cloud.google.com names: categories: - gcp kind: WorkstationsWorkstationCluster plural: workstationsworkstationclusters shortNames: - gcpworkstationsworkstationcluster - gcpworkstationsworkstationclusters singular: workstationsworkstationcluster preserveUnknownFields: false scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: annotations: additionalProperties: type: string description: Client-specified annotations. This is distinct from labels. type: object displayName: description: Human-readable name for this resource. type: string location: description: Immutable. The location where the workstation cluster should reside. type: string network: description: |- Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". type: string privateClusterConfig: description: Configuration for private cluster. properties: clusterHostname: description: |- Hostname for the workstation cluster. This field will be populated only when private endpoint is enabled. To access workstations in the cluster, create a new DNS zone mapping this domain name to an internal IP address and a forwarding rule mapping that address to the service attachment. type: string enablePrivateEndpoint: description: Immutable. Whether Workstations endpoint is private. type: boolean serviceAttachmentUri: description: |- Service attachment URI for the workstation cluster. The service attachment is created when private endpoint is enabled. To access workstations in the cluster, configure access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]. type: string required: - enablePrivateEndpoint type: object projectRef: description: The project that this resource belongs to. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object resourceID: description: Immutable. Optional. The workstationClusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string subnetwork: description: |- Immutable. Name of the Compute Engine subnetwork in which instances associated with this cluster will be created. Must be part of the subnetwork specified for this cluster. type: string required: - location - network - projectRef - subnetwork type: object status: properties: conditions: description: Conditions represent the latest available observation of the resource's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array createTime: description: Time when this resource was created. type: string degraded: description: |- Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. type: boolean etag: description: |- Checksum computed by the server. May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. type: string name: description: The name of the cluster resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. type: integer resourceConditions: description: Status conditions describing the current resource state. items: properties: code: description: The status code, which should be an enum value of google.rpc.Code. type: integer details: description: A list of messages that carry the error details. items: type: object x-kubernetes-preserve-unknown-fields: true type: array message: description: Human readable message indicating details about the current status. type: string type: object type: array uid: description: The system-generated UID of the resource. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []