From 72aea154b6a12b00b41f219f41bd984611cfa9cb Mon Sep 17 00:00:00 2001 From: "Yuan (Bob) Gong" Date: Tue, 10 Nov 2020 16:26:41 +0800 Subject: [PATCH] feat: upgrade management cluster to 0.29.0 (#805) * feat: upgrade management cluster to KCC operator * update .build * set values * wip * wip2 * wip3 * update * update --- ....google.com_v1alpha1_cloudservice_gke.yaml | 7 - ...ha2_containercluster_kf-ci-management.yaml | 16 - ...ta1_containercluster_kf-ci-management.yaml | 14 + ...inernodepool_kf-ci-management-pool-2.yaml} | 10 +- ...om_v1alpha2_identitynamespace_default.yaml | 6 - ...eta1_service_container.googleapis.com.yaml | 8 + ...olicy_kf-ci-management-cnrm-system-wi.yaml | 14 + ...eaccount_kf-ci-management-cnrm-system.yaml | 7 + ...scontextmanager.cnrm.cloud.google.com.yaml | 272 - ...scontextmanager.cnrm.cloud.google.com.yaml | 94 - ...tasets.bigquery.cnrm.cloud.google.com.yaml | 261 - ...tables.bigquery.cnrm.cloud.google.com.yaml | 234 - ...tances.bigtable.cnrm.cloud.google.com.yaml | 98 - ...gers.cloudbuild.cnrm.cloud.google.com.yaml | 398 - ...dresses.compute.cnrm.cloud.google.com.yaml | 191 - ...buckets.compute.cnrm.cloud.google.com.yaml | 137 - ...ervices.compute.cnrm.cloud.google.com.yaml | 810 - ...tedisks.compute.cnrm.cloud.google.com.yaml | 405 - ...ateways.compute.cnrm.cloud.google.com.yaml | 107 - ...rewalls.compute.cnrm.cloud.google.com.yaml | 303 - ...ngrules.compute.cnrm.cloud.google.com.yaml | 440 - ...hchecks.compute.cnrm.cloud.google.com.yaml | 377 - ...hchecks.compute.cnrm.cloud.google.com.yaml | 125 - ...hchecks.compute.cnrm.cloud.google.com.yaml | 125 - ...eimages.compute.cnrm.cloud.google.com.yaml | 179 - ...egroups.compute.cnrm.cloud.google.com.yaml | 150 - ...stances.compute.cnrm.cloud.google.com.yaml | 578 - ...mplates.compute.cnrm.cloud.google.com.yaml | 404 - ...chments.compute.cnrm.cloud.google.com.yaml | 210 - ...tgroups.compute.cnrm.cloud.google.com.yaml | 157 - ...eerings.compute.cnrm.cloud.google.com.yaml | 141 - ...etworks.compute.cnrm.cloud.google.com.yaml | 109 - ...egroups.compute.cnrm.cloud.google.com.yaml | 122 - ...mplates.compute.cnrm.cloud.google.com.yaml | 136 - ...vations.compute.cnrm.cloud.google.com.yaml | 177 - ...olicies.compute.cnrm.cloud.google.com.yaml | 190 - ...erfaces.compute.cnrm.cloud.google.com.yaml | 161 - ...ternats.compute.cnrm.cloud.google.com.yaml | 275 - ...erpeers.compute.cnrm.cloud.google.com.yaml | 217 - ...routers.compute.cnrm.cloud.google.com.yaml | 170 - ...eroutes.compute.cnrm.cloud.google.com.yaml | 227 - ...olicies.compute.cnrm.cloud.google.com.yaml | 122 - ...rojects.compute.cnrm.cloud.google.com.yaml | 75 - ...rojects.compute.cnrm.cloud.google.com.yaml | 107 - ...apshots.compute.cnrm.cloud.google.com.yaml | 246 - ...ficates.compute.cnrm.cloud.google.com.yaml | 178 - ...olicies.compute.cnrm.cloud.google.com.yaml | 131 - ...etworks.compute.cnrm.cloud.google.com.yaml | 214 - ...proxies.compute.cnrm.cloud.google.com.yaml | 123 - ...proxies.compute.cnrm.cloud.google.com.yaml | 185 - ...stances.compute.cnrm.cloud.google.com.yaml | 123 - ...etpools.compute.cnrm.cloud.google.com.yaml | 170 - ...proxies.compute.cnrm.cloud.google.com.yaml | 176 - ...proxies.compute.cnrm.cloud.google.com.yaml | 123 - ...ateways.compute.cnrm.cloud.google.com.yaml | 121 - ...urlmaps.compute.cnrm.cloud.google.com.yaml | 1654 - ...ateways.compute.cnrm.cloud.google.com.yaml | 127 - ...tunnels.compute.cnrm.cloud.google.com.yaml | 309 - ...orcontexts.core.cnrm.cloud.google.com.yaml | 84 + ...connectors.core.cnrm.cloud.google.com.yaml | 122 + ...sters.container.cnrm.cloud.google.com.yaml | 565 - ...pools.container.cnrm.cloud.google.com.yaml | 260 - ...owjobs.dataflow.cnrm.cloud.google.com.yaml | 181 - ...anagedzones.dns.cnrm.cloud.google.com.yaml | 245 - ...dnspolicies.dns.cnrm.cloud.google.com.yaml | 149 - ...srecordsets.dns.cnrm.cloud.google.com.yaml | 121 - ...dexes.firestore.cnrm.cloud.google.com.yaml | 124 - ...resourcemanager.cnrm.cloud.google.com.yaml | 90 - ...customroles.iam.cnrm.cloud.google.com.yaml | 95 - ...iampolicies.iam.cnrm.cloud.google.com.yaml | 147 - ...licymembers.iam.cnrm.cloud.google.com.yaml | 138 - ...accountkeys.iam.cnrm.cloud.google.com.yaml | 123 - ...iceaccounts.iam.cnrm.cloud.google.com.yaml | 88 - ...scryptokeys.kms.cnrm.cloud.google.com.yaml | 137 - ...kmskeyrings.kms.cnrm.cloud.google.com.yaml | 89 - ...resourcemanager.cnrm.cloud.google.com.yaml | 111 - ...riptions.pubsub.cnrm.cloud.google.com.yaml | 237 - ...ubtopics.pubsub.cnrm.cloud.google.com.yaml | 123 - ...instances.redis.cnrm.cloud.google.com.yaml | 183 - ...cemappings.core.cnrm.cloud.google.com.yaml | 362 - ...rvicenetworking.cnrm.cloud.google.com.yaml | 140 - ...es.serviceusage.cnrm.cloud.google.com.yaml | 75 - ...ries.sourcerepo.cnrm.cloud.google.com.yaml | 151 - ...tabases.spanner.cnrm.cloud.google.com.yaml | 119 - ...stances.spanner.cnrm.cloud.google.com.yaml | 103 - ...qldatabases.sql.cnrm.cloud.google.com.yaml | 125 - ...qlinstances.sql.cnrm.cloud.google.com.yaml | 355 - ...on_sqlusers.sql.cnrm.cloud.google.com.yaml | 146 - ...ontrols.storage.cnrm.cloud.google.com.yaml | 135 - ...buckets.storage.cnrm.cloud.google.com.yaml | 203 - ...ontrols.storage.cnrm.cloud.google.com.yaml | 150 - ...cations.storage.cnrm.cloud.google.com.yaml | 150 - ...ployment_cnrm-resource-stats-recorder.yaml | 56 - ...ps_v1_deployment_cnrm-webhook-manager.yaml | 57 - ..._v1_statefulset_cnrm-deletiondefender.yaml | 52 - ..._statefulset_configconnector-operator.yaml | 47 + ...vice_configconnector-operator-service.yaml | 16 + ...rviceaccount_configconnector-operator.yaml | 9 + ...gconnector.core.cnrm.cloud.google.com.yaml | 7 + ...tion.k8s.io_v1_clusterrole_cnrm-admin.yaml | 40 - ...lusterrole_cnrm-deletiondefender-role.yaml | 49 - ...clusterrole_cnrm-manager-cluster-role.yaml | 57 - ...o_v1_clusterrole_cnrm-manager-ns-role.yaml | 24 - ....io_v1_clusterrole_cnrm-recorder-role.yaml | 29 - ...s.io_v1_clusterrole_cnrm-webhook-role.yaml | 62 - ...configconnector-operator-manager-role.yaml | 158 + ...clusterrolebinding_cnrm-admin-binding.yaml | 19 - ...binding_cnrm-deletiondefender-binding.yaml | 16 - ...sterrolebinding_cnrm-recorder-binding.yaml | 16 - ...usterrolebinding_cnrm-webhook-binding.yaml | 16 - ..._configconnector-operator-rolebinding.yaml | 16 + .../~g_v1_namespace_cnrm-system.yaml | 8 - ...space_configconnector-operator-system.yaml | 8 + .../~g_v1_service_cnrm-deletiondefender.yaml | 16 - ..._cnrm-resource-stats-recorder-service.yaml | 19 - ..._serviceaccount_cnrm-deletiondefender.yaml | 9 - ...eaccount_cnrm-resource-stats-recorder.yaml | 9 - ...1_serviceaccount_cnrm-webhook-manager.yaml | 9 - test-infra/management/Makefile | 29 +- .../configsync/config-management.yaml | 2 +- test-infra/management/instance/Kptfile | 34 + .../management/instance/cluster/cluster.yaml | 16 - .../instance/cluster/kustomization.yaml | 5 +- .../management/instance/cluster/nodepool.yaml | 5 - .../cnrm-install-iam/kustomization.yaml | 5 + .../cnrm-install-system/0-cnrm-system.yaml | 823 - .../instance/cnrm-install-system/crds.yaml | 24978 ---------------- .../cnrm-install-system/kustomization.yaml | 8 +- .../instance/managed-project/README.md | 4 + .../instance/managed-project/iam.yaml | 14 + test-infra/management/instance/settings.yaml | 6 +- .../management/upstream/management/Kptfile | 98 +- .../upstream/management/cluster/cluster.yaml | 32 +- .../management/cluster/enable-services.yaml | 20 +- .../management/cluster/kustomization.yaml | 2 +- .../upstream/management/cluster/nodepool.yaml | 16 +- .../management/cnrm-install/README.md | 11 +- .../cnrm-install/enable-services.yaml | 8 - .../upstream/management/cnrm-install/iam.yaml | 36 - .../management/cnrm-install/iam/iam.yaml | 27 + .../kustomization.yaml | 3 +- .../install-system/0-cnrm-system.yaml | 581 - .../cnrm-install/install-system/crds.yaml | 17665 ----------- .../instance/configconnector.yaml | 7 + .../cnrm-install/instance/kustomization.yaml | 4 + .../configconnector-operator.yaml | 467 + .../operator-system/kustomization.yaml | 4 + .../services/enable-services.yaml | 9 + .../cnrm-install/services/kustomization.yaml | 4 + .../management/hack/example-config.sh | 3 + .../upstream/management/hack/reset.sh | 3 + 151 files changed, 1262 insertions(+), 62363 deletions(-) delete mode 100644 test-infra/management/.build/cluster/cnrm.cloud.google.com_v1alpha1_cloudservice_gke.yaml delete mode 100644 test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containercluster_kf-ci-management.yaml create mode 100644 test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containercluster_kf-ci-management.yaml rename test-infra/management/.build/cluster/{container.cnrm.cloud.google.com_v1alpha2_containernodepool_kf-ci-management-pool.yaml => container.cnrm.cloud.google.com_v1beta1_containernodepool_kf-ci-management-pool-2.yaml} (76%) delete mode 100644 test-infra/management/.build/cluster/identity.cnrm.cloud.google.com_v1alpha2_identitynamespace_default.yaml create mode 100644 test-infra/management/.build/cluster/serviceusage.cnrm.cloud.google.com_v1beta1_service_container.googleapis.com.yaml create mode 100644 test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iampolicy_kf-ci-management-cnrm-system-wi.yaml create mode 100644 test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_kf-ci-management-cnrm-system.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerydatasets.bigquery.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerytables.bigquery.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigtableinstances.bigtable.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeaddresses.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendbuckets.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendservices.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computedisks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeexternalvpngateways.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computefirewalls.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeforwardingrules.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehealthchecks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttphealthchecks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttpshealthchecks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeimages.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancegroups.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstances.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancetemplates.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinterconnectattachments.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkendpointgroups.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkpeerings.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodegroups.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodetemplates.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computereservations.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeresourcepolicies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterinterfaces.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouternats.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterpeers.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouters.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeroutes.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesecuritypolicies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpchostprojects.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpcserviceprojects.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesnapshots.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslcertificates.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslpolicies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesubnetworks.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpproxies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpsproxies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetinstances.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetpools.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetsslproxies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargettcpproxies.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetvpngateways.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeurlmaps.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpngateways.compute.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpntunnels.compute.cnrm.cloud.google.com.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectorcontexts.core.cnrm.cloud.google.com.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectors.core.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containerclusters.container.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containernodepools.container.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dataflowjobs.dataflow.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsmanagedzones.dns.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnspolicies.dns.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsrecordsets.dns.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_firestoreindexes.firestore.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_folders.resourcemanager.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamcustomroles.iam.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicies.iam.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicymembers.iam.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccountkeys.iam.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccounts.iam.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmscryptokeys.kms.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmskeyrings.kms.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_projects.resourcemanager.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubsubscriptions.pubsub.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubtopics.pubsub.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisinstances.redis.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicemappings.core.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serviceusage.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sourcereporepositories.sourcerepo.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerdatabases.spanner.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerinstances.spanner.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqldatabases.sql.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlinstances.sql.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlusers.sql.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebucketaccesscontrols.storage.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebuckets.storage.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagenotifications.storage.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-resource-stats-recorder.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-webhook-manager.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/apps_v1_statefulset_cnrm-deletiondefender.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/configconnector-operator-system_apps_v1_statefulset_configconnector-operator.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_service_configconnector-operator-service.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_serviceaccount_configconnector-operator.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/default_core.cnrm.cloud.google.com_v1beta1_configconnector_configconnector.core.cnrm.cloud.google.com.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-admin.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-deletiondefender-role.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-cluster-role.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-ns-role.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-recorder-role.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-webhook-role.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_configconnector-operator-manager-role.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-admin-binding.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-deletiondefender-binding.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-recorder-binding.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-webhook-binding.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_configconnector-operator-rolebinding.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_namespace_cnrm-system.yaml create mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_namespace_configconnector-operator-system.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-deletiondefender.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-resource-stats-recorder-service.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-deletiondefender.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-resource-stats-recorder.yaml delete mode 100644 test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-webhook-manager.yaml create mode 100644 test-infra/management/instance/Kptfile delete mode 100644 test-infra/management/instance/cluster/cluster.yaml delete mode 100644 test-infra/management/instance/cluster/nodepool.yaml create mode 100644 test-infra/management/instance/cnrm-install-iam/kustomization.yaml delete mode 100644 test-infra/management/instance/cnrm-install-system/0-cnrm-system.yaml delete mode 100644 test-infra/management/instance/cnrm-install-system/crds.yaml create mode 100644 test-infra/management/instance/managed-project/README.md create mode 100644 test-infra/management/instance/managed-project/iam.yaml delete mode 100644 test-infra/management/upstream/management/cnrm-install/enable-services.yaml delete mode 100644 test-infra/management/upstream/management/cnrm-install/iam.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/iam/iam.yaml rename test-infra/management/upstream/management/cnrm-install/{install-system => iam}/kustomization.yaml (69%) delete mode 100644 test-infra/management/upstream/management/cnrm-install/install-system/0-cnrm-system.yaml delete mode 100644 test-infra/management/upstream/management/cnrm-install/install-system/crds.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/instance/configconnector.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/instance/kustomization.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/operator-system/configconnector-operator.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/operator-system/kustomization.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/services/enable-services.yaml create mode 100644 test-infra/management/upstream/management/cnrm-install/services/kustomization.yaml create mode 100755 test-infra/management/upstream/management/hack/example-config.sh create mode 100755 test-infra/management/upstream/management/hack/reset.sh diff --git a/test-infra/management/.build/cluster/cnrm.cloud.google.com_v1alpha1_cloudservice_gke.yaml b/test-infra/management/.build/cluster/cnrm.cloud.google.com_v1alpha1_cloudservice_gke.yaml deleted file mode 100644 index 6d849e4e394..00000000000 --- a/test-infra/management/.build/cluster/cnrm.cloud.google.com_v1alpha1_cloudservice_gke.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cnrm.cloud.google.com/v1alpha1 -kind: CloudService -metadata: - name: gke - namespace: kubeflow-ci -spec: - service: container.googleapis.com diff --git a/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containercluster_kf-ci-management.yaml b/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containercluster_kf-ci-management.yaml deleted file mode 100644 index f7e09a17479..00000000000 --- a/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containercluster_kf-ci-management.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: container.cnrm.cloud.google.com/v1alpha2 -kind: ContainerCluster -metadata: - clusterName: kubeflow-ci/us-central1/kf-ci-management - name: kf-ci-management - namespace: kubeflow-ci -spec: - clusterTelemetry: - type: enabled - ipAllocationPolicy: - useIpAliases: true - location: us-central1 - releaseChannel: - channel: RAPID - workloadIdentity: - identityNamespace: default diff --git a/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containercluster_kf-ci-management.yaml b/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containercluster_kf-ci-management.yaml new file mode 100644 index 00000000000..5a4421e2d40 --- /dev/null +++ b/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containercluster_kf-ci-management.yaml @@ -0,0 +1,14 @@ +apiVersion: container.cnrm.cloud.google.com/v1beta1 +kind: ContainerCluster +metadata: + annotations: + gke.io/cluster: bootstrap:// + name: kf-ci-management + namespace: kubeflow-ci +spec: + initialNodeCount: 3 + location: us-central1 + releaseChannel: + channel: REGULAR + workloadIdentityConfig: + identityNamespace: kubeflow-ci.svc.id.goog diff --git a/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containernodepool_kf-ci-management-pool.yaml b/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containernodepool_kf-ci-management-pool-2.yaml similarity index 76% rename from test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containernodepool_kf-ci-management-pool.yaml rename to test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containernodepool_kf-ci-management-pool-2.yaml index 1d7d96bd260..0cc1571c1f8 100644 --- a/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1alpha2_containernodepool_kf-ci-management-pool.yaml +++ b/test-infra/management/.build/cluster/container.cnrm.cloud.google.com_v1beta1_containernodepool_kf-ci-management-pool-2.yaml @@ -1,8 +1,10 @@ -apiVersion: container.cnrm.cloud.google.com/v1alpha2 +apiVersion: container.cnrm.cloud.google.com/v1beta1 kind: ContainerNodePool metadata: + annotations: + gke.io/cluster: bootstrap:// clusterName: kubeflow-ci/us-central1/kf-ci-management - name: kf-ci-management-pool + name: kf-ci-management-pool-2 namespace: kubeflow-ci spec: autoscaling: @@ -23,7 +25,7 @@ spec: - https://www.googleapis.com/auth/devstorage.read_only - https://www.googleapis.com/auth/logging.write - https://www.googleapis.com/auth/monitoring - - https://www.googleapis.com/auth/servicecontrol - - https://www.googleapis.com/auth/service.management.readonly - https://www.googleapis.com/auth/trace.append preemptible: false + workloadMetadataConfig: + mode: GKE_METADATA diff --git a/test-infra/management/.build/cluster/identity.cnrm.cloud.google.com_v1alpha2_identitynamespace_default.yaml b/test-infra/management/.build/cluster/identity.cnrm.cloud.google.com_v1alpha2_identitynamespace_default.yaml deleted file mode 100644 index 40283aeff8d..00000000000 --- a/test-infra/management/.build/cluster/identity.cnrm.cloud.google.com_v1alpha2_identitynamespace_default.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: identity.cnrm.cloud.google.com/v1alpha2 -kind: IdentityNamespace -metadata: - name: default - namespace: kubeflow-ci -spec: {} diff --git a/test-infra/management/.build/cluster/serviceusage.cnrm.cloud.google.com_v1beta1_service_container.googleapis.com.yaml b/test-infra/management/.build/cluster/serviceusage.cnrm.cloud.google.com_v1beta1_service_container.googleapis.com.yaml new file mode 100644 index 00000000000..342d15018c2 --- /dev/null +++ b/test-infra/management/.build/cluster/serviceusage.cnrm.cloud.google.com_v1beta1_service_container.googleapis.com.yaml @@ -0,0 +1,8 @@ +apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/deletion-policy: abandon + cnrm.cloud.google.com/disable-dependent-services: "false" + name: container.googleapis.com + namespace: kubeflow-ci diff --git a/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iampolicy_kf-ci-management-cnrm-system-wi.yaml b/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iampolicy_kf-ci-management-cnrm-system-wi.yaml new file mode 100644 index 00000000000..2acb645a621 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iampolicy_kf-ci-management-cnrm-system-wi.yaml @@ -0,0 +1,14 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicy +metadata: + name: kf-ci-management-cnrm-system-wi + namespace: kubeflow-ci +spec: + bindings: + - members: + - serviceAccount:kubeflow-ci.svc.id.goog[cnrm-system/cnrm-controller-manager] + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1alpha1 + kind: IAMServiceAccount + name: kf-ci-management-cnrm-system diff --git a/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_kf-ci-management-cnrm-system.yaml b/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_kf-ci-management-cnrm-system.yaml new file mode 100644 index 00000000000..2aed9697127 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-iam/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_kf-ci-management-cnrm-system.yaml @@ -0,0 +1,7 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + name: kf-ci-management-cnrm-system + namespace: kubeflow-ci +spec: + displayName: Service account for CNRM diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com.yaml deleted file mode 100644 index da73d95ab97..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,272 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessLevel - plural: accesscontextmanageraccesslevels - shortNames: - - gcpaccesscontextmanageraccesslevel - - gcpaccesscontextmanageraccesslevels - singular: accesscontextmanageraccesslevel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - accessPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - basic: - description: A set of predefined conditions for the access level and - a combining function. - properties: - combiningFunction: - description: |- - How the conditions list should be combined to determine if a request - is granted this AccessLevel. If AND is used, each Condition in - conditions must be satisfied for the AccessLevel to be applied. If - OR is used, at least one Condition in conditions must be satisfied - for the AccessLevel to be applied. Defaults to AND if unspecified. - type: string - conditions: - description: A set of requirements for the AccessLevel to be granted. - items: - properties: - devicePolicy: - description: |- - Device specific restrictions, all restrictions must hold for - the Condition to be true. If not specified, all devices are - allowed. - properties: - allowedDeviceManagementLevels: - description: |- - A list of allowed device management levels. - An empty list allows all management levels. - items: - type: string - type: array - allowedEncryptionStatuses: - description: |- - A list of allowed encryptions statuses. - An empty list allows all statuses. - items: - type: string - type: array - osConstraints: - description: |- - A list of allowed OS versions. - An empty list allows all types and all versions. - items: - properties: - minimumVersion: - description: |- - The minimum allowed OS version. If not set, any version - of this OS satisfies the constraint. - Format: "major.minor.patch" such as "10.5.301", "9.2.1". - type: string - osType: - description: The operating system type of the device. - type: string - required: - - osType - type: object - type: array - requireAdminApproval: - description: Whether the device needs to be approved by - the customer admin. - type: boolean - requireCorpOwned: - description: Whether the device needs to be corp owned. - type: boolean - requireScreenLock: - description: |- - Whether or not screenlock is required for the DevicePolicy - to be true. Defaults to false. - type: boolean - type: object - ipSubnetworks: - description: |- - A list of CIDR block IP subnetwork specification. May be IPv4 - or IPv6. - Note that for a CIDR IP address block, the specified IP address - portion must be properly truncated (i.e. all the host bits must - be zero) or the input is considered malformed. For example, - "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, - for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" - is not. The originating IP of a request must be in one of the - listed subnets in order for this Condition to be true. - If empty, all IP addresses are allowed. - items: - type: string - type: array - members: - items: - properties: - group: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - user: - type: string - type: object - type: array - negate: - description: |- - Whether to negate the Condition. If true, the Condition becomes - a NAND over its non-empty fields, each field must be false for - the Condition overall to be satisfied. Defaults to false. - type: boolean - requiredAccessLevels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - type: array - required: - - conditions - type: object - description: - description: Description of the AccessLevel and its use. Does not affect - behavior. - type: string - title: - description: Human readable title. Must be unique within the Policy. - type: string - required: - - accessPolicyRef - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com.yaml deleted file mode 100644 index 748c80a40f5..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessPolicy - plural: accesscontextmanageraccesspolicies - shortNames: - - gcpaccesscontextmanageraccesspolicy - - gcpaccesscontextmanageraccesspolicies - singular: accesscontextmanageraccesspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - title: - description: Human readable title. Does not affect behavior. - type: string - required: - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time the AccessPolicy was created in UTC. - type: string - name: - description: 'Resource name of the AccessPolicy. Format: {policy_id}' - type: string - updateTime: - description: Time the AccessPolicy was updated in UTC. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerydatasets.bigquery.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerydatasets.bigquery.cnrm.cloud.google.com.yaml deleted file mode 100644 index cc4c2644e30..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerydatasets.bigquery.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,261 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryDataset - plural: bigquerydatasets - shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - access: - description: An array of objects that define dataset access for one - or more entities. - items: - properties: - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Primitive, Predefined and custom - roles are supported. Predefined roles that have equivalent - primitive roles are swapped by the API to their Primitive - counterparts, and will show a diff post-create. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. - type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com - type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. - type: string - required: - - datasetId - - projectId - - tableId - type: object - type: object - type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. - type: integer - description: - description: A user-friendly description of the dataset - type: string - friendlyName: - description: A descriptive name for the dataset - type: string - location: - description: |- - The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - Possible regional values include: 'asia-east1', 'asia-northeast1', - 'asia-southeast1', 'australia-southeast1', 'europe-north1', - 'europe-west2' and 'us-east4'. - - - Possible multi-regional values: 'EU' and 'US'. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerytables.bigquery.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerytables.bigquery.cnrm.cloud.google.com.yaml deleted file mode 100644 index 0646a9e1429..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigquerytables.bigquery.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryTable - plural: bigquerytables - shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - clustering: - items: - type: string - type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - type: string - encryptionConfiguration: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - expirationTime: - type: integer - externalDataConfiguration: - properties: - autodetect: - type: boolean - compression: - type: string - csvOptions: - properties: - allowJaggedRows: - type: boolean - allowQuotedNewlines: - type: boolean - encoding: - type: string - fieldDelimiter: - type: string - quote: - type: string - skipLeadingRows: - type: integer - required: - - quote - type: object - googleSheetsOptions: - properties: - range: - type: string - skipLeadingRows: - type: integer - type: object - ignoreUnknownValues: - type: boolean - maxBadRecords: - type: integer - sourceFormat: - type: string - sourceUris: - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - type: string - schema: - type: string - timePartitioning: - properties: - expirationMs: - type: integer - field: - type: string - requirePartitionFilter: - type: boolean - type: - type: string - required: - - type - type: object - view: - properties: - query: - type: string - useLegacySql: - type: boolean - required: - - query - type: object - required: - - datasetRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - type: integer - etag: - type: string - lastModifiedTime: - type: integer - location: - type: string - numBytes: - type: integer - numLongTermBytes: - type: integer - numRows: - type: integer - selfLink: - type: string - type: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigtableinstances.bigtable.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigtableinstances.bigtable.cnrm.cloud.google.com.yaml deleted file mode 100644 index 11b524717c6..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_bigtableinstances.bigtable.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableInstance - plural: bigtableinstances - shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - cluster: - items: - properties: - clusterId: - type: string - numNodes: - type: integer - storageType: - type: string - zone: - type: string - required: - - clusterId - - zone - type: object - type: array - displayName: - type: string - instanceType: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com.yaml deleted file mode 100644 index bb8de5c8306..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,398 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com -spec: - group: cloudbuild.cnrm.cloud.google.com - names: - categories: - - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers - shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - build: - description: Contents of the build template. Either a filename or build - template must be provided. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. - items: - type: string - type: array - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: |- - The name of the container image that will run this particular build step. - - If the image is available in the host's Docker daemon's cache, it will be - run directly. If not, the host will attempt to pull the image first, using - the builder service account's credentials if necessary. - - The Docker daemon's cache will already have the latest versions of all of - the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). - The Docker daemon will also have cached many of the layers for some popular - images, like "ubuntu", "debian", but they will be refreshed at the time - you attempt to use them. - - If you built an image in a previous build step, it will be stored in the - host's Docker daemon's cache and is available to use as the name for a - later build step. - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step - type: object - description: - description: Human-readable description of the trigger. - type: string - disabled: - description: Whether the trigger is disabled or not. If true, the trigger - will never result in a build. - type: boolean - filename: - description: Path, from the source root, to a file whose contents is - used for the template. Either a filename or build template must be - provided. - type: string - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template' or 'github' must be provided. - properties: - name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". - type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. - type: string - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or tags. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. Specify only one of - branch or tag. - type: string - tag: - description: Regex of tags to match. Specify only one of branch - or tag. - type: string - type: object - type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. - items: - type: string - type: array - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template' or 'github' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - repoRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time when the trigger was created. - type: string - triggerId: - description: The unique identifier for the trigger. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeaddresses.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeaddresses.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 00da6b4c94c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeaddresses.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeAddress - plural: computeaddresses - shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - address: - description: |- - The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. - type: string - addressType: - description: |- - The type of address to reserve, either INTERNAL or EXTERNAL. - If unspecified, defaults to EXTERNAL. - type: string - description: - description: An optional description of this resource. - type: string - ipVersion: - description: |- - The IP Version that will be used by this address. Valid options are - 'IPV4' or 'IPV6'. The default value is 'IPV4'. - type: string - location: - description: 'Location represents the geographical location of the ComputeAddress. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. This field can - take the following values: PREMIUM or STANDARD. If this field is not - specified, it is assumed to be PREMIUM. - type: string - prefixLength: - description: |- - The prefix length of the IP range. If not present, it means the - address field is a single IP address. - - This field is not applicable to addresses with addressType=EXTERNAL. - type: integer - purpose: - description: |- - The purpose of this resource, which can be one of the following values: - - - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. - - This should only be set when using an Internal address. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendbuckets.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendbuckets.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1a9b5f3c4db..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendbuckets.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets - shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. - properties: - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer - required: - - signedUrlCacheMaxAgeSec - type: object - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean - required: - - bucketRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendservices.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendservices.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index debda97b066..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computebackendservices.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,810 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendService - plural: computebackendservices - shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - group: - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. The default is 0.8. Valid - range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. - properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - type: object - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer - type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer - type: object - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. - properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. - type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer - type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: - items: - properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy - properties: - oauth2ClientId: - description: OAuth2 Client ID for IAP - type: string - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP - type: string - required: - - oauth2ClientId - - oauth2ClientSecret - type: object - loadBalancingScheme: - description: |- - Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. Must be 'EXTERNAL' or - 'INTERNAL_SELF_MANAGED' for a global backend service. Defaults to 'EXTERNAL'. - type: string - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are - - - ROUND_ROBIN - This is a simple policy in which each healthy backend - is selected in round robin order. - - LEAST_REQUEST - An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - RING_HASH - The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - RANDOM - The load balancer selects a random healthy host. - - ORIGINAL_DESTINATION - Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - MAGLEV - used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - This field is applicable only when the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. - type: string - location: - description: 'Location represents the geographical location of the ComputeBackendService. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: - description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer - type: object - portName: - description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. - type: string - protocol: - description: |- - The protocol this BackendService uses to communicate with backends. - Possible values are HTTP, HTTPS, HTTP2, TCP, and SSL. The default is - HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - type: string - securityPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sessionAffinity: - description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. - type: string - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer - required: - - healthChecks - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computedisks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computedisks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 2e8f8f82fb1..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computedisks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,405 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeDisk - plural: computedisks - shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of - the disk. - - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeDisk. - Specify a region name or a zone name. Reference: GCP definition of - regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - physicalBlockSizeBytes: - description: |- - Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - replicaZones: - description: URLs of the zones where the disk should be replicated to. - items: - type: string - type: array - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - type: integer - snapshotRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. - type: string - selfLink: - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance - items: - type: string - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeexternalvpngateways.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeexternalvpngateways.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index f37d086c70c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeexternalvpngateways.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways - shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - interface: - description: A list of interfaces on this external VPN gateway. - items: - properties: - id: - description: |- - The numberic ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY' - type: integer - ipAddress: - description: |- - IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider’s VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: Indicates the redundancy type of this external VPN gateway - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computefirewalls.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computefirewalls.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index bfaebc11af7..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computefirewalls.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,303 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewall - plural: computefirewalls - shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - destinationRanges: - description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: - description: |- - Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - sourceRanges OR sourceTags. - type: string - disabled: - description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: |- - This field denotes whether to enable logging for a particular - firewall rule. If logging is enabled, logs will be exported to - Stackdriver. - type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer - sourceRanges: - description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. - items: - type: string - type: array - sourceServiceAccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. - items: - type: string - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetTags: - description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. - items: - type: string - type: array - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeforwardingrules.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeforwardingrules.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 42a09a2ff31..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeforwardingrules.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,440 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules - shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allPorts: - description: |- - For internal TCP/UDP load balancing (i.e. load balancing scheme is - INTERNAL and protocol is TCP/UDP), set this to true to allow packets - addressed to any ports to be forwarded to the backends configured - with this forwarding rule. Used with backend service. Cannot be set - if port or portRange are set. - type: boolean - allowGlobalAccess: - description: |- - If true, clients can access ILB from all regions. - Otherwise only allows from the local region the ILB is located at. - type: boolean - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - ipAddress: - properties: - addressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ip: - type: string - type: object - ipProtocol: - description: |- - The IP protocol to which this rule applies. Valid options are TCP, - UDP, ESP, AH, SCTP or ICMP. - - When the load balancing scheme is INTERNAL, only TCP and UDP are - valid. - type: string - ipVersion: - description: |- - The IP Version that will be used by this global forwarding rule. - Valid options are IPV4 or IPV6. - type: string - loadBalancingScheme: - description: |- - This signifies what the ForwardingRule will be used for and can be - EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic - Cloud VPN gateways, protocol forwarding to VMs from an external IP address, - and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. - INTERNAL is used for protocol forwarding to VMs from an internal IP address, - and internal TCP/UDP load balancers. - INTERNAL_MANAGED is used for internal HTTP(S) load balancers. - type: string - location: - description: 'Location represents the geographical location of the ComputeForwardingRule. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing - configuration to a limited set xDS compliant clients. In their xDS - requests to Loadbalancer, xDS clients present node metadata. If a - match takes place, the relevant routing configuration is made available - to those proxies. - - For each metadataFilter in this list, if its filterMatchCriteria is set - to MATCH_ANY, at least one of the filterLabels must match the - corresponding label provided in the metadata. If its filterMatchCriteria - is set to MATCH_ALL, then all of its filterLabels must match with - corresponding labels in the provided metadata. - - metadataFilters specified here can be overridden by those specified in - the UrlMap that this ForwardingRule references. - - metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the - provided metadata based on filterMatchCriteria - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Name of the metadata label. The length must be between - 1 and 1024 characters, inclusive. - type: string - value: - description: |- - The value that the label must match. The value has a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of - filterLabels contribute towards the overall metadataFilter match. - - MATCH_ANY - At least one of the filterLabels must have a matching - label in the provided metadata. - MATCH_ALL - All filterLabels must have matching labels in the - provided metadata. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. This field can - take the following values: PREMIUM or STANDARD. If this field is not - specified, it is assumed to be PREMIUM. - type: string - portRange: - description: |- - This field is used along with the target field for TargetHttpProxy, - TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, - TargetPool, TargetInstance. - - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets - addressed to ports in the specified range will be forwarded to target. - Forwarding rules with the same [IPAddress, IPProtocol] pair must have - disjoint port ranges. - - Some types of forwarding target have constraints on the acceptable - ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetVpnGateway: 500, 4500 - type: string - ports: - description: |- - This field is used along with the backend_service field for internal - load balancing. - - When the load balancing scheme is INTERNAL, a single port or a comma - separated list of ports can be configured. Only packets addressed to - these ports will be forwarded to the backends configured with this - forwarding rule. - - You may specify a maximum of up to 5 ports. - items: - type: string - type: array - serviceLabel: - description: |- - An optional prefix to the service name for this Forwarding Rule. - If specified, will be the first label of the fully qualified service - name. - - The label must be 1-63 characters long, and comply with RFC1035. - Specifically, the label must be 1-63 characters long and match the - regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first - character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - This field is only used for INTERNAL load balancing. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - target: - properties: - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - serviceName: - description: |- - The internal fully qualified service name for this Forwarding Rule. - This field is only used for INTERNAL load balancing. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehealthchecks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehealthchecks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 5133ebd7d72..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehealthchecks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,377 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHealthCheck - plural: computehealthchecks - shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeHealthCheck. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - sslHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttphealthchecks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttphealthchecks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index d86c2cb7505..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttphealthchecks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,125 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks - shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttpshealthchecks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttpshealthchecks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 9ae50f754c1..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computehttpshealthchecks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,125 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks - shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeimages.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeimages.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 3efc77dd75d..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeimages.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeImage - plural: computeimages - shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Size of the image when restored onto a persistent disk - (in GB). - type: integer - family: - description: |- - The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - A list of features to enable on the guest operating system. - Applicable only for bootable images. - items: - properties: - type: - description: The type of supported feature. Read [Enabling guest - operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. - type: string - required: - - type - type: object - type: array - licenses: - description: Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: The parameters of the raw disk image. - properties: - containerType: - description: |- - The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. - type: string - sha1: - description: |- - An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - type: object - status: - properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancegroups.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancegroups.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 06f0a11d6c7..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancegroups.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,150 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups - shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - namedPort: - items: - properties: - name: - type: string - port: - type: integer - required: - - name - - port - type: object - type: array - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - size: - type: integer - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstances.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstances.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 00703f6723c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstances.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,578 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstance - plural: computeinstances - shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - required: - - instanceTemplateRef - properties: - attachedDisk: - items: - properties: - deviceName: - type: string - diskEncryptionKeyRaw: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceDiskRef - type: object - type: array - bootDisk: - properties: - autoDelete: - type: boolean - deviceName: - type: string - diskEncryptionKeyRaw: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - type: string - initializeParams: - properties: - labels: - type: object - size: - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - type: string - type: object - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - canIpForward: - type: boolean - deletionProtection: - type: boolean - description: - type: string - enableDisplay: - type: boolean - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - hostname: - type: string - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - type: string - minCpuPlatform: - type: string - networkInterface: - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - type: string - publicPtrDomainName: - type: string - type: object - type: array - aliasIpRange: - items: - properties: - ipCidrRange: - type: string - subnetworkRangeName: - type: string - required: - - ipCidrRange - type: object - type: array - name: - type: string - networkIp: - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - scheduling: - properties: - automaticRestart: - type: boolean - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - type: string - preemptible: - type: boolean - type: object - scratchDisk: - items: - properties: - interface: - type: string - required: - - interface - type: object - type: array - serviceAccount: - properties: - scopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - enableVtpm: - type: boolean - type: object - tags: - items: - type: string - type: array - zone: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - cpuPlatform: - type: string - instanceId: - type: string - labelFingerprint: - type: string - metadataFingerprint: - type: string - selfLink: - type: string - tagsFingerprint: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancetemplates.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancetemplates.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index b5073e124bf..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinstancetemplates.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,404 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates - shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - canIpForward: - type: boolean - description: - type: string - disk: - items: - properties: - autoDelete: - type: boolean - boot: - type: boolean - deviceName: - type: string - diskEncryptionKey: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - type: string - diskSizeGb: - type: integer - diskType: - type: string - interface: - type: string - labels: - additionalProperties: - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - type: string - type: object - type: array - enableDisplay: - type: boolean - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - instanceDescription: - type: string - machineType: - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - type: string - minCpuPlatform: - type: string - namePrefix: - type: string - networkInterface: - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - type: string - type: object - type: array - aliasIpRange: - items: - properties: - ipCidrRange: - type: string - subnetworkRangeName: - type: string - required: - - ipCidrRange - type: object - type: array - networkIp: - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - region: - type: string - scheduling: - properties: - automaticRestart: - type: boolean - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - type: string - preemptible: - type: boolean - type: object - serviceAccount: - properties: - scopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - enableVtpm: - type: boolean - type: object - tags: - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - type: string - selfLink: - type: string - tagsFingerprint: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinterconnectattachments.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinterconnectattachments.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1a8f95fb3a9..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeinterconnectattachments.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,210 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments - shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G - type: string - candidateSubnets: - description: |- - Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - interconnect: - description: |- - URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: |- - The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. - type: string - vlanTag8021q: - description: |- - The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain" - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. - properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkendpointgroups.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkendpointgroups.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 54a31a898e9..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkendpointgroups.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the ComputeNetworkEndpointGroup. - Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Type of network endpoints in this network endpoint group. Currently - the only supported value is GCE_VM_IP_PORT. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkpeerings.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkpeerings.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 7d9166e438c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworkpeerings.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - type: boolean - importCustomRoutes: - type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - type: string - stateDetails: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 33fd4f40588..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenetworks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetwork - plural: computenetworks - shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoCreateSubnetworks: - description: |- - When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: - type: boolean - description: - description: |- - An optional description of this resource. The resource must be - recreated to modify this field. - type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodegroups.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodegroups.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 4c889826697..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodegroups.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeGroup - plural: computenodegroups - shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional textual description of the resource. - type: string - nodeTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - size: - description: The total number of nodes in the node group. - type: integer - zone: - description: Zone where this node group is located - type: string - required: - - nodeTemplateRef - - size - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodetemplates.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodetemplates.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1e9d8c530df..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computenodetemplates.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates - shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional textual description of the resource. - type: string - nodeType: - description: |- - Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. - type: string - nodeTypeFlexibility: - description: |- - Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. - properties: - cpus: - description: Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD - type: string - memory: - description: Physical memory available to the node, defined in MB. - type: string - type: object - region: - description: |- - Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - serverBinding: - description: |- - The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. - - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. - type: string - required: - - type - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computereservations.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computereservations.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index cf6baeaa48f..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computereservations.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: The instance properties for the reservation. - properties: - guestAccelerators: - description: Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: The size of the disk in base-2 GB. - type: integer - interface: - description: |- - The disk interface to use for attaching this disk, one - of 'SCSI' or 'NVME'. The default is 'SCSI'. - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - status: - description: The status of the reservation. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeresourcepolicies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeresourcepolicies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 82539daa802..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeresourcepolicies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,190 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies - shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - region: - description: Region where resource policy resides. - type: string - snapshotSchedulePolicy: - description: Policy for creating snapshots of persistent disks. - properties: - retentionPolicy: - description: Retention policy applied to snapshots created by this - resource policy. - properties: - maxRetentionDays: - description: Maximum age of the snapshot that is allowed to - be kept. - type: integer - onSourceDiskDelete: - description: |- - Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. - Valid options are KEEP_AUTO_SNAPSHOTS and APPLY_RETENTION_POLICY - type: string - required: - - maxRetentionDays - type: object - schedule: - description: Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: The policy will execute every nth day at the specified - time. - properties: - daysInCycle: - description: The number of days between snapshots. - type: integer - startTime: - description: |- - This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. - type: string - required: - - daysInCycle - - startTime - type: object - hourlySchedule: - description: The policy will execute every nth hour starting - at the specified time. - properties: - hoursInCycle: - description: The number of hours between snapshots. - type: integer - startTime: - description: |- - Time within the window to start the operations. - It must be in format "HH:MM", - where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Allows specifying a snapshot time for each day - of the week. - properties: - dayOfWeeks: - description: May contain up to seven (one for each day of - the week) snapshot times. - items: - properties: - day: - description: The day of the week to create the snapshot. - e.g. MONDAY - type: string - startTime: - description: |- - Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks - type: object - type: object - snapshotProperties: - description: Properties with which the snapshots are created, such - as labels. - properties: - guestFlush: - description: Whether to perform a 'guest aware' snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: A set of key-value pairs. - type: object - storageLocations: - description: Cloud Storage bucket location in which to store - the snapshot (regional or multi-regional). - items: - type: string - type: array - type: object - required: - - schedule - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterinterfaces.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterinterfaces.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index ce024ef50ff..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterinterfaces.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,161 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces - shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - interconnectAttachmentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ipRange: - type: string - region: - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnTunnelRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouternats.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouternats.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 51d88b3d0e2..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouternats.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,275 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterNAT - plural: computerouternats - shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - drainNatIps: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: |- - Specifies the desired filtering of logs on this NAT. Valid - values are: '"ERRORS_ONLY"', '"TRANSLATIONS_ONLY"', '"ALL"' - type: string - required: - - enable - - filter - type: object - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. - type: string - natIps: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Region where the router and NAT reside. - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS' - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object - type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to 30s - if not set. - type: integer - required: - - natIpAllocateOption - - routerRef - - sourceSubnetworkIpRangesToNat - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterpeers.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterpeers.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 029e26e1752..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouterpeers.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,217 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterPeer - plural: computerouterpeers - shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - routerInterfaceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - peerAsn - - peerIpAddress - - routerInterfaceRef - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - type: string - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouters.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouters.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 8878822f962..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computerouters.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouter - plural: computerouters - shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bgp: - description: BGP information specific to this router. - properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - - Valid values of this enum field are: DEFAULT, CUSTOM - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. - type: integer - required: - - asn - type: object - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Region where the router resides. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeroutes.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeroutes.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index d54d9827bff..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeroutes.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,227 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: - description: |- - The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopGateway: - description: |- - URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopIp: - description: Network IP address of an instance that should handle matching - packets. - type: string - nextHopVPNTunnelRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - tags: - description: A list of instance tags to which this route applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesecuritypolicies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesecuritypolicies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 3195ef9aa13..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesecuritypolicies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - rule: - items: - properties: - action: - type: string - description: - type: string - match: - properties: - config: - properties: - srcIpRanges: - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - properties: - expression: - type: string - required: - - expression - type: object - versionedExpr: - type: string - type: object - preview: - type: boolean - priority: - type: integer - required: - - action - - match - - priority - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - fingerprint: - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpchostprojects.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpchostprojects.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 033371fcd44..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpchostprojects.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,75 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects - shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpcserviceprojects.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpcserviceprojects.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 6d1cd123cf7..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesharedvpcserviceprojects.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects - shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesnapshots.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesnapshots.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index b407eac7813..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesnapshots.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,246 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSnapshot - plural: computesnapshots - shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - snapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the snapshot. Required if the - source snapshot is protected by a customer-supplied encryption key. - properties: - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - required: - - rawKey - type: object - sourceDiskEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - type: object - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - description: A reference to the zone where the disk is hosted. - type: string - required: - - sourceDiskRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array - selfLink: - type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - sourceDiskLink: - type: string - storageBytes: - description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslcertificates.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslcertificates.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index ac26b36a5c5..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslcertificates.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,178 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates - shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - certificate: - description: |- - The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeSSLCertificate. - Specify "global" for global resources. - type: string - privateKey: - description: The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - certificate - - location - - privateKey - type: object - status: - properties: - certificateId: - description: The unique identifier for the resource. - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslpolicies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslpolicies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 533f93e357d..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesslpolicies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies - shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. This can be one of - 'TLS_1_0', 'TLS_1_1', 'TLS_1_2'. - Default is 'TLS_1_0'. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. - Default is 'COMPATIBLE'. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesubnetworks.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesubnetworks.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 4cf253a1ec9..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computesubnetworks.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,214 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSubnetwork - plural: computesubnetworks - shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER' - properties: - aggregationInterval: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. - Possible values are INTERVAL_5_SEC, INTERVAL_30_SEC, INTERVAL_1_MIN, - INTERVAL_5_MIN, INTERVAL_10_MIN, INTERVAL_15_MIN - type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default is 'INCLUDE_ALL_METADATA'. - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - purpose: - description: |- - The purpose of the resource. This field can be either PRIVATE - or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. If unspecified, the - purpose defaults to PRIVATE. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. - type: string - region: - description: URL of the GCP region for this subnetwork. - type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - required: - - ipCidrRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: DEPRECATED — This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpproxies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpproxies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 8ba52923b1c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpproxies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies - shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPProxy. - Specify "global" for global resources. - type: string - urlMapRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpsproxies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpsproxies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 22c75ff5723..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargethttpsproxies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,185 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies - shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPSProxy. - Specify "global" for global resources. - type: string - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Not specifying this field is equivalent to - specifying NONE. - type: string - sslCertificates: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMapRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - sslCertificates - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetinstances.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetinstances.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 8ac5e6cbd47..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetinstances.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetInstance - plural: computetargetinstances - shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - natPolicy: - description: |- - NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. - type: string - zone: - description: URL of the zone where the target instance resides. - type: string - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetpools.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetpools.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index ca3cae402a5..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetpools.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetPool - plural: computetargetpools - shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backupTargetPoolRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - type: string - failoverRatio: - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - type: string - sessionAffinity: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetsslproxies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetsslproxies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 9eb8a505ac6..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetsslproxies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,176 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies - shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend, either NONE or PROXY_V1. The default is NONE. - type: string - sslCertificates: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - - sslCertificates - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargettcpproxies.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargettcpproxies.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index c4c60b7561c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargettcpproxies.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies - shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend, either NONE or PROXY_V1. The default is NONE. - type: string - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetvpngateways.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetvpngateways.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index 94d67ac1150..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computetargetvpngateways.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways - shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - gatewayId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeurlmaps.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeurlmaps.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index e4c2bd7ecad..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computeurlmaps.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,1654 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeURLMap - plural: computeurlmaps - shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultService: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the response - back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - hostRule: - description: The list of HostRules to use against the URL. - items: - properties: - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid hostnames, except * will - match any string of ([a-z0-9-.]*). In that case, * must be the first character - and must be followed in the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of the URL if the - hostRule matches the URL's host portion. - type: string - required: - - hosts - - pathMatcher - type: object - type: array - location: - description: Location represents the geographical location of the ComputeURLMap. - Specify "global" for global resources. - type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultService: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - name: - description: The name to which this PathMatcher is referred by - the HostRule. - type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: - properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - * is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string - required: - - backendService - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per retry - attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - type: boolean - required: - - stripQuery - type: object - required: - - paths - type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satifying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - -3 will match. - 0 will - not match. - 0.25 will not match. - -3someString will not match. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regualar expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the provided metadata - based on filterMatchCriteria This list must not be empty and can have at the - most 64 entries. - items: - properties: - name: - description: |- - Name of metadata label. The name can have a maximum length of 1024 characters - and must be at least 1 character long. - type: string - value: - description: |- - The value of the label must match the specified value. value can have a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of filterLabels - contribute towards the overall metadataFilter match. Supported values are: - - MATCH_ANY: At least one of the filterLabels must have a matching label in the - provided metadata. - - MATCH_ALL: All filterLabels must have matching labels in - the provided metadata. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - prefixMatch: - description: |- - For satifying the matchRule condition, the request's path must begin with the - specified prefixMatch. prefixMatch must begin with a /. The value must be - between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or - regexMatch must be specified. - type: string - queryParameterMatches: - description: |- - Specifies a list of query parameter match criteria, all of which must match - corresponding query parameters in the request. - items: - properties: - exactMatch: - description: |- - The queryParameterMatch matches if the value of the parameter exactly matches - the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch - must be set. - type: string - name: - description: |- - The name of the query parameter to match. The query parameter must exist in the - request, in the absence of which the request match fails. - type: string - presentMatch: - description: |- - Specifies that the queryParameterMatch matches if the request contains the query - parameter, irrespective of whether the parameter has a value or not. Only one of - presentMatch, exactMatch and regexMatch must be set. - type: boolean - regexMatch: - description: |- - The queryParameterMatch matches if the value of the parameter matches the - regular expression specified by regexMatch. For the regular expression grammar, - please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, - exactMatch and regexMatch must be set. - type: string - required: - - name - type: object - type: array - regexMatch: - description: |- - For satifying the matchRule condition, the path of the request must satisfy the - regular expression specified in regexMatch after removing any query parameters - and anchor supplied with the original URL. For regular expression grammar please - see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, - fullPathMatch or regexMatch must be specified. - type: string - type: object - type: array - priority: - description: |- - For routeRules within a given pathMatcher, priority determines the order - in which load balancer will interpret routeRules. RouteRules are evaluated - in order of priority, from the lowest to highest number. The priority of - a rule decreases as its number increases (1, 2, 3, N+1). The first rule - that matches the request is applied. - - You cannot configure two or more routeRules with the same priority. - Priority for each rule must be set to a number between 0 and - 2147483647 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules - in the future without affecting the rest of the rules. For example, - 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which - you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the - future without any impact on existing rules. - type: integer - routeAction: - description: |- - In response to a matching matchRule, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: |- - If true, specifies the CORS policy is disabled. - which indicates that the CORS policy is in effect. Defaults to false. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string - required: - - backendService - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction - is not set, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if the gRPC status code in - the response header is set to unavailable - items: - type: string - type: array - required: - - numRetries - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - type: string - urlRedirect: - description: |- - When this rule is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. Defaults to false. - type: boolean - type: object - required: - - priority - type: object - type: array - required: - - name - type: object - type: array - test: - description: |- - The list of expected URL mapping tests. Request to update this UrlMap will - succeed only if all of the test cases pass. You can specify a maximum of 100 - tests per UrlMap. - items: - properties: - description: - description: Description of this test case. - type: string - host: - description: Host portion of the URL. - type: string - path: - description: Path portion of the URL. - type: string - service: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - host - - path - - service - type: object - type: array - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this object. This - field is used in optimistic locking. - type: string - mapId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpngateways.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpngateways.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index aa1b6c0b364..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpngateways.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNGateway - plural: computevpngateways - shortNames: - - gcpcomputevpngateway - - gcpcomputevpngateways - singular: computevpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - vpnInterfaces: - description: A list of interfaces on this VPN gateway. - items: - properties: - id: - description: The numeric ID of this VPN gateway interface. - type: integer - ipAddress: - description: The external IP address for this VPN gateway interface. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpntunnels.compute.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpntunnels.compute.cnrm.cloud.google.com.yaml deleted file mode 100644 index fcbea1834e1..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_computevpntunnels.compute.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,309 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpntunnels.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNTunnel - plural: computevpntunnels - shortNames: - - gcpcomputevpntunnel - - gcpcomputevpntunnels - singular: computevpntunnel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - ikeVersion: - description: |- - IKE protocol version to use when establishing the VPN tunnel with - peer VPN gateway. - Acceptable IKE versions are 1 or 2. Default version is 2. - type: integer - localTrafficSelector: - description: |- - Local traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - peerExternalGatewayInterface: - description: The interface ID of the external VPN gateway to which this - VPN tunnel is connected. - type: integer - peerExternalGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerGCPGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerIp: - description: IP address of the peer VPN gateway. Only IPv4 is supported. - type: string - region: - description: The region where the tunnel is located. If unset, is set - to the region of 'target_vpn_gateway'. - type: string - remoteTrafficSelector: - description: |- - Remote traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sharedSecret: - description: |- - Shared secret used to set the secure session between the Cloud VPN - gateway and the peer VPN gateway. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnGatewayInterface: - description: The interface ID of the VPN gateway with which this VPN - tunnel is associated. - type: integer - vpnGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sharedSecret - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - detailedStatus: - description: Detailed status message for the VPN tunnel. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - sharedSecretHash: - description: Hash of the shared secret. - type: string - tunnelId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectorcontexts.core.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectorcontexts.core.cnrm.cloud.google.com.yaml new file mode 100644 index 00000000000..41734825e41 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectorcontexts.core.cnrm.cloud.google.com.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnectorcontexts.core.cnrm.cloud.google.com +spec: + group: core.cnrm.cloud.google.com + names: + kind: ConfigConnectorContext + listKind: ConfigConnectorContextList + plural: configconnectorcontexts + singular: configconnectorcontext + scope: Namespaced + validation: + openAPIV3Schema: + description: ConfigConnectorContext is the Schema for the ConfigConnectorContexts + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext + properties: + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs in the associated namespace. + type: string + requestProjectPolicy: + description: Specifies which project to use for preconditions, quota, + and billing for requests made to Google Cloud APIs for resources in + the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT' + or 'RESOURCE_PROJECT'. Defaults to 'SERVICE_ACCOUNT_PROJECT'. If set + to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google Service + Account belongs to. If set to 'RESOURCE_PROJECT', uses the project + that the resource belongs to. + enum: + - SERVICE_ACCOUNT_PROJECT + - RESOURCE_PROJECT + type: string + required: + - googleServiceAccount + type: object + status: + description: ConfigConnectorContextStatus defines the observed state of + ConfigConnectorContext + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + required: + - healthy + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectors.core.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectors.core.cnrm.cloud.google.com.yaml new file mode 100644 index 00000000000..97d75ad5c1e --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_configconnectors.core.cnrm.cloud.google.com.yaml @@ -0,0 +1,122 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnectors.core.cnrm.cloud.google.com +spec: + group: core.cnrm.cloud.google.com + names: + kind: ConfigConnector + listKind: ConfigConnectorList + plural: configconnectors + singular: configconnector + scope: Cluster + validation: + openAPIV3Schema: + description: ConfigConnector is the Schema for the configconnectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - oneOf: + - not: + required: + - googleServiceAccount + required: + - credentialSecretName + - not: + required: + - credentialSecretName + required: + - googleServiceAccount + properties: + mode: + enum: + - cluster + - not: + anyOf: + - required: + - googleServiceAccount + - required: + - credentialSecretName + properties: + mode: + enum: + - namespaced + description: ConfigConnectorSpec defines the desired state of ConfigConnector + properties: + credentialSecretName: + description: The Kubernetes secret that contains the Google Service + Account Key's credentials to be used by ConfigConnector to authenticate + with Google Cloud APIs. This field is used only when in cluster mode. + It's recommended to use `googleServiceAccount` when running ConfigConnector + in Google Kubernetes Engine (GKE) clusters with Workload Identity + enabled. This field cannot be specified together with `googleServiceAccount`. + type: string + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs. This field is used only when + running in cluster mode with Workload Identity enabled. See Google + Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) + for details. This field cannot be specified together with `credentialSecretName`. + For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext + CRD to specify the Google Service Account to be used to authenticate + with Google Cloud APIs per namespace. + type: string + mode: + description: The mode that Config Connector will run in. This can be + either 'cluster' or 'namespaced'. The default is 'namespaced'. Cluster + mode uses a single Google Service Account to create and manage resources, + even if you are using Config Connector to manage multiple Projects. + You must specify either `credentialSecretName` or `googleServiceAccount` + when in cluster mode, but not both. Namespaced mode allows you to + use different Google service accounts for different Projects. When + in namespaced mode, you must create a ConfigConnectorContext object + per namespace that you want to enable Config Connector in, and each + must set `googleServiceAccount` to specify the Google Service Account + to be used to authenticate with Google Cloud APIs for the namespace. + enum: + - cluster + - namespaced + type: string + type: object + status: + description: ConfigConnectorStatus defines the observed state of ConfigConnector + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + required: + - healthy + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containerclusters.container.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containerclusters.container.cnrm.cloud.google.com.yaml deleted file mode 100644 index 97d4974aaba..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containerclusters.container.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,565 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containerclusters.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerCluster - plural: containerclusters - shortNames: - - gcpcontainercluster - - gcpcontainerclusters - singular: containercluster - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - addonsConfig: - properties: - cloudrunConfig: - properties: - disabled: - type: boolean - required: - - disabled - type: object - horizontalPodAutoscaling: - properties: - disabled: - type: boolean - required: - - disabled - type: object - httpLoadBalancing: - properties: - disabled: - type: boolean - required: - - disabled - type: object - istioConfig: - properties: - auth: - type: string - disabled: - type: boolean - required: - - disabled - type: object - networkPolicyConfig: - properties: - disabled: - type: boolean - required: - - disabled - type: object - type: object - authenticatorGroupsConfig: - properties: - securityGroup: - type: string - required: - - securityGroup - type: object - clusterAutoscaling: - properties: - autoProvisioningDefaults: - properties: - oauthScopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - enabled: - type: boolean - resourceLimits: - items: - properties: - maximum: - type: integer - minimum: - type: integer - resourceType: - type: string - required: - - resourceType - type: object - type: array - required: - - enabled - type: object - clusterIpv4Cidr: - type: string - databaseEncryption: - properties: - keyName: - type: string - state: - type: string - required: - - state - type: object - defaultMaxPodsPerNode: - type: integer - description: - type: string - enableBinaryAuthorization: - type: boolean - enableIntranodeVisibility: - type: boolean - enableKubernetesAlpha: - type: boolean - enableLegacyAbac: - type: boolean - enableShieldedNodes: - type: boolean - enableTpu: - type: boolean - initialNodeCount: - type: integer - ipAllocationPolicy: - properties: - clusterIpv4CidrBlock: - type: string - clusterSecondaryRangeName: - type: string - servicesIpv4CidrBlock: - type: string - servicesSecondaryRangeName: - type: string - type: object - location: - type: string - loggingService: - type: string - maintenancePolicy: - properties: - dailyMaintenanceWindow: - properties: - duration: - type: string - startTime: - type: string - required: - - startTime - type: object - recurringWindow: - properties: - endTime: - type: string - recurrence: - type: string - startTime: - type: string - required: - - endTime - - recurrence - - startTime - type: object - type: object - masterAuth: - properties: - clientCertificate: - type: string - clientCertificateConfig: - properties: - issueClientCertificate: - type: boolean - required: - - issueClientCertificate - type: object - clientKey: - type: string - clusterCaCertificate: - type: string - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: - type: string - type: object - masterAuthorizedNetworksConfig: - properties: - cidrBlocks: - items: - properties: - cidrBlock: - type: string - displayName: - type: string - required: - - cidrBlock - type: object - type: array - type: object - minMasterVersion: - type: string - monitoringService: - type: string - networkPolicy: - properties: - enabled: - type: boolean - provider: - type: string - required: - - enabled - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeConfig: - properties: - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - labels: - additionalProperties: - type: string - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeLocations: - items: - type: string - type: array - nodeVersion: - type: string - podSecurityPolicyConfig: - properties: - enabled: - type: boolean - required: - - enabled - type: object - privateClusterConfig: - properties: - enablePrivateEndpoint: - type: boolean - enablePrivateNodes: - type: boolean - masterIpv4CidrBlock: - type: string - peeringName: - type: string - privateEndpoint: - type: string - publicEndpoint: - type: string - required: - - enablePrivateEndpoint - type: object - releaseChannel: - properties: - channel: - type: string - required: - - channel - type: object - resourceUsageExportConfig: - properties: - bigqueryDestination: - properties: - datasetId: - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - type: boolean - required: - - bigqueryDestination - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - verticalPodAutoscaling: - properties: - enabled: - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - properties: - identityNamespace: - type: string - required: - - identityNamespace - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - endpoint: - type: string - instanceGroupUrls: - items: - type: string - type: array - labelFingerprint: - type: string - masterVersion: - type: string - operation: - type: string - servicesIpv4Cidr: - type: string - tpuIpv4CidrBlock: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containernodepools.container.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containernodepools.container.cnrm.cloud.google.com.yaml deleted file mode 100644 index c98e528ea11..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_containernodepools.container.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,260 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerNodePool - plural: containernodepools - shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoscaling: - properties: - maxNodeCount: - type: integer - minNodeCount: - type: integer - required: - - maxNodeCount - - minNodeCount - type: object - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - initialNodeCount: - type: integer - location: - type: string - management: - properties: - autoRepair: - type: boolean - autoUpgrade: - type: boolean - type: object - maxPodsPerNode: - type: integer - namePrefix: - type: string - nodeConfig: - properties: - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - labels: - additionalProperties: - type: string - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeCount: - type: integer - nodeLocations: - items: - type: string - type: array - upgradeSettings: - properties: - maxSurge: - type: integer - maxUnavailable: - type: integer - required: - - maxSurge - - maxUnavailable - type: object - version: - type: string - required: - - clusterRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - instanceGroupUrls: - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dataflowjobs.dataflow.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dataflowjobs.dataflow.cnrm.cloud.google.com.yaml deleted file mode 100644 index 91e10d0abf5..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dataflowjobs.dataflow.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,181 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com -spec: - group: dataflow.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataflowJob - plural: dataflowjobs - shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ipConfiguration: - type: string - machineType: - type: string - maxWorkers: - type: integer - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - parameters: - type: object - region: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - type: string - templateGcsPath: - type: string - zone: - type: string - required: - - tempGcsLocation - - templateGcsPath - - zone - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - jobId: - type: string - state: - type: string - type: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsmanagedzones.dns.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsmanagedzones.dns.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1620935096f..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsmanagedzones.dns.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSManagedZone - plural: dnsmanagedzones - shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - dnsName: - description: The DNS name of this managed zone, for instance "example.com.". - type: string - dnssecConfig: - description: DNSSEC configuration - properties: - defaultKeySpecs: - description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - items: - properties: - algorithm: - description: String mnemonic specifying the DNSSEC algorithm - of this key - type: string - keyLength: - description: Length of the keys in bits - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. - type: string - kind: - description: Identifies what kind of resource this is - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is - type: string - nonExistence: - description: Specifies the mechanism used to provide authenticated - denial-of-existence responses. - type: string - state: - description: Specifies whether DNSSEC is enabled, and what mode - it is in - type: string - type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. - properties: - targetNetwork: - description: The network with which to peer. - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - networks: - items: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - visibility: - description: |- - The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. - Must be one of: 'public', 'private'. - type: string - required: - - dnsName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnspolicies.dns.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnspolicies.dns.cnrm.cloud.google.com.yaml deleted file mode 100644 index 6a71c56bd33..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnspolicies.dns.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSPolicy - plural: dnspolicies - shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. - properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - description: - type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsrecordsets.dns.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsrecordsets.dns.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1731ba7a76b..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_dnsrecordsets.dns.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSRecordSet - plural: dnsrecordsets - shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - type: string - rrdatas: - items: - type: string - type: array - ttl: - type: integer - type: - type: string - required: - - managedZoneRef - - name - - rrdatas - - ttl - - type - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_firestoreindexes.firestore.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_firestoreindexes.firestore.cnrm.cloud.google.com.yaml deleted file mode 100644 index f5364bea856..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_firestoreindexes.firestore.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,124 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com -spec: - group: firestore.cnrm.cloud.google.com - names: - categories: - - gcp - kind: FirestoreIndex - plural: firestoreindexes - shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - collection: - description: The collection being indexed. - type: string - database: - description: The Firestore database id. Defaults to '"(default)"'. - type: string - fields: - description: |- - The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). - items: - properties: - arrayConfig: - description: |- - Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. - type: string - fieldPath: - description: Name of the field. - type: string - order: - description: |- - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. - type: string - type: object - type: array - queryScope: - description: |- - The scope at which a query is run. One of '"COLLECTION"' or - '"COLLECTION_GROUP"'. Defaults to '"COLLECTION"'. - type: string - required: - - collection - - fields - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_folders.resourcemanager.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_folders.resourcemanager.cnrm.cloud.google.com.yaml deleted file mode 100644 index 7349782c40f..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_folders.resourcemanager.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Folder - plural: folders - shortNames: - - gcpfolder - - gcpfolders - singular: folder - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - displayName: - type: string - required: - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - type: string - lifecycleState: - type: string - name: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamcustomroles.iam.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamcustomroles.iam.cnrm.cloud.google.com.yaml deleted file mode 100644 index d4b8ff55ebb..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamcustomroles.iam.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMCustomRole - plural: iamcustomroles - shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - permissions: - items: - type: string - type: array - stage: - type: string - title: - type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - type: boolean - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicies.iam.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicies.iam.cnrm.cloud.google.com.yaml deleted file mode 100644 index 7e7e0cd2cf7..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicies.iam.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - kind: IAMPolicy - plural: iampolicies - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bindings: - description: Optional. The list of IAM bindings. - items: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - members: - description: Optional. The list of IAM users to be bound to the - role. - items: - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: string - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: array - role: - description: Required. The role to bind the users to. - pattern: ^roles/[\w\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicymembers.iam.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicymembers.iam.cnrm.cloud.google.com.yaml deleted file mode 100644 index 145cb389e57..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iampolicymembers.iam.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicymembers.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - kind: IAMPolicyMember - plural: iampolicymembers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - member: - description: Required. The list of IAM identities to be bound to the - role - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: string - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - role: - description: Required. The role for which the Member will be bound. - pattern: ^roles/[\w\.]+$ - type: string - required: - - resourceRef - - member - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccountkeys.iam.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccountkeys.iam.cnrm.cloud.google.com.yaml deleted file mode 100644 index 37c8f5fe83c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccountkeys.iam.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys - shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyAlgorithm: - type: string - privateKeyType: - type: string - publicKeyType: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - serviceAccountRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - type: string - privateKey: - type: string - publicKey: - type: string - validAfter: - type: string - validBefore: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccounts.iam.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccounts.iam.cnrm.cloud.google.com.yaml deleted file mode 100644 index d53bee62b2b..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_iamserviceaccounts.iam.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts - shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - displayName: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - email: - type: string - name: - type: string - uniqueId: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmscryptokeys.kms.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmscryptokeys.kms.cnrm.cloud.google.com.yaml deleted file mode 100644 index cc285233189..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmscryptokeys.kms.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmscryptokeys.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSCryptoKey - plural: kmscryptokeys - shortNames: - - gcpkmscryptokey - - gcpkmscryptokeys - singular: kmscryptokey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyRingRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: - description: |- - The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. - type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: The protection level to use when creating a version - based on this template. - type: string - required: - - algorithm - type: object - required: - - keyRingRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmskeyrings.kms.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmskeyrings.kms.cnrm.cloud.google.com.yaml deleted file mode 100644 index 1ee4239265d..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_kmskeyrings.kms.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSKeyRing - plural: kmskeyrings - shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - location: - description: |- - The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_projects.resourcemanager.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_projects.resourcemanager.cnrm.cloud.google.com.yaml deleted file mode 100644 index 89bcf46c9d0..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_projects.resourcemanager.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Project - plural: projects - shortNames: - - gcpproject - - gcpprojects - singular: project - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - billingAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - type: string - required: - - name - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - number: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubsubscriptions.pubsub.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubsubscriptions.pubsub.cnrm.cloud.google.com.yaml deleted file mode 100644 index 9cd208cdb0c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubsubscriptions.pubsub.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,237 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions - shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retainAckedMessages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: - description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - path: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubtopics.pubsub.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubtopics.pubsub.cnrm.cloud.google.com.yaml deleted file mode 100644 index eec16f92183..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_pubsubtopics.pubsub.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubTopic - plural: pubsubtopics - shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisinstances.redis.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisinstances.redis.cnrm.cloud.google.com.yaml deleted file mode 100644 index 83bd7e37acf..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_redisinstances.redis.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,183 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com -spec: - group: redis.cnrm.cloud.google.com - names: - categories: - - gcp - kind: RedisInstance - plural: redisinstances - shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeLocationId: - description: |- - Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the instance. - type: string - locationId: - description: |- - The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - memorySizeGb: - description: Redis memory size in GiB. - type: integer - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Currently, the supported values are: - - - REDIS_4_0 for Redis 4.0 compatibility - - REDIS_3_2 for Redis 3.2 compatibility - type: string - region: - description: The name of the Redis region of the instance. - type: string - reservedIpRange: - description: |- - The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - tier: - description: |- - The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances - type: string - required: - - memorySizeGb - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicemappings.core.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicemappings.core.cnrm.cloud.google.com.yaml deleted file mode 100644 index 8f8371ba88c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicemappings.core.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,362 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: servicemappings.core.cnrm.cloud.google.com -spec: - group: core.cnrm.cloud.google.com - names: - kind: ServiceMapping - plural: servicemappings - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceMappingSpec defines the aspects common to all resources - of a particular service being mapped from the Terraform provider to Kubernetes - Resource Model (KRM). - properties: - name: - description: Name is the name of the service being mapped (e.g. Spanner, - PubSub). This is used for the construction of the generated CRDs' - API group and kind. - type: string - resources: - description: Resources is a list of configurations specifying how to - map a specific resource from the Terraform provider to KRM. - items: - properties: - containers: - description: Containers describes all the container mappings this - resource understands. Config Connector maps Kubernetes namespaces - to the abstract GCP container objects they are scoped by via - namespaces. For most resource types, this is a project, but - certain resources live outside the scope of a project, like - folders or projects themselves. Containers are expressed as - annotations on a given Namespace, though users may provide resource-level - overrides. - items: - properties: - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that represents the implicit reference - to the container object. Use periods to delimit the fields - in the path. For example, if the field is "bar" nested - inside "foo" ("foo" being either an object or a list of - objects), the associated TFField should be "foo.bar") - type: string - type: - description: Type is the type of container this represents. - type: string - valueTemplate: - description: ValueTemplate is a template by which the value - of the container annotation should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the container annotation is "123456789", a valueTemplate - of "folders/{{value}}" would mean the final value passed - to the provider is "folders/123456789" - type: string - required: - - type - - tfField - type: object - type: array - directives: - description: Directives is a list of Terraform fields that perform - unique behaviors on top of the resource which are not part of - a GET response. If the KCC annotation's key contains a directive - from this list (e.g. `cnrm.cloud.google.com/force-destroy`), - the value from the annotation is stored/overwritten in the TF - config (e.g. force_destroy -> true) - items: - type: string - type: array - iamConfig: - description: IAMConfig contains the mappings from a given resource - onto its associated terraform IAM resources (policies, bindings, - and members) - properties: - policyMemberName: - description: PolicyMemberName is the terraform name of the - associated IAM Policy Member resource (e.g. google_spanner_instance_iam_member) - type: string - policyName: - description: PolicyName is the terraform name of the associated - IAM Policy resource (e.g. google_spanner_instance_iam_policy) - type: string - referenceField: - description: A description of the manner in which the IAM - Policy references its resource. - properties: - name: - description: The name of the field in the policy or binding - which references the resource. For 'google_spanner_instance_iam_policy' - this value is 'instance'. - type: string - type: - description: The type of value that should be used in - this field. It can be one of { name, id }. For 'google_spanner_instance_iam_policy' - it would be 'name' for 'google_kms_key_ring_iam_policy' - it would be 'id'. - type: string - required: - - name - - type - type: object - supportsConditions: - description: SupportsConditions indicates whether or not the - resource supports IAM Conditions. - type: boolean - required: - - policyName - - policyMemberName - - supportsConditions - type: object - idTemplate: - description: IDTemplate defines the format in which the ID fed - into the TF resource's importer should look. Fields may be sourced - from the TF resource by using the `{{foo}}` syntax. (e.g. {{project}}/{{location}}/{{name}}. - If SkipImport is true, this must be specified, and its expanded - form will be directly used as the TF resource's `id` field. - type: string - ignoredFields: - description: IgnoredFields is a list of fields that should be - dropped from the underlying Terraform resource. - items: - type: string - type: array - kind: - description: Kind is the Kubernetes kind you wish the resource - to have. - type: string - locationality: - description: 'Locationality categorizes the GCP resources as global, - regional, or zonal. It''s only applicable to the effort of unifying - multiple locational TF resources into one, e.g. KCC could have - a single ComputeAddress CRD to represent two TF/GCE resources - - compute address and global compute address. The location field - in ComputeAddress CRD is used to specify whether it is a global - address or regional address. If unset, it''s assumed that there - is no multiple TF locational resources mapping to the same compute - resource schema. Currently, this supports the following values: - global, regional, zonal.' - type: string - metadataMapping: - description: MetadataMapping determines how to map Kubernetes - metadata fields to the Terraform resource's configuration. - properties: - labels: - description: Labels is a JSONPath to the field in the TF resource - where the KRM "metadata.labels" field will be mapped to. - By default, this is mapped to the "labels" field, if that - field is found in the TF resource schema. - type: string - name: - description: Name is a JSONPath to the field in the TF resource - where the KRM "metadata.name" field will be mapped to. By - default, this is mapped to the "name" field, if that field - is found in the TF resource schema. - type: string - nameValueTemplate: - description: NameValueTemplate is a template by which the - value of the metadata.name value should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from metadata.name is "foo_bar", a nameValueTemplate of - "resource/{{value}}" would mean the final value passed to - the provider is "resource/foo_bar" - type: string - type: object - name: - description: Name is the Terraform name of the resource (e.g. - google_spanner_instance) - type: string - resourceReferences: - description: ResourceReferences configures the mapping of fields - in the Terraform resource that implicitly define references - to other GCP resources into explicit Kubernetes-style references. - items: - properties: - group: - description: Group is the Kubernetes group of the resource - being referenced. If not is set, it is implied that the - kind specified is unique across all groups. - type: string - jsonSchemaType: - description: JSONSchemaType specifies the type as understood - by JSON schema validation of this reference field. Should - never be specified for a TypeConfig inlined in the ReferenceConfig. This - field is mutually exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow the - Kubernetes reference naming semantics: `fooRef`, where - foo is some describer of what is being referenced (e.g. instanceRef, - healthCheckRef) Complex references (those with a "Types" - list defined) or lists of references should not specify - a key.' - type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are assumed - to match the referencing resource's. This field is mutually - exclusive with JSONSchemaType. - type: string - parent: - description: Parent specifies whether the referenced resource - is a parent. If the parent is successfully deleted, this - resource may be deleted without any call to the underlying - API. Only one parent may be present. A parent reference's - TFField must not be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's Terraform - field that will be extracted and set as the value of the - TFField. For example, a ComputeSubnetwork can reference - a ComputeNetwork's self link by setting TargetField to - "self_link", a field defined on the google_compute_network - resource. - type: string - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that is the implicit reference. Use - periods to delimit the fields in the path. For example, - if the reference field is "bar" nested inside "foo" ("foo" - being either an object or a list of objects), the associated - TFField should be "foo.bar") - type: string - types: - description: Types is the supported types this resource - reference supports. Must not be specified if the inlined - TypeConfig is filled out. If the value for the reference - is not specified in the KRM spec, it is possible that - a default value may be set by GCP. This default reference - value will be populated in the KRM resource's spec. In - cases where a resource reference has multiple types, the - first type in this list will become the default TypeConfig - for that value. - items: - properties: - group: - description: Group is the Kubernetes group of the - resource being referenced. If not is set, it is - implied that the kind specified is unique across - all groups. - type: string - jsonSchemaType: - description: JSONSchemaType specifies the type as - understood by JSON schema validation of this reference - field. Should never be specified for a TypeConfig - inlined in the ReferenceConfig. This field is mutually - exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow - the Kubernetes reference naming semantics: `fooRef`, - where foo is some describer of what is being referenced - (e.g. instanceRef, healthCheckRef) Complex references - (those with a "Types" list defined) or lists of - references should not specify a key.' - type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are - assumed to match the referencing resource's. This - field is mutually exclusive with JSONSchemaType. - type: string - parent: - description: Parent specifies whether the referenced - resource is a parent. If the parent is successfully - deleted, this resource may be deleted without any - call to the underlying API. Only one parent may - be present. A parent reference's TFField must not - be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's - Terraform field that will be extracted and set as - the value of the TFField. For example, a ComputeSubnetwork - can reference a ComputeNetwork's self link by setting - TargetField to "self_link", a field defined on the - google_compute_network resource. - type: string - valueTemplate: - description: ValueTemplate is a template by which - the value sourced from the reference should be interpreted - before being passed to the Terraform provider. {{value}} - is used in place of this sourced value. e.g. If - the value sourced from the reference is "foo@domain.com", - a valueTemplate of "serviceAccount:{{value}}" would - mean the final value passed to the provider is "serviceAccount:foo@domain.com" - type: string - type: object - type: array - valueTemplate: - description: ValueTemplate is a template by which the value - sourced from the reference should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the reference is "foo@domain.com", a valueTemplate - of "serviceAccount:{{value}}" would mean the final value - passed to the provider is "serviceAccount:foo@domain.com" - type: string - required: - - tfField - type: object - type: array - serverGeneratedIDField: - description: ServerGeneratedIDField is the field in the resource's - status that corresponds to the server-generated resource ID. - If unset, it's assumed the resource ID is specified by the user. - Resources with this set do not support acquisition. - type: string - skipImport: - description: SkipImport skips the import step when fetching the - live state of the underlying resource. If specified, IDTemplate - must also be specified, and its expanded form will be used as - the TF resource's `id` field. - type: boolean - required: - - name - - kind - type: object - type: array - version: - description: Version is the API version for all the resource CRDs being - generated. - type: string - required: - - name - - version - - resources - type: object - type: object - version: v1alpha1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com.yaml deleted file mode 100644 index 4a6589fc495..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com -spec: - group: servicenetworking.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections - shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - type: string - required: - - networkRef - - reservedPeeringRanges - - service - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - peering: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serviceusage.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serviceusage.cnrm.cloud.google.com.yaml deleted file mode 100644 index a648e1e58a4..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_services.serviceusage.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,75 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Service - plural: services - shortNames: - - gcpservice - - gcpservices - singular: service - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sourcereporepositories.sourcerepo.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sourcereporepositories.sourcerepo.cnrm.cloud.google.com.yaml deleted file mode 100644 index 3a9e99502c0..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sourcereporepositories.sourcerepo.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com -spec: - group: sourcerepo.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SourceRepoRepository - plural: sourcereporepositories - shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: |- - How this repository publishes a change in the repository through Cloud Pub/Sub. - Keyed by the topic names. - items: - properties: - messageFormat: - description: |- - The format of the Cloud Pub/Sub messages. - - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. - - JSON: The message payload is a JSON string of SourceRepoEvent. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - messageFormat - - topicRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source Repositories. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerdatabases.spanner.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerdatabases.spanner.cnrm.cloud.google.com.yaml deleted file mode 100644 index 6f44a54488e..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerdatabases.spanner.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerDatabase - plural: spannerdatabases - shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: An explanation of the status of the database. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerinstances.spanner.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerinstances.spanner.cnrm.cloud.google.com.yaml deleted file mode 100644 index f2683c97d61..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_spannerinstances.spanner.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerInstance - plural: spannerinstances - shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - config: - description: |- - The name of the instance's configuration (similar but not - quite the same as a region) which defines defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). - type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. - type: string - numNodes: - description: The number of nodes allocated to this instance. - type: integer - required: - - config - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: 'Instance status: ''CREATING'' or ''READY''.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqldatabases.sql.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqldatabases.sql.cnrm.cloud.google.com.yaml deleted file mode 100644 index f4853066d94..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqldatabases.sql.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,125 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLDatabase - plural: sqldatabases - shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlinstances.sql.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlinstances.sql.cnrm.cloud.google.com.yaml deleted file mode 100644 index b20db149427..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlinstances.sql.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,355 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLInstance - plural: sqlinstances - shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - databaseVersion: - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - type: string - replicaConfiguration: - properties: - caCertificate: - type: string - clientCertificate: - type: string - clientKey: - type: string - connectRetryInterval: - type: integer - dumpFilePath: - type: string - failoverTarget: - type: boolean - masterHeartbeatPeriod: - type: integer - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sslCipher: - type: string - username: - type: string - verifyServerCertificate: - type: boolean - type: object - rootPassword: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - settings: - properties: - activationPolicy: - type: string - authorizedGaeApplications: - items: - type: string - type: array - availabilityType: - type: string - backupConfiguration: - properties: - binaryLogEnabled: - type: boolean - enabled: - type: boolean - location: - type: string - startTime: - type: string - type: object - crashSafeReplication: - type: boolean - databaseFlags: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - diskAutoresize: - type: boolean - diskSize: - type: integer - diskType: - type: string - ipConfiguration: - properties: - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - ipv4Enabled: - type: boolean - privateNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - type: string - zone: - type: string - type: object - maintenanceWindow: - properties: - day: - type: integer - hour: - type: integer - updateTrack: - type: string - type: object - pricingPlan: - type: string - replicationType: - type: string - tier: - type: string - required: - - tier - type: object - required: - - settings - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - connectionName: - type: string - firstIpAddress: - type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - type: string - serverCaCert: - properties: - cert: - type: string - commonName: - type: string - createTime: - type: string - expirationTime: - type: string - sha1Fingerprint: - type: string - type: object - serviceAccountEmailAddress: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlusers.sql.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlusers.sql.cnrm.cloud.google.com.yaml deleted file mode 100644 index b1fa9ad32bc..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_sqlusers.sql.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,146 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLUser - plural: sqlusers - shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebucketaccesscontrols.storage.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebucketaccesscontrols.storage.cnrm.cloud.google.com.yaml deleted file mode 100644 index 73808514834..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebucketaccesscontrols.storage.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols - shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. - type: string - role: - description: The access permission for the entity. - type: string - required: - - bucketRef - - entity - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebuckets.storage.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebuckets.storage.cnrm.cloud.google.com.yaml deleted file mode 100644 index ce5a092a893..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagebuckets.storage.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,203 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucket - plural: storagebuckets - shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketPolicyOnly: - type: boolean - cors: - items: - properties: - maxAgeSeconds: - type: integer - method: - items: - type: string - type: array - origin: - items: - type: string - type: array - responseHeader: - items: - type: string - type: array - type: object - type: array - encryption: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - items: - properties: - action: - properties: - storageClass: - type: string - type: - type: string - required: - - type - type: object - condition: - properties: - age: - type: integer - createdBefore: - type: string - matchesStorageClass: - items: - type: string - type: array - numNewerVersions: - type: integer - withState: - type: string - type: object - required: - - action - - condition - type: object - type: array - location: - type: string - logging: - properties: - logBucket: - type: string - logObjectPrefix: - type: string - required: - - logBucket - type: object - requesterPays: - type: boolean - retentionPolicy: - properties: - isLocked: - type: boolean - retentionPeriod: - type: integer - required: - - retentionPeriod - type: object - storageClass: - type: string - versioning: - properties: - enabled: - type: boolean - required: - - enabled - type: object - website: - properties: - mainPageSuffix: - type: string - notFoundPage: - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - url: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com.yaml deleted file mode 100644 index b2c619c8dc6..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,150 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols - shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - type: string - object: - description: The name of the object, if applied to an object. - type: string - role: - description: The access permission for the entity. - type: string - required: - - bucketRef - - entity - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - entityId: - description: The ID for the entity - type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer - projectTeam: - description: The project team associated with the entity - properties: - projectNumber: - description: The project team associated with the entity - type: string - team: - description: The team. - type: string - type: object - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagenotifications.storage.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagenotifications.storage.cnrm.cloud.google.com.yaml deleted file mode 100644 index 2d69ce8dfff..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apiextensions.k8s.io_v1beta1_customresourcedefinition_storagenotifications.storage.cnrm.cloud.google.com.yaml +++ /dev/null @@ -1,150 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageNotification - plural: storagenotifications - shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - customAttributes: - additionalProperties: - type: string - type: object - eventTypes: - items: - type: string - type: array - objectNamePrefix: - type: string - payloadFormat: - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - bucketRef - - payloadFormat - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - notificationId: - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-resource-stats-recorder.yaml b/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-resource-stats-recorder.yaml deleted file mode 100644 index 16c09dac0fe..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-resource-stats-recorder.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system -spec: - replicas: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --prometheus-scrape-endpoint=:8888 - - --metric-interval=60 - command: - - /configconnector/recorder - env: - - name: CONFIG_CONNECTOR_VERSION - value: 1.7.1 - image: gcr.io/cnrm-eap/recorder:f190973 - imagePullPolicy: Always - name: recorder - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-resource-stats-recorder - terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-webhook-manager.yaml b/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-webhook-manager.yaml deleted file mode 100644 index fc21793719c..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apps_v1_deployment_cnrm-webhook-manager.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system -spec: - replicas: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/webhook - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:f190973 - imagePullPolicy: Always - name: webhook - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-webhook-manager - terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/.build/cnrm-install-system/apps_v1_statefulset_cnrm-deletiondefender.yaml b/test-infra/management/.build/cnrm-install-system/apps_v1_statefulset_cnrm-deletiondefender.yaml deleted file mode 100644 index 7db463b07c5..00000000000 --- a/test-infra/management/.build/cnrm-install-system/apps_v1_statefulset_cnrm-deletiondefender.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - serviceName: cnrm-deletiondefender - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:f190973 - imagePullPolicy: Always - name: deletiondefender - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-deletiondefender - terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_apps_v1_statefulset_configconnector-operator.yaml b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_apps_v1_statefulset_configconnector-operator.yaml new file mode 100644 index 00000000000..844133ba2d7 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_apps_v1_statefulset_configconnector-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator + namespace: configconnector-operator-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + serviceName: configconnector-operator-service + template: + metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + spec: + containers: + - args: + - --local-repo=/configconnector-operator/channels + command: + - /configconnector-operator/manager + image: gcr.io/gke-release/cnrm/operator:737484d + name: manager + resources: + limits: + memory: 200Mi + requests: + cpu: 50m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: configconnector-operator + terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_service_configconnector-operator-service.yaml b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_service_configconnector-operator-service.yaml new file mode 100644 index 00000000000..5f2994ad27a --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_service_configconnector-operator-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-service + namespace: configconnector-operator-system +spec: + ports: + - name: controller-manager + port: 443 + selector: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" diff --git a/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_serviceaccount_configconnector-operator.yaml b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_serviceaccount_configconnector-operator.yaml new file mode 100644 index 00000000000..ade2cbd0700 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/configconnector-operator-system_~g_v1_serviceaccount_configconnector-operator.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator + namespace: configconnector-operator-system diff --git a/test-infra/management/.build/cnrm-install-system/default_core.cnrm.cloud.google.com_v1beta1_configconnector_configconnector.core.cnrm.cloud.google.com.yaml b/test-infra/management/.build/cnrm-install-system/default_core.cnrm.cloud.google.com_v1beta1_configconnector_configconnector.core.cnrm.cloud.google.com.yaml new file mode 100644 index 00000000000..48ce4369294 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/default_core.cnrm.cloud.google.com_v1beta1_configconnector_configconnector.core.cnrm.cloud.google.com.yaml @@ -0,0 +1,7 @@ +apiVersion: core.cnrm.cloud.google.com/v1beta1 +kind: ConfigConnector +metadata: + name: configconnector.core.cnrm.cloud.google.com +spec: + googleServiceAccount: kf-ci-management-cnrm-system@kubeflow-ci.iam.gserviceaccount.com + mode: cluster diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-admin.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-admin.yaml deleted file mode 100644 index 604da01401b..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-admin.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin -rules: -- apiGroups: - - accesscontextmanager.cnrm.cloud.google.com - - bigquery.cnrm.cloud.google.com - - bigtable.cnrm.cloud.google.com - - cloudbuild.cnrm.cloud.google.com - - compute.cnrm.cloud.google.com - - container.cnrm.cloud.google.com - - dataflow.cnrm.cloud.google.com - - dns.cnrm.cloud.google.com - - firestore.cnrm.cloud.google.com - - iam.cnrm.cloud.google.com - - kms.cnrm.cloud.google.com - - pubsub.cnrm.cloud.google.com - - redis.cnrm.cloud.google.com - - resourcemanager.cnrm.cloud.google.com - - servicenetworking.cnrm.cloud.google.com - - serviceusage.cnrm.cloud.google.com - - sourcerepo.cnrm.cloud.google.com - - spanner.cnrm.cloud.google.com - - sql.cnrm.cloud.google.com - - storage.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-deletiondefender-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-deletiondefender-role.yaml deleted file mode 100644 index c99bc1f8c80..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-deletiondefender-role.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-cluster-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-cluster-role.yaml deleted file mode 100644 index 025fbf04a91..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-cluster-role.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-ns-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-ns-role.yaml deleted file mode 100644 index 689ee8042c3..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-manager-ns-role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: -- apiGroups: - - "" - resources: - - events - - configmaps - - secrets - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-recorder-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-recorder-role.yaml deleted file mode 100644 index 2fe01ccbd29..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-recorder-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-webhook-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-webhook-role.yaml deleted file mode 100644 index 2a900bc8545..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_cnrm-webhook-role.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-role -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_configconnector-operator-manager-role.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_configconnector-operator-manager-role.yaml new file mode 100644 index 00000000000..d96b7cb6d3d --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrole_configconnector-operator-manager-role.yaml @@ -0,0 +1,158 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - events + - namespaces + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - configconnectors + - configconnectorcontexts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - configconnectors/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - roles + verbs: + - create + - delete + - escalate + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - cnrm-admin + - cnrm-manager-cluster-role + - cnrm-manager-ns-role + - cnrm-recorder-role + - cnrm-webhook-role + resources: + - clusterroles + verbs: + - bind +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-admin-binding.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-admin-binding.yaml deleted file mode 100644 index 9eb82eef865..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-admin-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-admin -subjects: -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-deletiondefender-binding.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-deletiondefender-binding.yaml deleted file mode 100644 index f40ff63987a..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-deletiondefender-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-deletiondefender-role -subjects: -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-recorder-binding.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-recorder-binding.yaml deleted file mode 100644 index e857e78d5fc..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-recorder-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-recorder-role -subjects: -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-webhook-binding.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-webhook-binding.yaml deleted file mode 100644 index a8293095a35..00000000000 --- a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_cnrm-webhook-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-webhook-role -subjects: -- kind: ServiceAccount - name: cnrm-webhook-manager - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_configconnector-operator-rolebinding.yaml b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_configconnector-operator-rolebinding.yaml new file mode 100644 index 00000000000..2937297b6ba --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/rbac.authorization.k8s.io_v1_clusterrolebinding_configconnector-operator-rolebinding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: configconnector-operator-manager-role +subjects: +- kind: ServiceAccount + name: configconnector-operator + namespace: configconnector-operator-system diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_cnrm-system.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_cnrm-system.yaml deleted file mode 100644 index 0d8d85b8a53..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_cnrm-system.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_configconnector-operator-system.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_configconnector-operator-system.yaml new file mode 100644 index 00000000000..8b7686b6be0 --- /dev/null +++ b/test-infra/management/.build/cnrm-install-system/~g_v1_namespace_configconnector-operator-system.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-system diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-deletiondefender.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-deletiondefender.yaml deleted file mode 100644 index 797822427be..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-deletiondefender.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - ports: - - name: deletiondefender - port: 443 - selector: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-resource-stats-recorder-service.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-resource-stats-recorder-service.yaml deleted file mode 100644 index b2f970fef3a..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_service_cnrm-resource-stats-recorder-service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - prometheus.io/port: "8888" - prometheus.io/scrape: "true" - labels: - cnrm.cloud.google.com/monitored: "true" - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder-service - namespace: cnrm-system -spec: - ports: - - name: metrics - port: 8888 - selector: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-deletiondefender.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-deletiondefender.yaml deleted file mode 100644 index 335436ac787..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-deletiondefender.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-resource-stats-recorder.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-resource-stats-recorder.yaml deleted file mode 100644 index 22224e97548..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-resource-stats-recorder.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system diff --git a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-webhook-manager.yaml b/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-webhook-manager.yaml deleted file mode 100644 index 61b56df973a..00000000000 --- a/test-infra/management/.build/cnrm-install-system/~g_v1_serviceaccount_cnrm-webhook-manager.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system diff --git a/test-infra/management/Makefile b/test-infra/management/Makefile index 13b68c38c91..42d582e078b 100644 --- a/test-infra/management/Makefile +++ b/test-infra/management/Makefile @@ -5,8 +5,8 @@ NAME=$(shell yq r ./instance/settings.yaml name) MGMTCTXT=$(NAME) # The URL you want to fetch manifests from -# TODO(jlewi): Change to kubeflow/gcp-blueprints once its checked in -MANIFESTS_URL=https://github.com/jlewi/manifests.git/gcp/v2/management@blueprints +# TODO(Bobgy): Change to kubeflow/gcp-blueprints once its checked in +MANIFESTS_URL=https://github.com/Bobgy/manifests.git/gcp/v2/management@gcp_120 PROJECT=$(shell yq r ./instance/settings.yaml project) @@ -22,10 +22,8 @@ echo-ctxt: # Get packages .PHONY: get-pkg get-pkg: - # TODO(jlewi): We should switch to using upstream kubeflow/manifests and pin - # to a specific version # TODO(jlewi): We should think about how we layout packages in kubeflow/manifests so - # users don't end up pulling tests or other things they don't need. + # users don't end up pulling tests or other things they don't need. mkdir -p ./upstream kpt pkg get $(MANIFESTS_URL) $(MANIFESTS_DIR) @@ -40,7 +38,7 @@ hydrate: rm -rf .build mkdir -p .build/ mkdir -p .build/cluster - kustomize build $(INSTANCE_DIR)/cluster -o .build/cluster + kustomize build $(INSTANCE_DIR)/cluster -o .build/cluster # Create a kubeconfig context for the kubeflow cluster @@ -52,11 +50,22 @@ create-ctxt: .PHONY: hydrate-kcc hydrate-kcc: - rm -rf ./.build/cnrm-install-system - mkdir -p ./.build/cnrm-install-system + rm -rf ./.build/cnrm-install-system + mkdir -p ./.build/cnrm-install-system + rm -rf ./.build/cnrm-install-iam + mkdir -p ./.build/cnrm-install-iam kustomize build -o ./.build/cnrm-install-system $(INSTANCE_DIR)/cnrm-install-system + kustomize build -o ./.build/cnrm-install-iam $(INSTANCE_DIR)/cnrm-install-iam .PHONY: apply-kcc apply-kcc: hydrate-kcc - kubectl --context=$(MGMTCTXT) apply -f .build/cnrm-install-system/~g_v1_namespace_cnrm-system.yaml - kubectl --context=$(MGMTCTXT) apply -f .build/cnrm-install-system \ No newline at end of file + kubectl --context=$(MGMTCTXT) apply -f .build/cnrm-install-system + +.PHONY: apply-managed-project +apply-managed-project: + kpt cfg set instance managed-project kubeflow-ci-deployment + anthoscli apply -f instance/managed-project/iam.yaml + kpt cfg set instance managed-project github-probots + anthoscli apply -f instance/managed-project/iam.yaml + kpt cfg set instance managed-project issue-label-bot-dev + anthoscli apply -f instance/managed-project/iam.yaml diff --git a/test-infra/management/configsync/config-management.yaml b/test-infra/management/configsync/config-management.yaml index 39396ae4b31..014aadcb393 100644 --- a/test-infra/management/configsync/config-management.yaml +++ b/test-infra/management/configsync/config-management.yaml @@ -6,7 +6,7 @@ metadata: gke.io/cluster: "gke://kubeflow-ci/us-central1/kf-ci-management" # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"kubeflow-ci"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1"}]}} spec: clusterName: "gke://kubeflow-ci/us-central1/kf-ci-management" # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"kubeflow-ci"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1"}]}} - git: + git: syncRepo: "https://github.com/kubeflow/testing.git" # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"source_repo","value":"https://github.com/jlewi/community-infra.git"}]}} syncBranch: master secretType: none diff --git a/test-infra/management/instance/Kptfile b/test-infra/management/instance/Kptfile new file mode 100644 index 00000000000..f17e05ddae1 --- /dev/null +++ b/test-infra/management/instance/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: . +openAPI: + definitions: + io.k8s.cli.setters.gcloud.core.project: + x-k8s-cli: + setter: + name: gcloud.core.project + value: kubeflow-ci + isSet: true + io.k8s.cli.setters.name: + x-k8s-cli: + setter: + name: name + value: kf-ci-management + isSet: true + io.k8s.cli.substitutions.managed-project-owner-member: + x-k8s-cli: + substitution: + name: managed-project-owner-member + pattern: serviceAccount:${name}-cnrm-system@${gcloud.core.project}.iam.gserviceaccount.com + values: + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + - marker: ${gcloud.core.project} + ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' + io.k8s.cli.setters.managed-project: + x-k8s-cli: + setter: + name: managed-project + value: issue-label-bot-dev + isSet: true diff --git a/test-infra/management/instance/cluster/cluster.yaml b/test-infra/management/instance/cluster/cluster.yaml deleted file mode 100644 index 4feac184fdd..00000000000 --- a/test-infra/management/instance/cluster/cluster.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This is a patch for the management cluster. -# It is used to define user specific values. -apiVersion: identity.cnrm.cloud.google.com/v1alpha2 -kind: IdentityNamespace -metadata: - name: default ---- -# TODO(jlewi): Use a regional cluster? There should no longer be any cost savings to using zonal -apiVersion: container.cnrm.cloud.google.com/v1alpha2 -kind: ContainerCluster -metadata: - clusterName: "kubeflow-ci/us-central1/kf-ci-management" # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"kubeflow-ci"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1"}]}} - name: kf-ci-management # {"type":"string","x-kustomize":{"setter":{"name":"name","value":"kf-ci-management"}}} -spec: - # Use a regional cluster. Regional offer higher availability and the cluster management fee is the same. - location: us-central1 # {"type":"string","x-kustomize":{"setter":{"name":"location","value":"us-central1"}}} diff --git a/test-infra/management/instance/cluster/kustomization.yaml b/test-infra/management/instance/cluster/kustomization.yaml index 55cb7a20816..28ea0299f6e 100644 --- a/test-infra/management/instance/cluster/kustomization.yaml +++ b/test-infra/management/instance/cluster/kustomization.yaml @@ -1,8 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: kubeflow-ci # {"type":"string","x-kustomize":{"setter":{"name":"gcloud.core.project","value":"kubeflow-ci"}}} +namespace: kubeflow-ci resources: - ../../upstream/management/cluster -patchesStrategicMerge: -- cluster.yaml -- nodepool.yaml diff --git a/test-infra/management/instance/cluster/nodepool.yaml b/test-infra/management/instance/cluster/nodepool.yaml deleted file mode 100644 index 691839052c2..00000000000 --- a/test-infra/management/instance/cluster/nodepool.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: container.cnrm.cloud.google.com/v1alpha2 -kind: ContainerNodePool -metadata: - clusterName: "kubeflow-ci/us-central1/kf-ci-management" # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"kubeflow-ci"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1"}]}} - name: kf-ci-management-pool # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"project-id"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1-f"}]}} diff --git a/test-infra/management/instance/cnrm-install-iam/kustomization.yaml b/test-infra/management/instance/cnrm-install-iam/kustomization.yaml new file mode 100644 index 00000000000..398f93b01aa --- /dev/null +++ b/test-infra/management/instance/cnrm-install-iam/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow-ci # {"$kpt-set":"gcloud.core.project"} +resources: +- ../../upstream/management/cnrm-install/iam diff --git a/test-infra/management/instance/cnrm-install-system/0-cnrm-system.yaml b/test-infra/management/instance/cnrm-install-system/0-cnrm-system.yaml deleted file mode 100644 index 14e3bf6c9a9..00000000000 --- a/test-infra/management/instance/cnrm-install-system/0-cnrm-system.yaml +++ /dev/null @@ -1,823 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - iam.gke.io/gcp-service-account: ci-projects-manager@kubeflow-ci.iam.gserviceaccount.com # {"$kpt-set":"cnrm-system"} - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-controller-manager - namespace: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-cnrm-system-role - namespace: cnrm-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-cnrm-system-role - namespace: cnrm-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin -rules: -- apiGroups: - - accesscontextmanager.cnrm.cloud.google.com - - artifactregistry.cnrm.cloud.google.com - - bigquery.cnrm.cloud.google.com - - bigtable.cnrm.cloud.google.com - - cloudbuild.cnrm.cloud.google.com - - compute.cnrm.cloud.google.com - - container.cnrm.cloud.google.com - - dataflow.cnrm.cloud.google.com - - dns.cnrm.cloud.google.com - - firestore.cnrm.cloud.google.com - - iam.cnrm.cloud.google.com - - kms.cnrm.cloud.google.com - - logging.cnrm.cloud.google.com - - monitoring.cnrm.cloud.google.com - - pubsub.cnrm.cloud.google.com - - redis.cnrm.cloud.google.com - - resourcemanager.cnrm.cloud.google.com - - secretmanager.cnrm.cloud.google.com - - servicenetworking.cnrm.cloud.google.com - - serviceusage.cnrm.cloud.google.com - - sourcerepo.cnrm.cloud.google.com - - spanner.cnrm.cloud.google.com - - sql.cnrm.cloud.google.com - - storage.cnrm.cloud.google.com - - storagetransfer.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: -- apiGroups: - - "" - resources: - - events - - configmaps - - secrets - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-role -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role-binding - namespace: cnrm-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cnrm-deletiondefender-cnrm-system-role -subjects: -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-role-binding - namespace: cnrm-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cnrm-webhook-cnrm-system-role -subjects: -- kind: ServiceAccount - name: cnrm-webhook-manager - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-admin -subjects: -- kind: ServiceAccount - name: cnrm-controller-manager - namespace: cnrm-system -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-deletiondefender-role -subjects: -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-manager-cluster-role -subjects: -- kind: ServiceAccount - name: cnrm-controller-manager - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-watcher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-manager-ns-role -subjects: -- kind: ServiceAccount - name: cnrm-controller-manager - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-recorder-role -subjects: -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-webhook-role -subjects: -- kind: ServiceAccount - name: cnrm-webhook-manager - namespace: cnrm-system ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - ports: - - name: deletiondefender - port: 443 - selector: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - prometheus.io/port: "8888" - prometheus.io/scrape: "true" - labels: - cnrm.cloud.google.com/monitored: "true" - cnrm.cloud.google.com/system: "true" - name: cnrm-manager - namespace: cnrm-system -spec: - ports: - - name: controller-manager - port: 443 - - name: metrics - port: 8888 - selector: - cnrm.cloud.google.com/component: cnrm-controller-manager - cnrm.cloud.google.com/system: "true" ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - prometheus.io/port: "8888" - prometheus.io/scrape: "true" - labels: - cnrm.cloud.google.com/monitored: "true" - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder-service - namespace: cnrm-system -spec: - ports: - - name: metrics - port: 8888 - selector: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --prometheus-scrape-endpoint=:8888 - - --metric-interval=60 - command: - - /configconnector/recorder - env: - - name: CONFIG_CONNECTOR_VERSION - value: 1.27.2 - image: gcr.io/cnrm-eap/recorder:1c8c589 - imagePullPolicy: Always - name: recorder - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 40m - memory: 64Mi - requests: - cpu: 20m - memory: 32Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-resource-stats-recorder - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system -spec: - revisionHistoryLimit: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/webhook - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:1c8c589 - imagePullPolicy: Always - name: webhook - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 40m - memory: 64Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-webhook-manager - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-controller-manager - cnrm.cloud.google.com/system: "true" - name: cnrm-controller-manager - namespace: cnrm-system -spec: - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-controller-manager - cnrm.cloud.google.com/system: "true" - serviceName: cnrm-manager - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-controller-manager - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - - --prometheus-scrape-endpoint=:8888 - command: - - /configconnector/manager - image: gcr.io/cnrm-eap/controller:1c8c589 - imagePullPolicy: Always - name: manager - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-controller-manager - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - serviceName: cnrm-deletiondefender - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:1c8c589 - imagePullPolicy: Always - name: deletiondefender - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - memory: 64Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-deletiondefender - terminationGracePeriodSeconds: 10 ---- -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook - namespace: cnrm-system -spec: - maxReplicas: 10 - metrics: - - resource: - name: cpu - target: - averageUtilization: 60 - type: Utilization - type: Resource - minReplicas: 2 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: cnrm-webhook-manager diff --git a/test-infra/management/instance/cnrm-install-system/crds.yaml b/test-infra/management/instance/cnrm-install-system/crds.yaml deleted file mode 100644 index ba87c6454db..00000000000 --- a/test-infra/management/instance/cnrm-install-system/crds.yaml +++ /dev/null @@ -1,24978 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessLevel - plural: accesscontextmanageraccesslevels - shortNames: - - gcpaccesscontextmanageraccesslevel - - gcpaccesscontextmanageraccesslevels - singular: accesscontextmanageraccesslevel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - accessPolicyRef: - description: |- - The AccessContextManagerAccessPolicy this - AccessContextManagerAccessLevel lives in. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an AccessContextManagerAccessPolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - basic: - description: A set of predefined conditions for the access level and - a combining function. - properties: - combiningFunction: - description: |- - How the conditions list should be combined to determine if a request - is granted this AccessLevel. If AND is used, each Condition in - conditions must be satisfied for the AccessLevel to be applied. If - OR is used, at least one Condition in conditions must be satisfied - for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"] - type: string - conditions: - description: A set of requirements for the AccessLevel to be granted. - items: - properties: - devicePolicy: - description: |- - Device specific restrictions, all restrictions must hold for - the Condition to be true. If not specified, all devices are - allowed. - properties: - allowedDeviceManagementLevels: - description: |- - A list of allowed device management levels. - An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"] - items: - type: string - type: array - allowedEncryptionStatuses: - description: |- - A list of allowed encryptions statuses. - An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"] - items: - type: string - type: array - osConstraints: - description: |- - A list of allowed OS versions. - An empty list allows all types and all versions. - items: - properties: - minimumVersion: - description: |- - The minimum allowed OS version. If not set, any version - of this OS satisfies the constraint. - Format: "major.minor.patch" such as "10.5.301", "9.2.1". - type: string - osType: - description: 'The operating system type of the device. - Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", - "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS"]' - type: string - required: - - osType - type: object - type: array - requireAdminApproval: - description: Whether the device needs to be approved by - the customer admin. - type: boolean - requireCorpOwned: - description: Whether the device needs to be corp owned. - type: boolean - requireScreenLock: - description: |- - Whether or not screenlock is required for the DevicePolicy - to be true. Defaults to false. - type: boolean - type: object - ipSubnetworks: - description: |- - A list of CIDR block IP subnetwork specification. May be IPv4 - or IPv6. - Note that for a CIDR IP address block, the specified IP address - portion must be properly truncated (i.e. all the host bits must - be zero) or the input is considered malformed. For example, - "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, - for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" - is not. The originating IP of a request must be in one of the - listed subnets in order for this Condition to be true. - If empty, all IP addresses are allowed. - items: - type: string - type: array - members: - items: - description: |- - An allowed list of members (users, service accounts). - Using groups is not supported. - - The signed-in user originating the request must be a part of one - of the provided members. If not specified, a request may come - from any user (logged in/not logged in, not present in any - groups, etc.). - oneOf: - - required: - - serviceAccountRef - - required: - - user - properties: - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - user: - type: string - type: object - type: array - negate: - description: |- - Whether to negate the Condition. If true, the Condition becomes - a NAND over its non-empty fields, each field must be false for - the Condition overall to be satisfied. Defaults to false. - type: boolean - regions: - description: |- - The request must originate from one of the provided - countries/regions. - Format: A valid ISO 3166-1 alpha-2 code. - items: - type: string - type: array - requiredAccessLevels: - items: - description: |- - A list of other access levels defined in the same policy. - Referencing an AccessContextManagerAccessLevel which does not exist - is an error. All access levels listed must be granted for the - condition to be true. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an AccessContextManagerAccessLevel. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - type: array - required: - - conditions - type: object - custom: - description: "Custom access level conditions are set using the Cloud - Common Expression Language to represent the necessary conditions for - the level to apply to a request. \nSee CEL spec at: https://github.com/google/cel-spec." - properties: - expr: - description: "Represents a textual expression in the Common Expression - Language (CEL) syntax. CEL is a C-like expression language.\nThis - page details the objects and attributes that are used to the build - the CEL expressions for \ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec." - properties: - description: - description: Description of the expression - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: String indicating the location of the expression - for error reporting, e.g. a file name and a position in the - file - type: string - title: - description: Title for the expression, i.e. a short string describing - its purpose. - type: string - required: - - expression - type: object - required: - - expr - type: object - description: - description: Description of the AccessLevel and its use. Does not affect - behavior. - type: string - title: - description: Human readable title. Must be unique within the Policy. - type: string - required: - - accessPolicyRef - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessPolicy - plural: accesscontextmanageraccesspolicies - shortNames: - - gcpaccesscontextmanageraccesspolicy - - gcpaccesscontextmanageraccesspolicies - singular: accesscontextmanageraccesspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - title: - description: Human readable title. Does not affect behavior. - type: string - required: - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time the AccessPolicy was created in UTC. - type: string - name: - description: 'Resource name of the AccessPolicy. Format: {policy_id}' - type: string - updateTime: - description: Time the AccessPolicy was updated in UTC. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerServicePerimeter - plural: accesscontextmanagerserviceperimeters - shortNames: - - gcpaccesscontextmanagerserviceperimeter - - gcpaccesscontextmanagerserviceperimeters - singular: accesscontextmanagerserviceperimeter - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - accessPolicyRef: - description: |- - The AccessContextManagerAccessPolicy this - AccessContextManagerServicePerimeter lives in. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an AccessContextManagerAccessPolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: |- - Description of the ServicePerimeter and its use. Does not affect - behavior. - type: string - perimeterType: - description: |- - Specifies the type of the Perimeter. There are two types: regular and - bridge. Regular Service Perimeter contains resources, access levels, - and restricted services. Every resource can be in at most - ONE regular Service Perimeter. - - In addition to being in a regular service perimeter, a resource can also - be in zero or more perimeter bridges. A perimeter bridge only contains - resources. Cross project operations are permitted if all effected - resources share some perimeter (whether bridge or regular). Perimeter - Bridge does not contain access levels or services: those are governed - entirely by the regular perimeter that resource is in. - - Perimeter Bridges are typically useful when building more complex - topologies with many independent perimeters that need to share some data - with a common perimeter, but should not be able to share data among - themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"] - type: string - spec: - description: |- - Proposed (or dry run) ServicePerimeter configuration. - This configuration allows to specify and test ServicePerimeter configuration - without enforcing actual access restrictions. Only allowed to be set when - the 'useExplicitDryRunSpec' flag is set. - properties: - accessLevels: - items: - description: "(Optional) A list of AccessLevel resource names - that allow resources within \nthe ServicePerimeter to be accessed - from the internet. AccessLevels listed \nmust be in the same - policy as this ServicePerimeter. \nReferencing a nonexistent - AccessLevel is a syntax error. If no \nAccessLevel names are - listed, resources within the perimeter can \nonly be accessed - via GCP calls with request origins within the \nperimeter. For - Service Perimeter Bridge, must be empty. \nFormat:- accessPolicies/{policy_id}/accessLevels/{access_level_name}" - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an AccessContextManagerAccessLevel. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - resources: - items: - description: "(Optional) A list of GCP resources that are inside - of the service perimeter. \nCurrently only projects are allowed. - Format: projects/{project_number}" - properties: - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The number of a Project. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - restrictedServices: - description: |- - GCP services that are subject to the Service Perimeter - restrictions. Must contain a list of services. For example, if - 'storage.googleapis.com' is specified, access to the storage - buckets inside the perimeter must meet the perimeter's access - restrictions. - items: - type: string - type: array - vpcAccessibleServices: - description: |- - Specifies how APIs are allowed to communicate within the Service - Perimeter. - properties: - allowedServices: - description: |- - The list of APIs usable within the Service Perimeter. - Must be empty unless 'enableRestriction' is True. - items: - type: string - type: array - enableRestriction: - description: |- - Whether to restrict API calls within the Service Perimeter to the - list of APIs specified in 'allowedServices'. - type: boolean - type: object - type: object - status: - description: |- - ServicePerimeter configuration. Specifies sets of resources, - restricted services and access levels that determine - perimeter content and boundaries. - properties: - accessLevels: - items: - description: "(Optional) A list of AccessLevel resource names - that allow resources within \nthe ServicePerimeter to be accessed - from the internet. AccessLevels listed \nmust be in the same - policy as this ServicePerimeter. \nReferencing a nonexistent - AccessLevel is a syntax error. If no \nAccessLevel names are - listed, resources within the perimeter can \nonly be accessed - via GCP calls with request origins within the \nperimeter. For - Service Perimeter Bridge, must be empty. \nFormat:- accessPolicies/{policy_id}/accessLevels/{access_level_name}" - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an AccessContextManagerAccessLevel. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - resources: - items: - description: "(Optional) A list of GCP resources that are inside - of the service perimeter. \nCurrently only projects are allowed. - Format: projects/{project_number}" - properties: - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a Project. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - restrictedServices: - description: |- - GCP services that are subject to the Service Perimeter - restrictions. Must contain a list of services. For example, if - 'storage.googleapis.com' is specified, access to the storage - buckets inside the perimeter must meet the perimeter's access - restrictions. - items: - type: string - type: array - vpcAccessibleServices: - description: |- - Specifies how APIs are allowed to communicate within the Service - Perimeter. - properties: - allowedServices: - description: |- - The list of APIs usable within the Service Perimeter. - Must be empty unless 'enableRestriction' is True. - items: - type: string - type: array - enableRestriction: - description: |- - Whether to restrict API calls within the Service Perimeter to the - list of APIs specified in 'allowedServices'. - type: boolean - type: object - type: object - title: - description: Human readable title. Must be unique within the Policy. - type: string - useExplicitDryRunSpec: - description: |- - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists - for all Service Perimeters, and that spec is identical to the status for those - Service Perimeters. When this flag is set, it inhibits the generation of the - implicit spec, thereby allowing the user to explicitly provide a - configuration ("spec") to use in a dry-run version of the Service Perimeter. - This allows the user to test changes to the enforced config ("status") without - actually enforcing them. This testing is done through analyzing the differences - between currently enforced and suggested restrictions. useExplicitDryRunSpec must - bet set to True if any of the fields in the spec are set to non-default values. - type: boolean - required: - - accessPolicyRef - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time the AccessPolicy was created in UTC. - type: string - updateTime: - description: Time the AccessPolicy was updated in UTC. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com -spec: - group: artifactregistry.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories - shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: The user-provided description of the repository. - type: string - format: - description: 'The format of packages that are stored in the repoitory. - Possible values: ["DOCKER"]' - type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: The name of the location this repository is located in. - type: string - required: - - format - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: The time when the repository was created. - type: string - name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1" - type: string - updateTime: - description: The time when the repository was last updated. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryDataset - plural: bigquerydatasets - shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - access: - description: An array of objects that define dataset access for one - or more entities. - items: - properties: - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. - type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com - type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. - type: string - required: - - datasetId - - projectId - - tableId - type: object - type: object - type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. - type: integer - description: - description: A user-friendly description of the dataset - type: string - friendlyName: - description: A descriptive name for the dataset - type: string - location: - description: |- - The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - Possible regional values include: 'asia-east1', 'asia-northeast1', - 'asia-southeast1', 'australia-southeast1', 'europe-north1', - 'europe-west2' and 'us-east4'. - - - Possible multi-regional values: 'EU' and 'US'. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryJob - plural: bigqueryjobs - shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - copy: - description: Copies a table. - properties: - createDisposition: - description: |- - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"] - type: string - destinationEncryptionConfiguration: - description: Custom encryption configuration (e.g., Cloud KMS keys) - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - destinationTable: - description: The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"] - type: string - required: - - sourceTables - type: object - extract: - description: Configures an extract job. - properties: - compression: - description: |- - The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. - type: string - destinationUris: - description: A list of fully-qualified Google Cloud Storage URIs - where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ',' - type: string - printHeader: - description: Whether to print out a header row in the results. Default - is true. - type: boolean - sourceTable: - description: A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Whether to use logical types when extracting to AVRO - format. - type: boolean - required: - - destinationUris - type: object - jobTimeoutMs: - description: Job timeout in milliseconds. If this time limit is exceeded, - BigQuery may attempt to terminate the job. - type: string - load: - description: Configures a load job. - properties: - allowJaggedRows: - description: |- - Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Indicates if we should automatically infer the options - and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"] - type: string - destinationEncryptionConfiguration: - description: Custom encryption configuration (e.g., Cloud KMS keys) - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - destinationTable: - description: The destination table to load the data into. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - encoding: - description: |- - The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names - type: boolean - maxBadRecords: - description: |- - The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". The default value is CSV. - type: string - sourceUris: - description: |- - The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Time-based partitioning specification for the destination - table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. A wrapper is used here because 0 is an invalid - value. - type: string - field: - description: |- - If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. - type: string - required: - - type - type: object - writeDisposition: - description: |- - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"] - type: string - required: - - destinationTable - - sourceUris - type: object - location: - description: The geographic location of the job. The default value is - US. - type: string - query: - description: Configures a query job. - properties: - allowLargeResults: - description: |- - If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"] - type: string - defaultDataset: - description: Specifies the default dataset to use for unqualified - table names in the query. Note that this does not alter behavior - of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryDataset. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Custom encryption configuration (e.g., Cloud KMS keys) - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a BigQueryTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Standard SQL only. Set to POSITIONAL to use positional - (?) query parameters or to NAMED to use named (@myparam) query - parameters in this query. - type: string - priority: - description: 'Specifies a priority for the query. Default value: - "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"]' - type: string - query: - description: |- - SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"] - type: string - statementByteBudget: - description: Limit on the number of bytes billed per statement. - Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Timeout period for each statement in a script. - type: string - type: object - useLegacySql: - description: |- - Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Describes user-defined function resources used in the - query. - items: - properties: - inlineCode: - description: |- - An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: A code resource to load from a Google Cloud Storage - URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"] - type: string - required: - - query - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - jobType: - description: The type of the job. - type: string - userEmail: - description: Email address of the user who ran the job. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryTable - plural: bigquerytables - shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - clustering: - description: Specifies column names to use for data clustering. Up to - four top-level columns are allowed, and should be specified in descending - priority order. - items: - type: string - type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigQueryDataset. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. - type: string - encryptionConfiguration: - description: Specifies how the table should be encrypted. If left blank, - the table will be encrypted with a Google-managed key; that process - is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. Expired - tables will be deleted and their storage reclaimed. - type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - csvOptions: - description: Additional properties to set if source_format is set - to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that are - missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. The - default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20"' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting hive - partitioning on an unsupported format will lead to an error, as - will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - sourceUriPrefix: - description: When hive partition detection is requested, a common - for all source uris must be required. The prefix must end - immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra values - are ignored. If false, records with extra columns are treated - as bad records, and if there are too many bad records, an invalid - error is returned in the job result. The default value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - schema: - description: A JSON schema for the external table. Schema is required - for CSV and JSON formats and is disallowed for Google Cloud Bigtable, - Cloud Datastore backups, and Avro formats when using external - tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", and "DATSTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to your - data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. - type: string - materializedView: - description: If specified, configures this table as a materialized view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000 - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for this - table. - properties: - field: - description: The field used to determine how to create a range-based - partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for this - table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: The field used to determine how to create a time-based - partition. If time-based partitioning is enabled without this - value, the table is partitioned based on the load time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a partition - filter that can be used for partition elimination to be specified. - type: boolean - type: - description: The supported types are DAY and HOUR, which will generate - one partition per day or hour based on data loading time. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL - type: boolean - required: - - query - type: object - required: - - datasetRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - description: The time when this table was created, in milliseconds since - the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This value - is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This value - is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered "long-term - storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles - shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigtableInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: The unique name of the requested app profile. Values are - of the form 'projects//instances//appProfiles/'. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies - shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - columnFamily: - description: The name of the column family. - type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigtableInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: GC policy that applies to all cells older than the given - age. - items: - properties: - days: - description: Number of days before applying GC policy. - type: integer - required: - - days - type: object - type: array - maxVersion: - description: GC policy that applies to all versions of a cell except - for the most recent. - items: - properties: - number: - description: Number of version before applying the GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: If multiple policies are set, you should choose between - UNION OR INTERSECTION. - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigtableTable. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - columnFamily - - instanceRef - - tableRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableInstance - plural: bigtableinstances - shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - cluster: - description: A block of cluster configuration options. This can be specified - at least once, and up to 4 times. - items: - properties: - clusterId: - description: The ID of the Cloud Bigtable cluster. - type: string - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - For PRODUCTION instances where the numNodes will be managed - by Config Connector, this field is required with a minimum of - 1. For a DEVELOPMENT instance or for an existing instance where - the numNodes is managed outside of Config Connector, this field - must be left unset. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". Defaults - to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object - type: array - deletionProtection: - description: DEPRECATED — This field no longer serves any function and - is intended to be dropped in a later version of the resource. - type: boolean - displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. - type: string - instanceType: - description: DEPRECATED — It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be converted - to "PRODUCTION" instances. It is recommended for users to use "PRODUCTION" - instances in any case, since a 1-node "PRODUCTION" instance is functionally - identical to a "DEVELOPMENT" instance, but without the accompanying - restrictions. The instance type to create. One of "DEVELOPMENT" or - "PRODUCTION". Defaults to "PRODUCTION". - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableTable - plural: bigtabletables - shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigtableInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - splitKeys: - items: - type: string - type: array - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com -spec: - group: cloudbuild.cnrm.cloud.google.com - names: - categories: - - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers - shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - build: - description: Contents of the build template. Either a filename or build - template must be provided. - properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: - type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. - type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. - items: - type: string - type: array - logsBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The url of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"]' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "NONE"]' - type: string - machineType: - description: 'Compute Engine machine type on which to run the - build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32"]' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"]' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"]' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"] - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} - - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the build - is enqueued longer than this value, \nthe build will expire and - the build status will be EXPIRED.\nThe TTL starts ticking from - createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." - type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. - items: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object - required: - - kmsKeyRef - type: object - type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax" - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one a - of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, in - which to run the build.\nThis must be a relative path. - If a step's dir is specified and is an absolute path, - \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting the - build is assumed." - type: string - repoRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SourceRepoRepository. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax" - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in Google - Cloud Storage. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the object. - \nIf the generation is omitted, the latest generation - will be used" - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: |- - The name of the container image that will run this particular build step. - - If the image is available in the host's Docker daemon's cache, it will be - run directly. If not, the host will attempt to pull the image first, using - the builder service account's credentials if necessary. - - The Docker daemon's cache will already have the latest versions of all of - the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). - The Docker daemon will also have cached many of the layers for some popular - images, like "ubuntu", "debian", but they will be refreshed at the time - you attempt to use them. - - If you built an image in a previous build step, it will be stored in the - host's Docker daemon's cache and is available to use as the name for a - later build step. - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step - type: object - description: - description: Human-readable description of the trigger. - type: string - disabled: - description: Whether the trigger is disabled or not. If true, the trigger - will never result in a build. - type: boolean - filename: - description: Path, from the source root, to a file whose contents is - used for the template. Either a filename or build template must be - provided. - type: string - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template' or 'github' must be provided. - properties: - name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". - type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"]' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or tags. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. Specify only one of - branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of branch - or tag. - type: string - type: object - type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. - items: - type: string - type: array - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template' or 'github' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SourceRepoRepository. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time when the trigger was created. - type: string - triggerId: - description: The unique identifier for the trigger. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeAddress - plural: computeaddresses - shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - address: - description: |- - The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. - type: string - addressType: - description: 'The type of address to reserve. Default value: "EXTERNAL" - Possible values: ["INTERNAL", "EXTERNAL"]' - type: string - description: - description: An optional description of this resource. - type: string - ipVersion: - description: 'The IP Version that will be used by this address. The - default value is ''IPV4''. Possible values: ["IPV4", "IPV6"]' - type: string - location: - description: 'Location represents the geographical location of the ComputeAddress. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkRef: - description: |- - The network in which to reserve the IP range. The IP range must be - in the RFC1918 space. The network cannot be deleted if there are - any reserved IP ranges referring to it. - - This should only be set when using an Internal address. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"] - type: string - prefixLength: - description: |- - The prefix length of the IP range. If not present, it means the - address field is a single IP address. - - This field is not applicable to addresses with addressType=EXTERNAL. - type: integer - purpose: - description: |- - The purpose of this resource, which can be one of the following values: - - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. - - SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers - This should only be set when using an Internal address. Possible values: ["GCE_ENDPOINT", "SHARED_LOADBALANCER_VIP"] - type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets - shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - description: Reference to the bucket. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. - properties: - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer - required: - - signedUrlCacheMaxAgeSec - type: object - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean - required: - - bucketRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendService - plural: computebackendservices - shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"] - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstanceGroup. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetworkEndpointGroup. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. The default is 0.8. Valid - range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. - properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - type: object - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer - type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer - type: object - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. - properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. - type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer - type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: - items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef - properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeHealthCheck. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeHTTPHealthCheck. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy - properties: - oauth2ClientId: - description: OAuth2 Client ID for IAP - type: string - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP - type: string - required: - - oauth2ClientId - - oauth2ClientSecret - type: object - loadBalancingScheme: - description: |- - Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"] - type: string - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are - - - ROUND_ROBIN - This is a simple policy in which each healthy backend - is selected in round robin order. - - LEAST_REQUEST - An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - RING_HASH - The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - RANDOM - The load balancer selects a random healthy host. - - ORIGINAL_DESTINATION - Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - MAGLEV - used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - This field is applicable only when the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"] - type: string - location: - description: 'Location represents the geographical location of the ComputeBackendService. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: - description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer - type: object - portName: - description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. - type: string - protocol: - description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"] - type: string - securityPolicyRef: - description: The security policy associated with this backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSecurityPolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sessionAffinity: - description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"] - type: string - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeDisk - plural: computedisks - shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of - the disk. - - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeImage. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeDisk. - Specify a region name or a zone name. Reference: GCP definition of - regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - physicalBlockSizeBytes: - description: |- - Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - replicaZones: - description: URLs of the zones where the disk should be replicated to. - items: - type: string - type: array - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeResourcePolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSnapshot. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. - type: string - selfLink: - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways - shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - interface: - description: A list of interfaces on this external VPN gateway. - items: - properties: - id: - description: |- - The numberic ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY' - type: integer - ipAddress: - description: |- - IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Indicates the redundancy type of this external VPN gateway - Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"]' - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewall - plural: computefirewalls - shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - destinationRanges: - description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: - description: |- - Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - sourceRanges OR sourceTags. Possible values: ["INGRESS", "EGRESS"] - type: string - disabled: - description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED — Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. - type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude metadata - for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA"]' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer - sourceRanges: - description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. - items: - type: string - type: array - sourceServiceAccounts: - items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. - items: - type: string - type: array - targetServiceAccounts: - items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetTags: - description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. - items: - type: string - type: array - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules - shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allPorts: - description: |- - For internal TCP/UDP load balancing (i.e. load balancing scheme is - INTERNAL and protocol is TCP/UDP), set this to true to allow packets - addressed to any ports to be forwarded to the backends configured - with this forwarding rule. Used with backend service. Cannot be set - if port or portRange are set. - type: boolean - allowGlobalAccess: - description: |- - If true, clients can access ILB from all regions. - Otherwise only allows from the local region the ILB is located at. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip - properties: - addressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The address of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ip: - type: string - type: object - ipProtocol: - description: |- - The IP protocol to which this rule applies. - - When the load balancing scheme is INTERNAL, only TCP and UDP are - valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"] - type: string - ipVersion: - description: 'The IP Version that will be used by this global forwarding - rule. Possible values: ["IPV4", "IPV6"]' - type: string - isMirroringCollector: - description: |- - Indicates whether or not this load balancer can be used - as a collector for packet mirroring. To prevent mirroring loops, - instances behind this load balancer will not have their traffic - mirrored even if a PacketMirroring rule applies to them. This - can only be set to true for load balancers that have their - loadBalancingScheme set to INTERNAL. - type: boolean - loadBalancingScheme: - description: |- - This signifies what the ForwardingRule will be used for and can be - EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic - Cloud VPN gateways, protocol forwarding to VMs from an external IP address, - and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. - INTERNAL is used for protocol forwarding to VMs from an internal IP address, - and internal TCP/UDP load balancers. - INTERNAL_MANAGED is used for internal HTTP(S) load balancers. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL", "INTERNAL_MANAGED"] - type: string - location: - description: 'Location represents the geographical location of the ComputeForwardingRule. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing - configuration to a limited set xDS compliant clients. In their xDS - requests to Loadbalancer, xDS clients present node metadata. If a - match takes place, the relevant routing configuration is made available - to those proxies. - - For each metadataFilter in this list, if its filterMatchCriteria is set - to MATCH_ANY, at least one of the filterLabels must match the - corresponding label provided in the metadata. If its filterMatchCriteria - is set to MATCH_ALL, then all of its filterLabels must match with - corresponding labels in the provided metadata. - - metadataFilters specified here can be overridden by those specified in - the UrlMap that this ForwardingRule references. - - metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the - provided metadata based on filterMatchCriteria - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Name of the metadata label. The length must be between - 1 and 1024 characters, inclusive. - type: string - value: - description: |- - The value that the label must match. The value has a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of - filterLabels contribute towards the overall metadataFilter match. - - MATCH_ANY - At least one of the filterLabels must have a matching - label in the provided metadata. - MATCH_ALL - All filterLabels must have matching labels in the - provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"] - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"] - type: string - portRange: - description: |- - This field is used along with the target field for TargetHttpProxy, - TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, - TargetPool, TargetInstance. - - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets - addressed to ports in the specified range will be forwarded to target. - Forwarding rules with the same [IPAddress, IPProtocol] pair must have - disjoint port ranges. - - Some types of forwarding target have constraints on the acceptable - ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetVpnGateway: 500, 4500 - type: string - ports: - description: |- - This field is used along with the backend_service field for internal - load balancing. - - When the load balancing scheme is INTERNAL, a single port or a comma - separated list of ports can be configured. Only packets addressed to - these ports will be forwarded to the backends configured with this - forwarding rule. - - You may specify a maximum of up to 5 ports. - items: - type: string - type: array - serviceLabel: - description: |- - An optional prefix to the service name for this Forwarding Rule. - If specified, will be the first label of the fully qualified service - name. - - The label must be 1-63 characters long, and comply with RFC1035. - Specifically, the label must be 1-63 characters long and match the - regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first - character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - This field is only used for INTERNAL load balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetHTTPProxy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetHTTPSProxy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetSSLProxy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetTCPProxy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetVPNGateway. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - serviceName: - description: |- - The internal fully qualified service name for this Forwarding Rule. - This field is only used for INTERNAL load balancing. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHealthCheck - plural: computehealthchecks - shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - grpcHealthCheck: - description: A nested object resource - properties: - grpcServiceName: - description: "The gRPC service name for the health check. \nThe - value of grpcServiceName has the following meanings by convention:\n - \ - Empty serviceName means the overall status of all services - at the backend.\n - Non-empty serviceName means the health of - that gRPC service, as defined by the owner of the service.\nThe - grpcServiceName can only be ASCII." - type: string - port: - description: "The port number for the health check request. \nMust - be specified if portName and portSpecification are not set \nor - if port_specification is USE_FIXED_PORT. Valid values are 1 through - 65535." - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - type: object - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeHealthCheck. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object - sslHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks - shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks - shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeImage - plural: computeimages - shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeDisk. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Size of the image when restored onto a persistent disk - (in GB). - type: integer - family: - description: |- - The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - A list of features to enable on the guest operating system. - Applicable only for bootable images. - items: - properties: - type: - description: 'The type of supported feature. Read [Enabling guest - operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS"]' - type: string - required: - - type - type: object - type: array - licenses: - description: Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: The parameters of the raw disk image. - properties: - containerType: - description: |- - The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"] - type: string - sha1: - description: |- - An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeImage. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSnapshot. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - status: - properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups - shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional textual description of the instance group. - type: string - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - namedPort: - description: The named port configuration. - items: - properties: - name: - description: The name which the port will be mapped to. - type: string - port: - description: The port number to map the name to. - type: integer - required: - - name - - port - type: object - type: array - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - description: The zone that this instance group should be created in. - type: string - required: - - zone - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - description: The URI of the created resource. - type: string - size: - description: The number of instances in the group. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstance - plural: computeinstances - shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone - properties: - attachedDisk: - description: List of disks attached to the instance - items: - properties: - deviceName: - description: Name with which the attached disk is accessible under - /dev/disk/by-id/ - type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeDisk. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: The boot disk for the instance. - properties: - autoDelete: - description: Whether the disk will be auto-deleted when the instance - is deleted. - type: boolean - deviceName: - description: Name with which attached disk will be accessible under - /dev/disk/by-id/ - type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - initializeParams: - description: Parameters with which a disk was created alongside - the instance. - properties: - labels: - description: A set of key/value label pairs assigned to the - disk. - type: object - size: - description: The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeImage. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: The Google Compute Engine disk type. One of pd-standard, - pd-ssd or pd-balanced. - type: string - type: object - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" or - "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeDisk. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: The Confidential VM config being used by the instance. on_host_maintenance - has to be set to TERMINATE or this will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: List of the type and count of accelerator cards attached - to the instance. - items: - properties: - count: - description: The number of the guest accelerator cards exposed - to this instance. - type: integer - type: - description: The accelerator type resource exposed to this instance. - E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object - type: array - hostname: - description: A custom hostname for the instance. Must be a fully qualified - DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 - characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), - concatenated with periods. The entire hostname must not exceed 253 - characters. Changing this forces a new resource to be created. - type: string - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstanceTemplate. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: The machine type to create. - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - description: Metadata startup scripts made available within the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: The networks attached to the instance. - items: - properties: - accessConfig: - description: Access configurations, i.e. IPs via which this instance - can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The address of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring this - instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - name: - description: The name of the interface - type: string - networkIp: - description: The private IP address assigned to the instance. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - description: The project in which the subnetwork belongs. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeResourcePolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: The scheduling strategy being used by the instance. - properties: - automaticRestart: - description: Specifies if the instance should be restarted if it - was terminated by Compute Engine (not a user). - type: boolean - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. One - of MIGRATE or TERMINATE, - type: string - preemptible: - description: Whether the instance is preemptible. - type: boolean - type: object - scratchDisk: - description: The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. - properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. - properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean - type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: The zone of the instance. If self_link is provided, this - value is ignored. If neither self_link nor zone are provided, the - provider zone is used. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. - type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. - type: string - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates - shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - canIpForward: - description: Whether to allow sending and receiving of packets with - non-matching source or destination IPs. This defaults to false. - type: boolean - confidentialInstanceConfig: - description: The Confidential VM config being used by the instance. - on_host_maintenance has to be set to TERMINATE or this will fail to - create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - description: - description: A brief description of this resource. - type: string - disk: - description: Disks to attach to instances created from this template. - This can be specified multiple times for multiple disks. - items: - properties: - autoDelete: - description: Whether or not the disk should be auto-deleted. This - defaults to true. - type: boolean - boot: - description: Indicates that this is a boot disk. - type: boolean - deviceName: - description: A unique device name that is reflected into the /dev/ - tree of a Linux operating system running within the instance. - If not specified, the server chooses a default device name to - apply to this disk. - type: string - diskEncryptionKey: - description: Encrypts or decrypts a disk using a customer-supplied - encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Name of the disk. When not provided, this defaults - to the name of the instance. - type: string - diskSizeGb: - description: The size of the image in gigabytes. If not specified, - it will inherit the size of its base image. For SCRATCH disks, - the size must be exactly 375GB. - type: integer - diskType: - description: The Google Compute Engine disk type. Can be either - "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". - type: string - interface: - description: Specifies the disk interface to use for attaching - this disk. - type: string - labels: - additionalProperties: - type: string - description: A set of key/value label pairs to assign to disks, - type: object - mode: - description: The mode in which to attach this disk, either READ_WRITE - or READ_ONLY. If you are attaching or creating a boot disk, - this must read-write mode. - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeDisk. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeImage. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: The type of Google Compute Engine disk, can be either - "SCRATCH" or "PERSISTENT". - type: string - type: object - type: array - enableDisplay: - description: 'Enable Virtual Displays on this instance. Note: allow_stopping_for_update - must be set to true in order to update this field.' - type: boolean - guestAccelerator: - description: List of the type and count of accelerator cards attached - to the instance. - items: - properties: - count: - description: The number of the guest accelerator cards exposed - to this instance. - type: integer - type: - description: The accelerator type resource to expose to this instance. - E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object - type: array - instanceDescription: - description: A description of the instance. - type: string - machineType: - description: The machine type to create. To create a machine with a - custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB - like custom-6-20480 for 6 vCPU and 20GB of RAM. - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - description: An alternative to using the startup-script metadata key, - mostly to match the compute_instance resource. This replaces the startup-script - metadata key on the created instance and thus the two mechanisms are - not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Specifies a minimum CPU platform. Applicable values are - the friendly names of CPU platforms, such as Intel Haswell or Intel - Skylake. - type: string - namePrefix: - description: Creates a unique name beginning with the specified prefix. - Conflicts with name. - type: string - networkInterface: - description: Networks to attach to instances created from this template. - This can be specified multiple times for multiple networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The address of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'The networking tier used for configuring this - instance template. This field can take the following values: - PREMIUM or STANDARD. If this field is not specified, it - is assumed to be PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - Can only be specified for network interfaces on subnet-mode - networks. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. This IP CIDR range must belong to the specified - subnetwork and cannot contain IP addresses reserved by - system or used by other network interfaces. At the time - of writing only a netmask (e.g. /24) may be supplied, - with a CIDR format resulting in an API error. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. If left unspecified, the - primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - name: - description: The name of the network_interface. - type: string - networkIp: - description: The private IP address to assign to the instance. - If empty, the address will be automatically assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - description: The ID of the project in which the subnetwork belongs. - If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - region: - description: An instance template is a global resource that is not bound - to a zone or a region. However, you can still specify some regional - resources in an instance template, which restricts the template to - the region where that resource resides. For example, a custom subnetwork - resource is tied to a specific region. Defaults to the region of the - Provider if no value is given. - type: string - scheduling: - description: The scheduling strategy to use. - properties: - automaticRestart: - description: Specifies whether the instance should be automatically - restarted if it is terminated by Compute Engine (not terminated - by a user). This defaults to true. - type: boolean - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - description: Defines the maintenance behavior for this instance. - type: string - preemptible: - description: Allows instance to be preempted. This defaults to false. - type: boolean - type: object - serviceAccount: - description: Service account to attach to the instance. - properties: - scopes: - description: A list of service scopes. Both OAuth2 URLs and gcloud - short names are supported. To allow full access to all Cloud APIs, - use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Enable Shielded VM on this instance. Shielded VM provides - verifiable integrity to prevent against malware and rootkits. Defaults - to disabled. Note: shielded_instance_config can only be used with - boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Compare the most recent boot measurements to the integrity - policy baseline and return a pair of pass/fail results depending - on whether they match or not. Defaults to true. - type: boolean - enableSecureBoot: - description: Verify the digital signature of all boot components, - and halt the boot process if signature verification fails. Defaults - to false. - type: boolean - enableVtpm: - description: Use a virtualized trusted platform module, which is - a specialized computer chip you can use to encrypt objects like - keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. - type: string - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments - shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"] - type: string - candidateSubnets: - description: |- - Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - interconnect: - description: |- - URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeRouter. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: |- - The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"] - type: string - vlanTag8021q: - description: |- - The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain" - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. - properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the ComputeNetworkEndpointGroup. - Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: 'Type of network endpoints in this network endpoint group. - Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP_PORT"]' - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - description: Optional subnetwork to which all network endpoints in the - NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: State for the peering, either ACTIVE or INACTIVE. The peering - is ACTIVE when there's a matching configuration in the peer network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetwork - plural: computenetworks - shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoCreateSubnetworks: - description: |- - When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: - type: boolean - description: - description: |- - An optional description of this resource. The resource must be - recreated to modify this field. - type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"] - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeGroup - plural: computenodegroups - shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoscalingPolicy: - description: |- - If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. - properties: - maxNodes: - description: |- - Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: - description: |- - The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"] - type: string - type: object - description: - description: An optional textual description of the resource. - type: string - nodeTemplateRef: - description: The node template to which this node group belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNodeTemplate. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - size: - description: The total number of nodes in the node group. - type: integer - zone: - description: Zone where this node group is located - type: string - required: - - nodeTemplateRef - - size - - zone - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates - shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - cpuOvercommitType: - description: 'CPU overcommit. Default value: "NONE" Possible values: - ["ENABLED", "NONE"]' - type: string - description: - description: An optional textual description of the resource. - type: string - nodeType: - description: |- - Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. - type: string - nodeTypeFlexibility: - description: |- - Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. - properties: - cpus: - description: Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD - type: string - memory: - description: Physical memory available to the node, defined in MB. - type: string - type: object - region: - description: |- - Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - serverBinding: - description: |- - The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. - - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"] - type: string - required: - - type - type: object - required: - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: The instance properties for the reservation. - properties: - guestAccelerators: - description: Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: The size of the disk in base-2 GB. - type: integer - interface: - description: 'The disk interface to use for attaching - this disk. Default value: "SCSI" Possible values: ["SCSI", - "NVME"]' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - status: - description: The status of the reservation. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies - shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - groupPlacementPolicy: - description: Policy for creating snapshots of persistent disks. - properties: - availabilityDomainCount: - description: |- - The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network - type: integer - collocation: - description: |- - Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"] - type: string - vmCount: - description: Number of vms in this placement group. - type: integer - type: object - region: - description: Region where resource policy resides. - type: string - snapshotSchedulePolicy: - description: Policy for creating snapshots of persistent disks. - properties: - retentionPolicy: - description: Retention policy applied to snapshots created by this - resource policy. - properties: - maxRetentionDays: - description: Maximum age of the snapshot that is allowed to - be kept. - type: integer - onSourceDiskDelete: - description: |- - Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"] - type: string - required: - - maxRetentionDays - type: object - schedule: - description: Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: The policy will execute every nth day at the specified - time. - properties: - daysInCycle: - description: The number of days between snapshots. - type: integer - startTime: - description: |- - This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. - type: string - required: - - daysInCycle - - startTime - type: object - hourlySchedule: - description: The policy will execute every nth hour starting - at the specified time. - properties: - hoursInCycle: - description: The number of hours between snapshots. - type: integer - startTime: - description: |- - Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00 - type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Allows specifying a snapshot time for each day - of the week. - properties: - dayOfWeeks: - description: May contain up to seven (one for each day of - the week) snapshot times. - items: - properties: - day: - description: 'The day of the week to create the snapshot. - e.g. MONDAY Possible values: ["MONDAY", "TUESDAY", - "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]' - type: string - startTime: - description: |- - Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks - type: object - type: object - snapshotProperties: - description: Properties with which the snapshots are created, such - as labels. - properties: - guestFlush: - description: Whether to perform a 'guest aware' snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: A set of key-value pairs. - type: object - storageLocations: - description: |- - Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional) - items: - type: string - type: array - type: object - required: - - schedule - type: object - required: - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces - shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - interconnectAttachmentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeInterconnectAttachment. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ipRange: - description: IP address and range of the interface. The IP range must - be in the RFC3927 link-local IP space. Changing this forces a new - interface to be created. - type: string - region: - description: The region this interface's router sits in. If not specified, - the project region will be used. Changing this forces a new interface - to be created. - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeRouter. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnTunnelRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeVPNTunnel. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterNAT - plural: computerouternats - shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this NAT. - Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"]' - type: string - required: - - enable - - filter - type: object - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"] - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Region where the router and NAT reside. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeRouter. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"] - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS' - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object - type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to 30s - if not set. - type: integer - required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterPeer - plural: computerouterpeers - shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"] - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - routerInterfaceRef: - description: The interface the BGP peer is associated with. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeRouterInterface. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeRouter. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - type: string - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouter - plural: computerouters - shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bgp: - description: BGP information specific to this router. - properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: ["DEFAULT", - "CUSTOM"]' - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. - type: integer - required: - - asn - type: object - description: - description: An optional description of this resource. - type: string - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Region where the router resides. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: - description: |- - The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopGateway: - description: |- - URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: - description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeForwardingRule. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopIp: - description: Network IP address of an instance that should handle matching - packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeVPNTunnel. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - tags: - description: A list of instance tags to which this route applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this security policy. Max size - is 2048. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, a - default rule with action "allow" will be added. - items: - properties: - action: - description: 'Action to take when match matches the request. Valid - values: "allow" : allow access to target, "deny(status)" : - deny access to target, returns the HTTP response code specified - (valid values are 403, 404 and 502)' - type: string - description: - description: An optional description of this rule. Max size is - 64. - type: string - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action is - enforced. - properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr is - not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or IPV6) - in CIDR notation to match against inbound traffic. There - is a limit of 10 IP ranges per rule. A value of '*' - matches all IPs (can be used to override the default - behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression in - Common Expression Language syntax. The application context - of the containing message determines which well-known - feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field is - specified, config must also be specified. Available options: SRC_IPS_V1: - Must specify the corresponding src_ip_ranges field in config.' - type: string - type: object - preview: - description: When set to true, the action specified above is not - enforced. Stackdriver logs for requests that trigger a preview - action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest priority - (lowest numerically) to lowest priority (highest numerically) - in order. - type: integer - required: - - action - - match - - priority - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - fingerprint: - description: Fingerprint of this resource. - type: string - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects - shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects - shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a Project. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSnapshot - plural: computesnapshots - shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - snapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the snapshot. Required if the - source snapshot is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: The encryption key that is stored in Google Cloud KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeDisk. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - storageLocations: - description: Cloud Storage bucket storage location of the snapshot (regional - or multi-regional). - items: - type: string - type: array - zone: - description: A reference to the zone where the disk is hosted. - type: string - required: - - sourceDiskRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array - selfLink: - type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - sourceDiskLink: - type: string - storageBytes: - description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates - shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - certificate: - description: |- - The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeSSLCertificate. - Specify "global" for global resources. - type: string - privateKey: - description: The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - certificate - - location - - privateKey - type: object - status: - properties: - certificateId: - description: The unique identifier for the resource. - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies - shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"] - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"] - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSubnetwork - plural: computesubnetworks - shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER' - properties: - aggregationInterval: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"] - type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"] - type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array - type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - purpose: - description: |- - The purpose of the resource. This field can be either PRIVATE - or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. If unspecified, the - purpose defaults to PRIVATE. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. Possible values: ["INTERNAL_HTTPS_LOAD_BALANCER", "PRIVATE"] - type: string - region: - description: The GCP region for this subnetwork. - type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"] - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - required: - - ipCidrRange - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: DEPRECATED — This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies - shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPProxy. - Specify "global" for global resources. - type: string - urlMapRef: - description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeURLMap. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies - shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPSProxy. - Specify "global" for global resources. - type: string - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"] - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSSLCertificate. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSSLPolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMapRef: - description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeURLMap. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - sslCertificates - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetInstance - plural: computetargetinstances - shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - instanceRef: - description: The ComputeInstance handling traffic for this target instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - natPolicy: - description: |- - NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"] - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - description: URL of the zone where the target instance resides. - type: string - required: - - instanceRef - - zone - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetPool - plural: computetargetpools - shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backupTargetPoolRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetPool. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Textual description field. - type: string - failoverRatio: - description: Ratio (0 to 1) of failed nodes before using the backup - pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeHTTPHealthCheck. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Where the target pool resides. Defaults to project region. - type: string - sessionAffinity: - description: How to distribute load. Options are "NONE" (no affinity). - "CLIENT_IP" (hash of the source/dest addresses / ports), and "CLIENT_IP_PROTO" - also includes the protocol (default "NONE"). - type: string - required: - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - description: The URI of the created resource. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies - shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSSLCertificate. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSSLPolicy. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - - sslCertificates - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies - shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"] - type: string - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways - shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - gatewayId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeURLMap - plural: computeurlmaps - shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions - like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. - If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService - is set, defaultRouteAction cannot contain any weightedBackendServices. - - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the CORS - policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. - properties: - abort: - description: The specification for how client requests are aborted - as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are delayed - as part of fault injection, before being sent to a backend - service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, prior to - forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request prior - to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000 - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The backend service or backend bucket to use when none of the given - rules match. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. The default is set to false. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the response - back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - hostRule: - description: The list of HostRules to use against the URL. - items: - properties: - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid hostnames, except * will - match any string of ([a-z0-9-.]*). In that case, * must be the first character - and must be followed in the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of the URL if the - hostRule matches the URL's host portion. - type: string - required: - - hosts - - pathMatcher - type: object - type: array - location: - description: Location represents the geographical location of the ComputeURLMap. - Specify "global" for global resources. - type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. - properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated with this - route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, prior - to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000 - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The backend service or backend bucket to use when none of the given - paths match. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - name: - description: The name to which this PathMatcher is referred by - the HostRule. - type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: - properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - * is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per retry - attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service or backend bucket to use if any of the given - paths match. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is - removed prior to redirecting the request. If set to false, the query - portion of the original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths - type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satifying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - -3 will match. - 0 will - not match. - 0.25 will not match. - -3someString will not match. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regualar expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the provided metadata - based on filterMatchCriteria This list must not be empty and can have at the - most 64 entries. - items: - properties: - name: - description: |- - Name of metadata label. The name can have a maximum length of 1024 characters - and must be at least 1 character long. - type: string - value: - description: |- - The value of the label must match the specified value. value can have a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of filterLabels - contribute towards the overall metadataFilter match. Supported values are: - - MATCH_ANY: At least one of the filterLabels must have a matching label in the - provided metadata. - - MATCH_ALL: All filterLabels must have matching labels in - the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"] - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - prefixMatch: - description: |- - For satifying the matchRule condition, the request's path must begin with the - specified prefixMatch. prefixMatch must begin with a /. The value must be - between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or - regexMatch must be specified. - type: string - queryParameterMatches: - description: |- - Specifies a list of query parameter match criteria, all of which must match - corresponding query parameters in the request. - items: - properties: - exactMatch: - description: |- - The queryParameterMatch matches if the value of the parameter exactly matches - the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch - must be set. - type: string - name: - description: |- - The name of the query parameter to match. The query parameter must exist in the - request, in the absence of which the request match fails. - type: string - presentMatch: - description: |- - Specifies that the queryParameterMatch matches if the request contains the query - parameter, irrespective of whether the parameter has a value or not. Only one of - presentMatch, exactMatch and regexMatch must be set. - type: boolean - regexMatch: - description: |- - The queryParameterMatch matches if the value of the parameter matches the - regular expression specified by regexMatch. For the regular expression grammar, - please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, - exactMatch and regexMatch must be set. - type: string - required: - - name - type: object - type: array - regexMatch: - description: |- - For satifying the matchRule condition, the path of the request must satisfy the - regular expression specified in regexMatch after removing any query parameters - and anchor supplied with the original URL. For regular expression grammar please - see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, - fullPathMatch or regexMatch must be specified. - type: string - type: object - type: array - priority: - description: |- - For routeRules within a given pathMatcher, priority determines the order - in which load balancer will interpret routeRules. RouteRules are evaluated - in order of priority, from the lowest to highest number. The priority of - a rule decreases as its number increases (1, 2, 3, N+1). The first rule - that matches the request is applied. - - You cannot configure two or more routeRules with the same priority. - Priority for each rule must be set to a number between 0 and - 2147483647 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules - in the future without affecting the rest of the rules. For example, - 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which - you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the - future without any impact on existing rules. - type: integer - routeAction: - description: |- - In response to a matching matchRule, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: |- - If true, specifies the CORS policy is disabled. - which indicates that the CORS policy is in effect. Defaults to false. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction - is not set, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if the gRPC status code in - the response header is set to unavailable - items: - type: string - type: array - required: - - numRetries - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - type: string - urlRedirect: - description: |- - When this rule is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. Defaults to false. - type: boolean - type: object - required: - - priority - type: object - type: array - required: - - name - type: object - type: array - test: - description: |- - The list of expected URL mapping tests. Request to update this UrlMap will - succeed only if all of the test cases pass. You can specify a maximum of 100 - tests per UrlMap. - items: - properties: - description: - description: Description of this test case. - type: string - host: - description: Host portion of the URL. - type: string - path: - description: Path portion of the URL. - type: string - service: - description: |- - The backend service or backend bucket link that should be matched - by this test. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeBackendService. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - host - - path - - service - type: object - type: array - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this object. This - field is used in optimistic locking. - type: string - mapId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNGateway - plural: computevpngateways - shortNames: - - gcpcomputevpngateway - - gcpcomputevpngateways - singular: computevpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - vpnInterfaces: - description: A list of interfaces on this VPN gateway. - items: - properties: - id: - description: The numeric ID of this VPN gateway interface. - type: integer - ipAddress: - description: The external IP address for this VPN gateway interface. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpntunnels.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNTunnel - plural: computevpntunnels - shortNames: - - gcpcomputevpntunnel - - gcpcomputevpntunnels - singular: computevpntunnel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - ikeVersion: - description: |- - IKE protocol version to use when establishing the VPN tunnel with - peer VPN gateway. - Acceptable IKE versions are 1 or 2. Default version is 2. - type: integer - localTrafficSelector: - description: |- - Local traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - peerExternalGatewayInterface: - description: The interface ID of the external VPN gateway to which this - VPN tunnel is connected. - type: integer - peerExternalGatewayRef: - description: |- - The peer side external VPN gateway to which this VPN tunnel - is connected. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeExternalVPNGateway. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerGCPGatewayRef: - description: |- - The peer side HA GCP VPN gateway to which this VPN tunnel is - connected. If provided, the VPN tunnel will automatically use the - same VPN gateway interface ID in the peer GCP VPN gateway. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeVPNGateway. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerIp: - description: IP address of the peer VPN gateway. Only IPv4 is supported. - type: string - region: - description: The region where the tunnel is located. If unset, is set - to the region of 'target_vpn_gateway'. - type: string - remoteTrafficSelector: - description: |- - Remote traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - routerRef: - description: The router to be used for dynamic routing. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeRouter. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sharedSecret: - description: |- - Shared secret used to set the secure session between the Cloud VPN - gateway and the peer VPN gateway. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - targetVPNGatewayRef: - description: |- - The ComputeTargetVPNGateway with which this VPN tunnel is - associated. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeTargetVPNGateway. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnGatewayInterface: - description: The interface ID of the VPN gateway with which this VPN - tunnel is associated. - type: integer - vpnGatewayRef: - description: |- - The ComputeVPNGateway with which this VPN tunnel is associated. - This must be used if a High Availability VPN gateway resource is - created. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeVPNGateway. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - sharedSecret - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - detailedStatus: - description: Detailed status message for the VPN tunnel. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - sharedSecretHash: - description: Hash of the shared secret. - type: string - tunnelId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containerclusters.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerCluster - plural: containerclusters - shortNames: - - gcpcontainercluster - - gcpcontainerclusters - singular: containercluster - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - addonsConfig: - description: The configuration for addons supported by GKE. - properties: - cloudrunConfig: - description: The status of the CloudRun addon. It is disabled by - default. Set disabled = false to enable. - properties: - disabled: - type: boolean - loadBalancerType: - type: string - required: - - disabled - type: object - configConnectorConfig: - description: The of the Config Connector addon. - properties: - enabled: - type: boolean - required: - - enabled - type: object - dnsCacheConfig: - description: The status of the NodeLocal DNSCache addon. It is disabled - by default. Set enabled = true to enable. - properties: - enabled: - type: boolean - required: - - enabled - type: object - gcePersistentDiskCsiDriverConfig: - description: Whether this cluster should enable the Google Compute - Engine Persistent Disk Container Storage Interface (CSI) Driver. - Defaults to disabled; set enabled = true to enable. - properties: - enabled: - type: boolean - required: - - enabled - type: object - horizontalPodAutoscaling: - description: The status of the Horizontal Pod Autoscaling addon, - which increases or decreases the number of replica pods a replication - controller has based on the resource usage of the existing pods. - It ensures that a Heapster pod is running in the cluster, which - is also used by the Cloud Monitoring service. It is enabled by - default; set disabled = true to disable. - properties: - disabled: - type: boolean - required: - - disabled - type: object - httpLoadBalancing: - description: The status of the HTTP (L7) load balancing controller - addon, which makes it easy to set up HTTP load balancers for services - in a cluster. It is enabled by default; set disabled = true to - disable. - properties: - disabled: - type: boolean - required: - - disabled - type: object - istioConfig: - description: The status of the Istio addon. - properties: - auth: - description: The authentication type between services in Istio. - Available options include AUTH_MUTUAL_TLS. - type: string - disabled: - description: The status of the Istio addon, which makes it easy - to set up Istio for services in a cluster. It is disabled - by default. Set disabled = false to enable. - type: boolean - required: - - disabled - type: object - kalmConfig: - description: Configuration for the KALM addon, which manages the - lifecycle of k8s. It is disabled by default; Set enabled = true - to enable. - properties: - enabled: - type: boolean - required: - - enabled - type: object - networkPolicyConfig: - description: Whether we should enable the network policy addon for - the master. This must be enabled in order to enable network policy - for the nodes. To enable this, you must also define a network_policy - block, otherwise nothing will happen. It can only be disabled - if the nodes already do not have network policies enabled. Defaults - to disabled; set disabled = false to enable. - properties: - disabled: - type: boolean - required: - - disabled - type: object - type: object - authenticatorGroupsConfig: - description: Configuration for the Google Groups for GKE feature. - properties: - securityGroup: - description: The name of the RBAC security group for use with Google - security groups in Kubernetes RBAC. Group name must be in format - gke-security-groups@yourdomain.com. - type: string - required: - - securityGroup - type: object - clusterAutoscaling: - description: Per-cluster configuration of Node Auto-Provisioning with - Cluster Autoscaler to automatically adjust the size of the cluster - and create/delete node pools based on the current needs of the cluster's - workload. See the guide to using Node Auto-Provisioning for more details. - properties: - autoProvisioningDefaults: - description: Contains defaults for a node pool created by NAP. - properties: - minCpuPlatform: - description: Minimum CPU platform to be used by this instance. - The instance may be scheduled on the specified or newer CPU - platform. Applicable values are the friendly names of CPU - platforms, such as Intel Haswell. - type: string - oauthScopes: - description: Scopes that are used by NAP when creating node - pools. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - autoscalingProfile: - description: Configuration options for the Autoscaling profile feature, - which lets you choose whether the cluster autoscaler should optimize - for resource utilization or resource availability when deciding - to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. - Defaults to BALANCED. - type: string - enabled: - description: Whether node auto-provisioning is enabled. Resource - limits for cpu and memory must be defined to enable node auto-provisioning. - type: boolean - resourceLimits: - description: Global constraints for machine resources in the cluster. - Configuring the cpu and memory types is required if node auto-provisioning - is enabled. These limits will apply to node pool autoscaling in - addition to node auto-provisioning. - items: - properties: - maximum: - description: Maximum amount of the resource in the cluster. - type: integer - minimum: - description: Minimum amount of the resource in the cluster. - type: integer - resourceType: - description: The type of the resource. For example, cpu and - memory. See the guide to using Node Auto-Provisioning for - a list of types. - type: string - required: - - resourceType - type: object - type: array - required: - - enabled - type: object - clusterIpv4Cidr: - description: The IP address range of the Kubernetes pods in this cluster - in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically - chosen or specify a /14 block in 10.0.0.0/8. This field will only - work for routes-based clusters, where ip_allocation_policy is not - defined. - type: string - clusterTelemetry: - properties: - type: - type: string - required: - - type - type: object - databaseEncryption: - description: 'Application-layer Secrets Encryption settings. The object - format is {state = string, key_name = string}. Valid values of state - are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS - key.' - properties: - keyName: - description: The key to use to encrypt/decrypt secrets. - type: string - state: - description: ENCRYPTED or DECRYPTED. - type: string - required: - - state - type: object - datapathProvider: - description: The desired datapath provider for this cluster. By default, - uses the IPTables-based kube-proxy implementation. - type: string - defaultMaxPodsPerNode: - description: The default maximum number of pods per node in this cluster. - This doesn't work on "routes-based" clusters, clusters that don't - have IP Aliasing enabled. - type: integer - defaultSnatStatus: - description: Whether the cluster disables default in-node sNAT rules. - In-node sNAT rules will be disabled when defaultSnatStatus is disabled. - properties: - disabled: - description: When disabled is set to false, default IP masquerade - rules will be applied to the nodes to prevent sNAT on cluster - internal traffic. - type: boolean - required: - - disabled - type: object - description: - description: ' Description of the cluster.' - type: string - enableBinaryAuthorization: - description: Enable Binary Authorization for this cluster. If enabled, - all container images will be validated by Google Binary Authorization. - type: boolean - enableIntranodeVisibility: - description: Whether Intra-node visibility is enabled for this cluster. - This makes same node pod to pod traffic visible for VPC network. - type: boolean - enableKubernetesAlpha: - description: Whether to enable Kubernetes Alpha features for this cluster. - Note that when this option is enabled, the cluster cannot be upgraded - and will be automatically deleted after 30 days. - type: boolean - enableLegacyAbac: - description: Whether the ABAC authorizer is enabled for this cluster. - When enabled, identities in the system, including service accounts, - nodes, and controllers, will have statically granted permissions beyond - those provided by the RBAC configuration or IAM. Defaults to false. - type: boolean - enableShieldedNodes: - description: Enable Shielded Nodes features on all nodes in this cluster. - Defaults to false. - type: boolean - enableTpu: - description: Whether to enable Cloud TPU resources in this cluster. - type: boolean - initialNodeCount: - description: The number of nodes to create in this cluster's default - node pool. In regional or multi-zonal clusters, this is the number - of nodes per zone. Must be set if node_pool is not set. If you're - using google_container_node_pool objects with no default node pool, - you'll need to set this to a value of at least 1, alongside setting - remove_default_node_pool to true. - type: integer - ipAllocationPolicy: - description: Configuration of cluster IP allocation for VPC-native clusters. - Adding this block enables IP aliasing, making the cluster VPC-native - instead of routes-based. - properties: - clusterIpv4CidrBlock: - description: The IP address range for the cluster pod IPs. Set to - blank to have a range chosen with the default size. Set to /netmask - (e.g. /14) to have a range chosen with a specific netmask. Set - to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private - networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick - a specific range to use. - type: string - clusterSecondaryRangeName: - description: The name of the existing secondary range in the cluster's - subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block - can be used to automatically create a GKE-managed one. - type: string - servicesIpv4CidrBlock: - description: The IP address range of the services IPs in this cluster. - Set to blank to have a range chosen with the default size. Set - to /netmask (e.g. /14) to have a range chosen with a specific - netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 - private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) - to pick a specific range to use. - type: string - servicesSecondaryRangeName: - description: The name of the existing secondary range in the cluster's - subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block - can be used to automatically create a GKE-managed one. - type: string - type: object - location: - description: The location (region or zone) in which the cluster master - will be created, as well as the default node location. If you specify - a zone (such as us-central1-a), the cluster will be a zonal cluster - with a single cluster master. If you specify a region (such as us-west1), - the cluster will be a regional cluster with multiple masters spread - across zones in the region, and with default node locations in those - zones as well. - type: string - loggingService: - description: The logging service that the cluster should write logs - to. Available options include logging.googleapis.com(Legacy Stackdriver), - logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), - and none. Defaults to logging.googleapis.com/kubernetes. - type: string - maintenancePolicy: - description: The maintenance policy to use for the cluster. - properties: - dailyMaintenanceWindow: - description: 'Time window specified for daily maintenance operations. - Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] - and MM : [00-59] GMT.' - properties: - duration: - type: string - startTime: - type: string - required: - - startTime - type: object - recurringWindow: - description: Time window for recurring maintenance operations. - properties: - endTime: - type: string - recurrence: - type: string - startTime: - type: string - required: - - endTime - - recurrence - - startTime - type: object - type: object - masterAuth: - description: The authentication information for accessing the Kubernetes - master. Some values in this block are only returned by the API if - your service account has permission to get credentials for your GKE - cluster. If you see an unexpected diff removing a username/password - or unsetting your client cert, ensure you have the container.clusters.getCredentials - permission. - properties: - clientCertificate: - description: Base64 encoded public certificate used by clients to - authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Whether client certificate authorization is enabled - for this cluster. - properties: - issueClientCertificate: - description: Whether client certificate authorization is enabled - for this cluster. - type: boolean - required: - - issueClientCertificate - type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. - type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. - type: string - password: - description: The password to use for HTTP basic authentication when - accessing the Kubernetes master endpoint. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: - description: The username to use for HTTP basic authentication when - accessing the Kubernetes master endpoint. If not present basic - auth will be disabled. - type: string - type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). - properties: - cidrBlocks: - description: External networks that can access the Kubernetes cluster - master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes master - through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain that. - If unset, the cluster's version will be set by GKE to the version - of the most recent official release (which is not necessarily the - latest version). - type: string - monitoringService: - description: The monitoring service that the cluster should write metrics - to. Automatically send metrics from pods in the cluster to the Google - Cloud Monitoring API. VM metrics will be collected by Google Compute - Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy - Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes - Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. - properties: - enabled: - description: Whether network policy is enabled on the cluster. - type: boolean - provider: - description: The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED. - type: string - required: - - enabled - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkingMode: - description: Determines whether alias IPs or routes will be used for - pod IPs in the cluster. - type: string - nodeConfig: - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - kubeletConfig: - properties: - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: - type: string - type: object - linuxNodeConfig: - properties: - sysctls: - additionalProperties: - type: string - type: object - required: - - sysctls - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the same - region as their cluster's zone for zonal clusters. If this is specified - for a zonal cluster, omit the cluster's zone. - items: - type: string - type: array - nodeVersion: - type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications - properties: - pubsub: - description: Notification config for Cloud Pub/Sub - properties: - enabled: - description: Whether or not the notification config is enabled - type: boolean - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this cluster. - If enabled, pods must be valid under a PodSecurityPolicy to be - created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. - properties: - enablePrivateEndpoint: - description: Enables the private cluster feature, creating a private - endpoint on the cluster. In a private cluster, nodes only have - RFC 1918 private addresses and communicate with the master's private - endpoint via private networking. - type: boolean - enablePrivateNodes: - description: When true, the cluster's private endpoint is used as - the cluster endpoint and access through the public endpoint is - disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes is - true. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: The IP range in CIDR notation to use for the hosted - master network. This range will be used for assigning private - IP addresses to the cluster master(s) and the ILB VIP. This range - must not overlap with any other ranges in use within the cluster's - network, and it must be a /28 subnet. See Private Cluster Limitations - for more details. This field only applies to private clusters, - when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and the - Google owned VPC. - type: string - privateEndpoint: - description: The internal IP address of this cluster's master endpoint. - type: string - publicEndpoint: - description: The external IP address of this cluster's master endpoint. - type: string - required: - - enablePrivateEndpoint - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - properties: - channel: - description: The selected release channel. - type: string - required: - - channel - type: object - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination of - resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. The - resulting table can be joined with the resource usage table or - with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - properties: - identityNamespace: - type: string - required: - - identityNamespace - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - instanceGroupUrls: - description: List of instance group URLs which have been assigned to - the cluster. - items: - type: string - type: array - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. - type: string - operation: - type: string - selfLink: - description: Server-defined URL for the resource. - type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. - type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerNodePool - plural: containernodepools - shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. - properties: - maxNodeCount: - description: Maximum number of nodes in the NodePool. Must be >= - min_node_count. - type: integer - minNodeCount: - description: Minimum number of nodes in the NodePool. Must be >=0 - and <= max_node_count. - type: integer - required: - - maxNodeCount - - minNodeCount - type: object - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ContainerCluster. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - initialNodeCount: - description: The initial number of nodes for the pool. In regional or - multi-zonal clusters, this is the number of nodes per zone. Changing - this will force recreation of the resource. - type: integer - location: - description: The location (region or zone) of the cluster. - type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: The maximum number of pods per node in this node pool. - Note that this does not work on node pools which are "route-based" - - that is, node pools belonging to clusters that do not have IP Aliasing - enabled. - type: integer - namePrefix: - description: Creates a unique name for the node pool beginning with - the specified prefix. Conflicts with name. - type: string - nodeConfig: - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - kubeletConfig: - properties: - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: - type: string - type: object - linuxNodeConfig: - properties: - sysctls: - additionalProperties: - type: string - type: object - required: - - sysctls - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string - type: array - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number of - nodes upgraded simultaneously is limited to 20. - properties: - maxSurge: - description: The number of additional nodes that can be added to - the node pool during an upgrade. Increasing max_surge raises the - number of nodes that can be upgraded simultaneously. Can be set - to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - required: - - maxSurge - - maxUnavailable - type: object - version: - type: string - required: - - clusterRef - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com -spec: - group: dataflow.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs - shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - containerSpecGcsPath: - type: string - parameters: - type: object - region: - description: The region in which the created job should run. - type: string - required: - - containerSpecGcsPath - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - jobId: - type: string - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com -spec: - group: dataflow.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataflowJob - plural: dataflowjobs - shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - machineType: - description: The machine type to use for the job. - type: string - maxWorkers: - description: The number of workers permitted to work on the job. More - workers may improve processing speed at additional cost. - type: integer - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as used - in the template). - type: object - region: - description: The region in which the created job should run. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeSubnetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the Dataflow - job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. - type: object - zone: - description: The zone in which the created job should run. If it is - not provided, the provider zone is used. - type: string - required: - - tempGcsLocation - - templateGcsPath - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - jobId: - description: The unique ID of this job. - type: string - state: - description: The current state of the resource, selected from the JobState - enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSManagedZone - plural: dnsmanagedzones - shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A textual description field. Defaults to 'Managed by Config - Connector'. - type: string - dnsName: - description: The DNS name of this managed zone, for instance "example.com.". - type: string - dnssecConfig: - description: DNSSEC configuration - properties: - defaultKeySpecs: - description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"]' - type: string - keyLength: - description: Length of the keys in bits - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"] - type: string - kind: - description: Identifies what kind of resource this is - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is - type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"] - type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"]' - type: string - type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"] - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. - properties: - targetNetwork: - description: The network with which to peer. - properties: - networkRef: - description: VPC network to forward queries to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - reverseLookup: - description: |- - Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: The presence of this field indicates that this zone is - backed by Service Directory. The value of this field contains information - related to the namespace associated with the zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl - type: object - required: - - namespace - type: object - visibility: - description: |- - The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"] - type: string - required: - - dnsName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSPolicy - plural: dnspolicies - shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. - properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"] - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - description: - description: A textual description field. Defaults to 'Managed by Config - Connector'. - type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSRecordSet - plural: dnsrecordsets - shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a DNSManagedZone. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: The DNS name this record set will apply to. - type: string - rrdatas: - items: - type: string - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. - type: string - required: - - managedZoneRef - - name - - rrdatas - - ttl - - type - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com -spec: - group: firestore.cnrm.cloud.google.com - names: - categories: - - gcp - kind: FirestoreIndex - plural: firestoreindexes - shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - collection: - description: The collection being indexed. - type: string - database: - description: The Firestore database id. Defaults to '"(default)"'. - type: string - fields: - description: |- - The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). - items: - properties: - arrayConfig: - description: |- - Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"] - type: string - fieldPath: - description: Name of the field. - type: string - order: - description: |- - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"] - type: string - type: object - type: array - queryScope: - description: 'The scope at which a query is run. Default value: "COLLECTION" - Possible values: ["COLLECTION", "COLLECTION_GROUP"]' - type: string - required: - - collection - - fields - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Folder - plural: folders - shortNames: - - gcpfolder - - gcpfolders - singular: folder - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. - type: string - required: - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}" - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iamauditconfigs.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMAuditConfig - plural: iamauditconfigs - shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - auditLogConfigs: - description: Required. The configuration for logging of each type of - permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: string - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - resourceRef: - description: Required. The GCP resource to set the IAMAuditConfig on - (e.g. project). - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - service: - description: 'Required. The service for which to enable Data Access - audit logs. The special value ''allServices'' covers all services. - Note that if there are audit configs covering both ''allServices'' - and a specific service, then the union of the two audit configs is - used for that service: the ''logTypes'' specified in each ''auditLogConfig'' - are enabled, and the ''exemptedMembers'' in each ''auditLogConfg'' - are exempted.' - type: string - required: - - resourceRef - - service - - auditLogConfigs - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAMAuditConfig's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMCustomRole - plural: iamcustomroles - shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - stage: - description: The current launch stage of the role. Defaults to GA. - type: string - title: - description: A human-readable title for the role. - type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The name of the role in the format projects/{{project}}/roles/{{role_id}}. - Like id, this field can be used as a reference in other resources - such as IAM role bindings. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPolicy - plural: iampolicies - shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - auditConfigs: - description: Optional. The list of IAM audit configs. - items: - properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this - type of permission. The format is the same as that for - 'members' in IAMPolicy/IAMPolicyMember. - items: - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: string - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data Access - audit logs. The special value ''allServices'' covers all services. - Note that if there are audit configs covering both ''allServices'' - and a specific service, then the union of the two audit configs - is used for that service: the ''logTypes'' specified in each - ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' - type: string - required: - - service - - auditLogConfigs - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - members: - description: Optional. The list of IAM users to be bound to the - role. - items: - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: string - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicymembers.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPolicyMember - plural: iampolicymembers - shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - member: - description: Required. The list of IAM identities to be bound to the - role - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ - type: string - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - role: - description: Required. The role for which the Member will be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - resourceRef - - member - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys - shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyAlgorithm: - description: 'The algorithm used to generate the key, used only on create. - KEY_ALG_RSA_2048 is the default algorithm. Valid values are: "KEY_ALG_RSA_1024", - "KEY_ALG_RSA_2048".' - type: string - privateKeyType: - type: string - publicKeyData: - description: A field that allows clients to upload their own public - key. If set, use this public key data to create a service account - key for given service account. Please note, the expected format for - this field is a base64 encoded X509_PEM. - type: string - publicKeyType: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - serviceAccountRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: The name used for this key pair - type: string - privateKey: - description: The private key in JSON format, base64 encoded. This is - what you normally get as a file when creating service account keys - through the CLI or web console. This is only populated when creating - a new key. - type: string - publicKey: - description: The public key, base64 encoded - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts - shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. - type: string - displayName: - description: The display name for the service account. Can be updated - without creating a new resource. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - email: - description: The e-mail address of the service account. This value should - be referenced from any google_iam_policy data sources that would grant - the service account privileges. - type: string - name: - description: The fully-qualified name of the service account. - type: string - uniqueId: - description: The unique id of the service account. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmscryptokeys.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSCryptoKey - plural: kmscryptokeys - shortNames: - - gcpkmscryptokey - - gcpkmscryptokeys - singular: kmscryptokey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSKeyRing. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: - description: |- - The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT"] - type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: 'The protection level to use when creating a version - based on this template. Default value: "SOFTWARE" Possible values: - ["SOFTWARE", "HSM"]' - type: string - required: - - algorithm - type: object - required: - - keyRingRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSKeyRing - plural: kmskeyrings - shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - location: - description: |- - The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: logginglogsinks.logging.cnrm.cloud.google.com -spec: - group: logging.cnrm.cloud.google.com - names: - categories: - - gcp - kind: LoggingLogSink - plural: logginglogsinks - shortNames: - - gcplogginglogsink - - gcplogginglogsinks - singular: logginglogsink - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bigqueryOptions: - description: Options that affect sinks exporting data to BigQuery. - properties: - usePartitionedTables: - description: Whether to use BigQuery's partition tables. By default, - Logging creates dated tables based on the log entries' timestamps, - e.g. syslog_20170523. With partitioned tables the date suffix - is no longer present and special query syntax has to be used instead. - In both cases, tables are sharded based on UTC timezone. - type: boolean - required: - - usePartitionedTables - type: object - destination: - oneOf: - - required: - - bigQueryDatasetRef - - required: - - pubSubTopicRef - - required: - - storageBucketRef - properties: - bigQueryDatasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BigQueryDataset. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - pubSubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - storageBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - filter: - description: The filter to apply when exporting logs. Only log entries - that match the filter are exported. - type: string - folderRef: - description: |- - The folder in which to create the sink. Only one of projectRef, - folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The folderId of a Folder. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - includeChildren: - description: Whether or not to include children organizations in the - sink export. If true, logs associated with child projects are also - exported; otherwise only logs relating to the provided organization - are included. - type: boolean - organizationRef: - description: |- - The organization in which to create the sink. Only one of projectRef, - folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an Organization. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - description: |- - The project in which to create the sink. Only one of projectRef, - folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a Project. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - uniqueWriterIdentity: - description: Whether or not to create a unique identity associated with - this sink. If false (the default), then the writer_identity used is - serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then - a unique service account is created and used for this sink. If you - wish to publish logs across projects, you must set unique_writer_identity - to true. - type: boolean - required: - - destination - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - writerIdentity: - description: The identity associated with this sink. This identity must - be granted write access to the configured destination. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com -spec: - group: monitoring.cnrm.cloud.google.com - names: - categories: - - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels - shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond the - display name, for the channel. This may not exceed 1024 Unicode characters. - type: string - enabled: - description: Whether notifications are forwarded to the described channel. - This makes it possible to disable delivery of notifications to a particular - channel without removing the channel from all alerting policies that - reference the channel. This is a more convenient approach when the - change is temporary and you want to receive notifications from the - same set of alerting policies on the channel at some point in the - future. - type: boolean - labels: - additionalProperties: - type: string - type: object - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. - - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. - properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel types - that support this field include: webhook_basicauth' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. Channel - types that support this field include: pagerduty' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... - type: string - required: - - type - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. - type: string - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for channels - of this type.This field cannot be modified using a standard UpdateNotificationChannel - operation. To change the value of this field, you must call VerifyNotificationChannel. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Project - plural: projects - shortNames: - - gcpproject - - gcpprojects - singular: project - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - billingAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a BillingAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: The display name of the project. - type: string - required: - - name - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - number: - description: The numeric identifier of the project. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions - shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscriptions's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any message. - The value must be\nbetween 5 and 100.\n\nThe number of delivery - attempts is defined as 1 + (the sum of number of \nNACKs and number - of times the acknowledgement deadline has been exceeded for the - message).\n\nA NACK is any call to ModifyAckDeadline with a 0 - deadline. Note that\nclient libraries may automatically extend - ack_deadlines.\n\nThis field will be honored on a best effort - basis.\n\nIf this parameter is 0, a default value of 5 is used." - type: integer - type: object - enableMessageOrdering: - description: |- - If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "The subscription only delivers the messages that match - the filter. \nPub/Sub automatically acknowledges the messages that - don't match the filter. You can filter messages\nby their attributes. - The maximum length of a filter is 256 bytes. After creating the subscription, - \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retainAckedMessages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: - description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message delivery - for this subscription.\n\nIf not set, the default retry policy is - applied. This generally implies that messages will be retried as soon - as possible for healthy subscribers. \nRetryPolicy will be triggered - on NACKs or acknowledgement deadline exceeded events for a given message" - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries of - a given message. Value should be between 0 and 600 seconds. Defaults - to 600 seconds. \nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - path: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubTopic - plural: pubsubtopics - shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com -spec: - group: redis.cnrm.cloud.google.com - names: - categories: - - gcp - kind: RedisInstance - plural: redisinstances - shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeLocationId: - description: |- - Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - connectMode: - description: 'The connection mode of the Redis instance. Default value: - "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS"]' - type: string - displayName: - description: An arbitrary and optional user-provided name for the instance. - type: string - locationId: - description: |- - The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - memorySizeGb: - description: Redis memory size in GiB. - type: integer - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Currently, the supported values are: - - - REDIS_5_0 for Redis 5.0 compatibility - - REDIS_4_0 for Redis 4.0 compatibility - - REDIS_3_2 for Redis 3.2 compatibility - type: string - region: - description: The name of the Redis region of the instance. - type: string - reservedIpRange: - description: |- - The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - tier: - description: |- - The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"] - type: string - required: - - memorySizeGb - - region - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies - shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced - type: object - constraint: - description: The name of the Constraint the Policy is configuring, for - example, serviceuser.services. - type: string - folderRef: - description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a Folder. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: 'A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow or - deny all values. ' - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set in - this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a configuration - that matches the value specified in this field. - type: string - type: object - organizationRef: - description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of an Organization. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a Project. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default Policy - is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer - required: - - constraint - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - etag: - description: The etag of the organization policy. etag is used for optimistic - concurrency control as a way to help prevent simultaneous updates - of a policy from overwriting each other. - type: string - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate to - nanoseconds, representing when the variable was last updated. Example: - "2016-10-09T12:33:37.578138407Z".' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com -spec: - group: secretmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets - shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - replication: - description: |- - The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: The Secret will automatically be replicated without - any restrictions. - type: boolean - userManaged: - description: The Secret will automatically be replicated without - any restrictions. - properties: - replicas: - description: The list of Replicas for this Secret. Cannot be - empty. - items: - properties: - location: - description: 'The canonical IDs of the location to replicate - data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object - required: - - replication - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com -spec: - group: secretmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions - shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - secretData: - description: The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SecretManagerSecret. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: servicemappings.core.cnrm.cloud.google.com -spec: - group: core.cnrm.cloud.google.com - names: - kind: ServiceMapping - plural: servicemappings - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceMappingSpec defines the aspects common to all resources - of a particular service being mapped from the Terraform provider to Kubernetes - Resource Model (KRM). - properties: - name: - description: Name is the name of the service being mapped (e.g. Spanner, - PubSub). This is used for the construction of the generated CRDs' - API group and kind. - type: string - resources: - description: Resources is a list of configurations specifying how to - map a specific resource from the Terraform provider to KRM. - items: - properties: - containers: - description: Containers describes all the container mappings this - resource understands. Config Connector maps Kubernetes namespaces - to the abstract GCP container objects they are scoped by via - namespaces. For most resource types, this is a project, but - certain resources live outside the scope of a project, like - folders or projects themselves. Containers are expressed as - annotations on a given Namespace, though users may provide resource-level - overrides. - items: - properties: - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that represents the implicit reference - to the container object. Use periods to delimit the fields - in the path. For example, if the field is "bar" nested - inside "foo" ("foo" being either an object or a list of - objects), the associated TFField should be "foo.bar") - type: string - type: - description: Type is the type of container this represents. - type: string - valueTemplate: - description: ValueTemplate is a template by which the value - of the container annotation should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the container annotation is "123456789", a valueTemplate - of "folders/{{value}}" would mean the final value passed - to the provider is "folders/123456789" - type: string - required: - - type - - tfField - type: object - type: array - directives: - description: Directives is a list of Terraform fields that perform - unique behaviors on top of the resource which are not part of - a GET response. If the KCC annotation's key contains a directive - from this list (e.g. `cnrm.cloud.google.com/force-destroy`), - the value from the annotation is stored/overwritten in the TF - config (e.g. force_destroy -> true) - items: - type: string - type: array - iamConfig: - description: IAMConfig contains the mappings from a given resource - onto its associated terraform IAM resources (policies, bindings, - and members) - properties: - auditConfigName: - description: AuditConfigName is the terraform name of the - associated IAM Audit Config resource, if there is any (e.g. - google_project_iam_audit_config for the Project resource) - type: string - policyMemberName: - description: PolicyMemberName is the terraform name of the - associated IAM Policy Member resource (e.g. google_spanner_instance_iam_member) - type: string - policyName: - description: PolicyName is the terraform name of the associated - IAM Policy resource (e.g. google_spanner_instance_iam_policy) - type: string - referenceField: - description: A description of the manner in which the IAM - Policy references its resource. - properties: - name: - description: The name of the field in the policy or binding - which references the resource. For 'google_spanner_instance_iam_policy' - this value is 'instance'. - type: string - type: - description: The type of value that should be used in - this field. It can be one of { name, id }. For 'google_spanner_instance_iam_policy' - it would be 'name' for 'google_kms_key_ring_iam_policy' - it would be 'id'. - type: string - required: - - name - - type - type: object - supportsConditions: - description: SupportsConditions indicates whether or not the - resource supports IAM Conditions. - type: boolean - required: - - policyName - - policyMemberName - - supportsConditions - type: object - idTemplate: - description: IDTemplate defines the format in which the ID fed - into the TF resource's importer should look. Fields may be sourced - from the TF resource by using the `{{foo}}` syntax. (e.g. {{project}}/{{location}}/{{name}}. All - fields are required. A field can be marked as optional with - the ? suffix, e.g. with {{project}}/{{host?}}, the host field - is optional An OR condition can be defined on a portion of - the template by enclosing the portion with brackets `[...]` - and using a bar character, `|`, to deliminate the OR. Example, - `my-template/[{{field1}}|text_{{field2}]`. If SkipImport is - true, this must be specified, and its expanded form will be - directly used as the TF resource's `id` field. - type: string - ignoredFields: - description: IgnoredFields is a list of fields that should be - dropped from the underlying Terraform resource. - items: - type: string - type: array - kind: - description: Kind is the Kubernetes kind you wish the resource - to have. - type: string - locationality: - description: 'Locationality categorizes the GCP resources as global, - regional, or zonal. It''s only applicable to the effort of unifying - multiple locational TF resources into one, e.g. KCC could have - a single ComputeAddress CRD to represent two TF/GCE resources - - compute address and global compute address. The location field - in ComputeAddress CRD is used to specify whether it is a global - address or regional address. If unset, it''s assumed that there - is no multiple TF locational resources mapping to the same compute - resource schema. Currently, this supports the following values: - global, regional, zonal.' - type: string - metadataMapping: - description: MetadataMapping determines how to map Kubernetes - metadata fields to the Terraform resource's configuration. - properties: - labels: - description: Labels is a JSONPath to the field in the TF resource - where the KRM "metadata.labels" field will be mapped to. - By default, this is mapped to the "labels" field, if that - field is found in the TF resource schema. - type: string - name: - description: Name is a JSONPath to the field in the TF resource - where the KRM "metadata.name" field will be mapped to. By - default, this is mapped to the "name" field, if that field - is found in the TF resource schema. - type: string - nameValueTemplate: - description: NameValueTemplate is a template by which the - value of the metadata.name field should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from metadata.name is "foo_bar", a nameValueTemplate of - "resource/{{value}}" would mean the final value passed to - the provider is "resource/foo_bar" - type: string - type: object - mutableButUnreadableFields: - description: MutableButUnreadableFields is a list of Terraform - fields that are mutable but not returned by the Terraform read. - KCC tracks the values of such fields to be able to determine - if the user changed their values on the spec. - items: - type: string - type: array - name: - description: Name is the Terraform name of the resource (e.g. - google_spanner_instance) - type: string - resourceID: - description: ResourceID determines how to map the `spec.resourceID` - field to the Terraform resource's configuration. For multiple - ResourceConfigs that map to the same Kind, their ResourceID - definition must be the same. - properties: - targetField: - description: TargetField is the name of the field in the TF - resource where the KRM `spec.resourceID` field will be mapped - to. - type: string - valueTemplate: - description: ValueTemplate is a template by which the value - of the `spec.resourceID` field should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of the source value, i.e. the value of `spec.resourceID`. E.g. - If `spec.resourceID` is "foo", a ValueTemplate of "resources/{{value}}" - means the final value passed to the Terraform provider is - "resources/foo". - type: string - type: object - resourceReferences: - description: ResourceReferences configures the mapping of fields - in the Terraform resource that implicitly define references - to other GCP resources into explicit Kubernetes-style references. - items: - properties: - description: - description: Description is the description for the resource - reference that will be exposed in the CRD. - type: string - gvk: - description: GVK is the Group,Version,Kind of the resource - being referenced. This field is mutually exclusive with - JSONSchemaType. - type: object - jsonSchemaType: - description: JSONSchemaType specifies the type as understood - by JSON schema validation of this reference field. Should - never be specified for a TypeConfig inlined in the ReferenceConfig. This - field is mutually exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow the - Kubernetes reference naming semantics: `fooRef`, where - foo is some describer of what is being referenced (e.g. instanceRef, - healthCheckRef) Complex references (those with a "Types" - list defined) or lists of references should not specify - a key.' - type: string - parent: - description: Parent specifies whether the referenced resource - is a parent. If the parent is successfully deleted, this - resource may be deleted without any call to the underlying - API. Only one parent may be present. A parent reference's - TFField must not be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's Terraform - field that will be extracted and set as the value of the - TFField. For example, a ComputeSubnetwork can reference - a ComputeNetwork's self link by setting TargetField to - "self_link", a field defined on the google_compute_network - resource. - type: string - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that is the implicit reference. Use - periods to delimit the fields in the path. For example, - if the reference field is "bar" nested inside "foo" ("foo" - being either an object or a list of objects), the associated - TFField should be "foo.bar") - type: string - types: - description: Types is the supported types this resource - reference supports. Must not be specified if the inlined - TypeConfig is filled out. If the value for the reference - is not specified in the KRM spec, it is possible that - a default value may be set by GCP. This default reference - value will be populated in the KRM resource's spec. In - cases where a resource reference has multiple types, the - first type in this list will become the default TypeConfig - for that value. - items: - properties: - gvk: - description: GVK is the Group,Version,Kind of the - resource being referenced. This field is mutually - exclusive with JSONSchemaType. - type: object - jsonSchemaType: - description: JSONSchemaType specifies the type as - understood by JSON schema validation of this reference - field. Should never be specified for a TypeConfig - inlined in the ReferenceConfig. This field is mutually - exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow - the Kubernetes reference naming semantics: `fooRef`, - where foo is some describer of what is being referenced - (e.g. instanceRef, healthCheckRef) Complex references - (those with a "Types" list defined) or lists of - references should not specify a key.' - type: string - parent: - description: Parent specifies whether the referenced - resource is a parent. If the parent is successfully - deleted, this resource may be deleted without any - call to the underlying API. Only one parent may - be present. A parent reference's TFField must not - be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's - Terraform field that will be extracted and set as - the value of the TFField. For example, a ComputeSubnetwork - can reference a ComputeNetwork's self link by setting - TargetField to "self_link", a field defined on the - google_compute_network resource. - type: string - valueTemplate: - description: ValueTemplate is a template by which - the value sourced from the reference should be interpreted - before being passed to the Terraform provider. {{value}} - is used in place of this sourced value. The template - can contain other value placeholders that need to - be sourced from the reference resource. e.g. If - the value sourced from the reference is "foo@domain.com", - a valueTemplate of "serviceAccount:{{value}}" would - mean the final value passed to the provider is "serviceAccount:foo@domain.com" - e.g. If the template is "projects/{{project}}/topics/{{value}}", - the project value will be sourced from the referenced - resource. - type: string - type: object - type: array - valueTemplate: - description: ValueTemplate is a template by which the value - sourced from the reference should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. The template can contain - other value placeholders that need to be sourced from - the reference resource. e.g. If the value sourced from - the reference is "foo@domain.com", a valueTemplate of - "serviceAccount:{{value}}" would mean the final value - passed to the provider is "serviceAccount:foo@domain.com" - e.g. If the template is "projects/{{project}}/topics/{{value}}", - the project value will be sourced from the referenced - resource. - type: string - required: - - tfField - type: object - type: array - serverGeneratedIDField: - description: ServerGeneratedIDField is the field in the resource's - status that corresponds to the server-generated resource ID. - If unset, it's assumed the resource ID is specified by the user. - Resources with this set do not support acquisition. - type: string - skipImport: - description: SkipImport skips the import step when fetching the - live state of the underlying resource. If specified, IDTemplate - must also be specified, and its expanded form will be used as - the TF resource's `id` field. - type: boolean - required: - - name - - kind - type: object - type: array - serviceHostName: - description: ServiceHostName is the host portion of the URL for the - associated service. IE, for Spanner, it is 'spanner.googleapis.com' - type: string - version: - description: Version is the API version for all the resource CRDs being - generated. - type: string - required: - - name - - version - - serviceHostName - - resources - type: object - type: object - version: v1alpha1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com -spec: - group: servicenetworking.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections - shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a ComputeAddress. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Provider peering service that is managing peering connectivity - for a service provider organization. For Google services that support - this functionality it is 'servicenetworking.googleapis.com'. - type: string - required: - - networkRef - - reservedPeeringRanges - - service - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - peering: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Service - plural: services - shortNames: - - gcpservice - - gcpservices - singular: service - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com -spec: - group: sourcerepo.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SourceRepoRepository - plural: sourcereporepositories - shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- PROTOBUF: - The message payload is a serialized protocol buffer of SourceRepoEvent.\n- - JSON: The message payload is a JSON string of SourceRepoEvent. - Possible values: [\"PROTOBUF\", \"JSON\"]" - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The email of an IAMServiceAccount. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - messageFormat - - topicRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source Repositories. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerDatabase - plural: spannerdatabases - shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - instanceRef: - description: The instance to create the database on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SpannerInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: An explanation of the status of the database. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerInstance - plural: spannerinstances - shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - config: - description: |- - The name of the instance's configuration (similar but not - quite the same as a region) which defines defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). - type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. - type: string - numNodes: - description: The number of nodes allocated to this instance. - type: integer - required: - - config - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: 'Instance status: ''CREATING'' or ''READY''.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLDatabase - plural: sqldatabases - shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - instanceRef: - description: The Cloud SQL instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SQLInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLInstance - plural: sqlinstances - shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - databaseVersion: - description: The MySQL, PostgreSQL or SQL Server (beta) version to use. - Supported values include MYSQL_5_6, MYSQL_5_7, POSTGRES_9_6,POSTGRES_11, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SQLInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region the instance will sit in. Note, Cloud SQL is - not available in all regions - choose from one of the options listed - here. A valid region must be provided to use this resource. If a region - is not provided in the resource definition, the provider region will - be used instead, but this will be an apply-time error for instances - if the provider region is not supported with Cloud SQL. If you choose - not to provide the region argument for this resource, make sure you - understand this. - type: string - replicaConfiguration: - description: The configuration for replication. - properties: - caCertificate: - description: PEM representation of the trusted CA's x509 certificate. - type: string - clientCertificate: - description: PEM representation of the slave's x509 certificate. - type: string - clientKey: - description: PEM representation of the slave's private key. The - corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: The number of seconds between connect retries. - type: integer - dumpFilePath: - description: Path to a SQL file in Google Cloud Storage from which - slave instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Specifies if the replica is the failover target. If - the field is set to true the replica will be designated as a failover - replica. If the master instance fails, the replica instance will - be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Time in ms between replication heartbeats. - type: integer - password: - description: Password for the replication connection. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sslCipher: - description: Permissible ciphers for use in SSL encryption. - type: string - username: - description: Username for replication connection. - type: string - verifyServerCertificate: - description: True if the master's common name value is checked during - the SSL handshake. - type: boolean - type: object - rootPassword: - description: Initial root password. Required for MS SQL Server, ignored - by MySQL and PostgreSQL. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - authorizedGaeApplications: - description: DEPRECATED — This property is only applicable to First - Generation instances, and First Generation instances are now deprecated. - This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see https://cloud.google.com/sql/docs/mysql/deprecation-notice - for information on how to upgrade to Second Generation instances. - A list of Google App Engine (GAE) project names that are allowed - to access this instance. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For MySQL instances, ensure that - settings.backup_configuration.enabled and - settings.backup_configuration.binary_log_enabled are both set to true. - type: string - backupConfiguration: - properties: - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Cannot be used with Postgres. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - type: object - crashSafeReplication: - description: DEPRECATED — This property is only applicable to First - Generation instances, and First Generation instances are now deprecated. - This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see here for information - on how to upgrade to Second Generation instances. Specific to - read instances, indicates when crash-safe replication flags are - enabled. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - diskAutoresize: - type: boolean - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. - type: integer - diskType: - description: 'The type of data disk: PD_SSD or PD_HDD.' - type: string - ipConfiguration: - properties: - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. Either ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a ComputeNetwork. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to remain - in. Must be in the same region as this instance. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance window - is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday - type: integer - hour: - description: Hour of day (0-23), ignored if day not set - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable) - type: string - type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: DEPRECATED — This property is only applicable to First - Generation instances, and First Generation instances are now deprecated. - This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see here for information - on how to upgrade to Second Generation instances. Replication - type for this instance, can be one of ASYNCHRONOUS or SYNCHRONOUS. - type: string - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types such as db-f1-micro, and custom machine types such as db-custom-2-13312. - See the Custom Machine Type Documentation to learn about specifying - custom machine types. - type: string - required: - - tier - type: object - required: - - settings - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. - type: string - firstIpAddress: - type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLSSLCert - plural: sqlsslcerts - shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - commonName: - description: The common name to be used in the certificate to identify - the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new - resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SQLInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - commonName - - instanceRef - type: object - status: - properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: The time when the certificate was created in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. - type: string - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLUser - plural: sqlusers - shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: The host the user can connect from. This is only supported - for MySQL instances. Don't set this field for PostgreSQL instances. - Can be an IP address. Changing this forces a new resource to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a SQLInstance. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: The password for the user. Can be updated. For Postgres - instances this is a Required field. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols - shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - description: Reference to the bucket. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. - type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"]' - type: string - required: - - bucketRef - - entity - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucket - plural: storagebuckets - shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketPolicyOnly: - description: DEPRECATED — Please use the uniform_bucket_level_access - as this field has been renamed by Google. Enables Bucket Policy Only - access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple response - headers to give permission for the user-agent to share across - domains. - items: - type: string - type: array - type: object - type: array - defaultEventBasedHold: - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The selfLink of a KMSCryptoKey. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete and SetStorageClass.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy this - condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object - required: - - action - - condition - type: object - type: array - location: - description: The Google Cloud Storage location - type: string - logging: - description: The bucket's Access & Storage Logs configuration. - properties: - logBucket: - description: The bucket that will receive log objects. - type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. - type: string - required: - - logBucket - type: object - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. - properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: Locking - a bucket is an irreversible action.' - type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, or - archived. The value must be less than 3,155,760,000 seconds. - type: integer - required: - - retentionPeriod - type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. - type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols - shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - description: Reference to the bucket. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - type: string - object: - description: The name of the object, if applied to an object. - type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"]' - type: string - required: - - bucketRef - - entity - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - entityId: - description: The ID for the entity - type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer - projectTeam: - description: The project team associated with the entity - properties: - projectNumber: - description: The project team associated with the entity - type: string - team: - description: 'The team. Possible values: ["editors", "owners", "viewers"]' - type: string - type: object - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageNotification - plural: storagenotifications - shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - customAttributes: - additionalProperties: - type: string - description: ' A set of key/value attribute pairs to attach to each - Cloud Pub/Sub message published for this notification subscription' - type: object - eventTypes: - description: 'List of event type filters for this notification config. - If not specified, Cloud Storage will send notifications for all event - types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE"' - items: - type: string - type: array - objectNamePrefix: - description: Specifies a prefix path filter for this notification config. - Cloud Storage will only send notifications for objects in this bucket - whose names begin with the specified prefix. - type: string - payloadFormat: - description: The desired content of the Payload. One of "JSON_API_V1" - or "NONE". - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a PubSubTopic. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - bucketRef - - payloadFormat - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - notificationId: - description: The ID of the created notification. - type: string - selfLink: - description: The URI of the created resource. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.27.2 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com -spec: - group: storagetransfer.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageTransferJob - plural: storagetransferjobs - shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Unique description to identify the Transfer Job. - type: string - schedule: - description: Schedule specification defining when the Transfer Job should - be scheduled to start, end and and what time to run. - properties: - scheduleEndDate: - description: The last day the recurring transfer will be run. If - schedule_end_date is the same as schedule_start_date, the transfer - will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid for - the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled to - run. If schedule_start_date is in the past, the transfer will - run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid for - the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. If - not specified, recurring and one-time transfers that are scheduled - to run today will run immediately; recurring transfers that are - scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be from - 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally be - from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, and - an operation spawned by the transfer is running, the status change - would not affect the current operation.' - type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be - used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a - value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be - used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a - value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - required: - - awsAccessKey - - bucketName - type: object - gcsDataSink: - description: A Google Cloud Storage data sink. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The name of a StorageBucket. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - bucketRef - type: object - httpDataSource: - description: An HTTP URL data source. - properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. Currently, - only URLs with HTTP and HTTPS schemes are supported. - type: string - required: - - listUrl - type: object - objectConditions: - description: Only objects that satisfy these object conditions are - included in the set of data source and data sink objects. Object - conditions based on objects' last_modification_time do not exclude - objects in a data sink. - properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements described - for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that satisfy - the object conditions must have names that start with one - of the include_prefixes and that do not start with any of - the exclude_prefixes. If include_prefixes is not specified, - all objects except those that have names starting with one - of the exclude_prefixes must satisfy the object conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - type: object - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a data - sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - type: object - type: object - required: - - description - - schedule - - transferSpec - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. - type: string - name: - description: The name of the Transfer Job. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/instance/cnrm-install-system/kustomization.yaml b/test-infra/management/instance/cnrm-install-system/kustomization.yaml index 5326a305385..1ff45f12920 100644 --- a/test-infra/management/instance/cnrm-install-system/kustomization.yaml +++ b/test-infra/management/instance/cnrm-install-system/kustomization.yaml @@ -1,9 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- crds.yaml -- 0-cnrm-system.yaml -# TODO(https://github.com/kubeflow/gcp-blueprints/issues/13) -# We should go back to using the base once its no longer using -# namespaced mode. -#- ../../upstream/management/cnrm-install/install-system +- ../../upstream/management/cnrm-install/operator-system +- ../../upstream/management/cnrm-install/instance diff --git a/test-infra/management/instance/managed-project/README.md b/test-infra/management/instance/managed-project/README.md new file mode 100644 index 00000000000..dcc1d16eb93 --- /dev/null +++ b/test-infra/management/instance/managed-project/README.md @@ -0,0 +1,4 @@ +A simplepackage to grant ownership permissions on a project to +the GCP service account you are running CNRM with. + +The Google Cloud Project where you install Config Connector is known as the host project, or **HOST_PROJECT**. The other projects where you manage resources are known as the managed projects, or **MANAGED_PROJECT**. These could be the same project if you only intend to use Config Connector to create Google Cloud resources in the same project as your cluster. diff --git a/test-infra/management/instance/managed-project/iam.yaml b/test-infra/management/instance/managed-project/iam.yaml new file mode 100644 index 00000000000..7ef8ac413cb --- /dev/null +++ b/test-infra/management/instance/managed-project/iam.yaml @@ -0,0 +1,14 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: cnrm-system-MANAGED_PROJECT-owner + namespace: issue-label-bot-dev # {"$kpt-set":"managed-project"} +spec: + member: serviceAccount:kf-ci-management-cnrm-system@kubeflow-ci.iam.gserviceaccount.com # {"$kpt-set":"managed-project-owner-member"} + role: roles/owner + resourceRef: + apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 + kind: Project + # N.B. With anthoscli 0.2.4 this is just the project id + # and not projects/MANAGED_PROJECT as used by the CNRM docs. + external: issue-label-bot-dev # {"$kpt-set":"managed-project"} diff --git a/test-infra/management/instance/settings.yaml b/test-infra/management/instance/settings.yaml index d6378c9abf5..525706b5ff7 100644 --- a/test-infra/management/instance/settings.yaml +++ b/test-infra/management/instance/settings.yaml @@ -1,6 +1,6 @@ # The purpose of this file is to store values in setters # so its easy to get them using yq for use in Make. # TODO(jlewi): File a feature request to have kpt list-setters return the value -project: kubeflow-ci # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"kubeflow-ci"}]}} -name: kf-ci-management # {"type":"string","x-kustomize":{"partialSetters":[{"name":"name","value":"kf-ci-management"}]}} -location: us-central1 # {"type":"string","x-kustomize":{"partialSetters":[{"name":"location","value":"us-central1"}]}} +project: kubeflow-ci +name: kf-ci-management +location: us-central1 diff --git a/test-infra/management/upstream/management/Kptfile b/test-infra/management/upstream/management/Kptfile index 91306c88b23..d4b29bd678c 100644 --- a/test-infra/management/upstream/management/Kptfile +++ b/test-infra/management/upstream/management/Kptfile @@ -1,11 +1,95 @@ apiVersion: kpt.dev/v1alpha1 kind: Kptfile metadata: - name: manifests + name: . upstream: - type: git - git: - commit: 555bc964672c8fa7706989e77d1b94c07fdb5493 - repo: https://github.com/jlewi/manifests - directory: /gcp/v2/management - ref: blueprints + type: git + git: + commit: ce0fef88353dfcedd18f4e7319253e451dbde5ee + repo: https://github.com/Bobgy/manifests + directory: /gcp/v2/management + ref: gcp_120 +packageMetadata: + shortDescription: GCP blueprint configs. +openAPI: + definitions: + io.k8s.cli.setters.gcloud.core.project: + x-k8s-cli: + setter: + isSet: true + name: gcloud.core.project + value: kubeflow-ci + io.k8s.cli.setters.location: + x-k8s-cli: + setter: + isSet: true + name: location + value: us-central1 + io.k8s.cli.setters.name: + x-k8s-cli: + setter: + isSet: true + name: name + value: kf-ci-management + io.k8s.cli.substitutions.cluster-name: + x-k8s-cli: + substitution: + name: cluster-name + pattern: ${gcloud.core.project}/${location}/${name} + values: + - marker: ${gcloud.core.project} + ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' + - marker: ${location} + ref: '#/definitions/io.k8s.cli.setters.location' + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + io.k8s.cli.substitutions.cnrm-system: + x-k8s-cli: + substitution: + name: cnrm-system + pattern: ${name}-cnrm-system@${gcloud.core.project}.iam.gserviceaccount.com + values: + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + - marker: ${gcloud.core.project} + ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' + io.k8s.cli.substitutions.cnrm-system-sa: + x-k8s-cli: + substitution: + name: cnrm-system-sa + pattern: ${name}-cnrm-system + values: + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + io.k8s.cli.substitutions.cnrm-system-wi: + x-k8s-cli: + substitution: + name: cnrm-system-wi + pattern: ${name}-cnrm-system-wi + values: + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + io.k8s.cli.substitutions.cnrm-wi: + x-k8s-cli: + substitution: + name: cnrm-wi + pattern: serviceAccount:${gcloud.core.project}.svc.id.goog[cnrm-system/cnrm-controller-manager] + values: + - marker: ${gcloud.core.project} + ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' + io.k8s.cli.substitutions.pool: + x-k8s-cli: + substitution: + name: pool + pattern: ${name}-pool-2 + values: + - marker: ${name} + ref: '#/definitions/io.k8s.cli.setters.name' + io.k8s.cli.substitutions.wi-pool: + x-k8s-cli: + substitution: + name: wi-pool + pattern: ${gcloud.core.project}.svc.id.goog + values: + - marker: ${gcloud.core.project} + ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' diff --git a/test-infra/management/upstream/management/cluster/cluster.yaml b/test-infra/management/upstream/management/cluster/cluster.yaml index 6f94e073c73..7697afbba2c 100644 --- a/test-infra/management/upstream/management/cluster/cluster.yaml +++ b/test-infra/management/upstream/management/cluster/cluster.yaml @@ -1,27 +1,23 @@ -# TODO(jlewi): Do we still need IdentityNamespace? Isn't it automatically set for each project -apiVersion: identity.cnrm.cloud.google.com/v1alpha2 -kind: IdentityNamespace -metadata: - name: default -spec: {} ---- # TODO(jlewi): Use a regional cluster? There should no longer be any cost savings to using zonal # # User specific values should be defined in a patch inside the blueprint package. # Exception is the name since that needs to be changed in teh base package as well. -apiVersion: container.cnrm.cloud.google.com/v1alpha2 +apiVersion: container.cnrm.cloud.google.com/v1beta1 kind: ContainerCluster metadata: - name: kf-ci-management # {"type":"string","x-kustomize":{"setter":{"name":"name","value":"kf-ci-management"}}} + name: kf-ci-management # {"$kpt-set":"name"} + # N.B. AnthosCLI doesn't appear to support this annotation yet (anthos CLI 0.2.4) + # cnrm.cloud.google.com/remove-default-node-pool: "true" + annotations: + # Annotation required by anthoscli + gke.io/cluster: "bootstrap://" spec: # Use a regional cluster. Regional offer higher availability and the cluster management fee is the same. - location: us-central1-f - workloadIdentity: - identityNamespace: default - ipAllocationPolicy: - useIpAliases: true + location: us-central1 # {"$kpt-set":"location"} + initialNodeCount: 3 + # See https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#sharing_identities_across_clusters + # Currently there is only one pool per project + workloadIdentityConfig: + identityNamespace: kubeflow-ci.svc.id.goog # {"$kpt-set":"wi-pool"} releaseChannel: - # TODO(jlewi): Should we switch to a stable channel? - channel: RAPID - clusterTelemetry: - type: enabled + channel: REGULAR diff --git a/test-infra/management/upstream/management/cluster/enable-services.yaml b/test-infra/management/upstream/management/cluster/enable-services.yaml index 891153e699f..244dea76d5a 100644 --- a/test-infra/management/upstream/management/cluster/enable-services.yaml +++ b/test-infra/management/upstream/management/cluster/enable-services.yaml @@ -1,8 +1,16 @@ # GKE -apiVersion: cnrm.cloud.google.com/v1alpha1 -kind: CloudService +#apiVersion: cnrm.cloud.google.com/v1alpha1 +#kind: CloudService +#metadata: +# name: gke +#spec: +# service: container.googleapis.com +apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +kind: Service metadata: - name: gke - namespace: "jlewi-dev" # {"type":"string","x-kustomize":{"setBy":"kpt","setter":{"name":"gcloud.core.project","value":"jlewi-dev"}}} -spec: - service: container.googleapis.com + annotations: + # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted. + cnrm.cloud.google.com/deletion-policy: "abandon" + # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed. + cnrm.cloud.google.com/disable-dependent-services: "false" + name: container.googleapis.com diff --git a/test-infra/management/upstream/management/cluster/kustomization.yaml b/test-infra/management/upstream/management/cluster/kustomization.yaml index a19ece4eaf8..9a542b0f084 100644 --- a/test-infra/management/upstream/management/cluster/kustomization.yaml +++ b/test-infra/management/upstream/management/cluster/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - enable-services.yaml - cluster.yaml - nodepool.yaml diff --git a/test-infra/management/upstream/management/cluster/nodepool.yaml b/test-infra/management/upstream/management/cluster/nodepool.yaml index 9c7d3dc21f5..290e598d779 100644 --- a/test-infra/management/upstream/management/cluster/nodepool.yaml +++ b/test-infra/management/upstream/management/cluster/nodepool.yaml @@ -1,8 +1,12 @@ -apiVersion: container.cnrm.cloud.google.com/v1alpha2 +# AnthosCLI requires a nodepool object to describe the nodepool. +apiVersion: container.cnrm.cloud.google.com/v1beta1 kind: ContainerNodePool metadata: - clusterName: "project-id/us-central1/kf-ci-management" # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"project-id"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1"}]}} - name: kf-ci-management-pool # {"type":"string","x-kustomize":{"partialSetters":[{"name":"gcloud.core.project","value":"project-id"},{"name":"name","value":"kf-ci-management"},{"name":"location","value":"us-central1-f"}]}} + clusterName: "kubeflow-ci/us-central1/kf-ci-management" # {"$kpt-set":"cluster-name"} + name: kf-ci-management-pool-2 # {"$kpt-set":"pool"} + annotations: + # Annotation required by anthoscli + gke.io/cluster: "bootstrap://" spec: autoscaling: minNodeCount: 1 @@ -16,13 +20,13 @@ spec: - https://www.googleapis.com/auth/devstorage.read_only - https://www.googleapis.com/auth/logging.write - https://www.googleapis.com/auth/monitoring - - https://www.googleapis.com/auth/servicecontrol - - https://www.googleapis.com/auth/service.management.readonly - https://www.googleapis.com/auth/trace.append metadata: disable-legacy-endpoints: "true" + workloadMetadataConfig: + mode: GKE_METADATA management: autoRepair: true autoUpgrade: true clusterRef: - name: kf-ci-management # {"type":"string","x-kustomize":{"setter":{"name":"name","value":"kf-ci-management"}}} + name: kf-ci-management # {"$kpt-set":"name"} diff --git a/test-infra/management/upstream/management/cnrm-install/README.md b/test-infra/management/upstream/management/cnrm-install/README.md index d73d65b15a2..8f3402e6454 100644 --- a/test-infra/management/upstream/management/cnrm-install/README.md +++ b/test-infra/management/upstream/management/cnrm-install/README.md @@ -1,12 +1,9 @@ -# Configuration for installing KCC in the management cluster. +# Configuration for installing Cloud Config Connector in the management cluster. -Configs are a copy of the CNRM install (see [docs](https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall#namespaced-mode)) +Configs are a copy of the CNRM operator install (see [docs](https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual)). To update: -1. Download the the latest GCS install bundle listed on (https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall#namespaced-mode) +1. Download the the latest GCS install bundle listed on (https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual). -1. Copy the system components for the namespaced install bundle to `install-system` -1. Copy the per namespace components to the template stored in the blueprint repo. - - * You will need to add kpt setters to the per namespace components. \ No newline at end of file +1. Untar and replace the `operator-system/configconnector-operator.yaml`. diff --git a/test-infra/management/upstream/management/cnrm-install/enable-services.yaml b/test-infra/management/upstream/management/cnrm-install/enable-services.yaml deleted file mode 100644 index 780d5eedde2..00000000000 --- a/test-infra/management/upstream/management/cnrm-install/enable-services.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# cloudresourcemanager, used for creating projects -apiVersion: cnrm.cloud.google.com/v1alpha1 -kind: CloudService -metadata: - name: cloudresourcemanager.googleapis.com - namespace: "jlewi-dev" # {"type":"string","x-kustomize":{"setBy":"kpt","setter":{"name":"gcloud.core.project","value":"jlewi-dev"}}} -spec: - service: cloudresourcemanager.googleapis.com diff --git a/test-infra/management/upstream/management/cnrm-install/iam.yaml b/test-infra/management/upstream/management/cnrm-install/iam.yaml deleted file mode 100644 index 10c8286b500..00000000000 --- a/test-infra/management/upstream/management/cnrm-install/iam.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: iam.cnrm.cloud.google.com/v1alpha1 -kind: IAMServiceAccount -metadata: - name: cnrm-controller-manager -spec: - displayName: Service Account for CNRM - projectRoles: - - roles/source.reader ---- -apiVersion: iam.cnrm.cloud.google.com/v1alpha1 -kind: IAMPolicy -metadata: - name: cnrm-controller-manager -spec: - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1alpha1 - kind: IAMServiceAccount - name: cnrm-controller-manager - bindings: - - role: roles/iam.workloadIdentityUser - members: - - serviceAccount:root-270714.svc.id.goog[cnrm-system/cnrm-controller-manager] ---- -# TODO: Implement this in anthos-cli ? -# For now: gcloud organizations add-iam-policy-binding 190265346736 --member=serviceAccount:cnrm-controller-manager@root-270714.iam.gserviceaccount.com --role=roles/resourcemanager.projectCreator -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: cnrm-controller-manager:project -spec: - member: serviceAccount:cnrm-controller-manager@root-270714.iam.gserviceaccount.com - role: roles/resourcemanager.projectCreator - resourceRef: - apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 - kind: Organization - external: organizations/190265346736 diff --git a/test-infra/management/upstream/management/cnrm-install/iam/iam.yaml b/test-infra/management/upstream/management/cnrm-install/iam/iam.yaml new file mode 100644 index 00000000000..36ebec598eb --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/iam/iam.yaml @@ -0,0 +1,27 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + name: kf-ci-management-cnrm-system # {"$kpt-set":"cnrm-system-sa"} + # annotations: + # cnrm.cloud.google.com/project-id: kubeflow-ci +spec: + displayName: Service account for CNRM + # email: kf-ci-management-cnrm-system@kubeflow-ci.iam.gserviceaccount.com +--- +# TODO(jlewi): anthoscli 0.2.4 doesn't support IAMPolicyMember except for projects. +# As soon as it supports WI we should witch to that. +# Using IAMPolicy on the cnrm-system service account should be ok +# because this should be the only policy we set. +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicy +metadata: + name: kf-ci-management-cnrm-system-wi # {"$kpt-set":"cnrm-system-wi"} +spec: + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1alpha1 + kind: IAMServiceAccount + name: kf-ci-management-cnrm-system # {"$kpt-set":"cnrm-system-sa"} + bindings: + - role: roles/iam.workloadIdentityUser + members: + - serviceAccount:kubeflow-ci.svc.id.goog[cnrm-system/cnrm-controller-manager] # {"$kpt-set":"cnrm-wi"} diff --git a/test-infra/management/upstream/management/cnrm-install/install-system/kustomization.yaml b/test-infra/management/upstream/management/cnrm-install/iam/kustomization.yaml similarity index 69% rename from test-infra/management/upstream/management/cnrm-install/install-system/kustomization.yaml rename to test-infra/management/upstream/management/cnrm-install/iam/kustomization.yaml index 3d6bbd8ba8e..438159f27ac 100644 --- a/test-infra/management/upstream/management/cnrm-install/install-system/kustomization.yaml +++ b/test-infra/management/upstream/management/cnrm-install/iam/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- 0-cnrm-system.yaml -- crds.yaml +- iam.yaml diff --git a/test-infra/management/upstream/management/cnrm-install/install-system/0-cnrm-system.yaml b/test-infra/management/upstream/management/cnrm-install/install-system/0-cnrm-system.yaml deleted file mode 100644 index 83c80458d48..00000000000 --- a/test-infra/management/upstream/management/cnrm-install/install-system/0-cnrm-system.yaml +++ /dev/null @@ -1,581 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin -rules: -- apiGroups: - - accesscontextmanager.cnrm.cloud.google.com - - bigquery.cnrm.cloud.google.com - - bigtable.cnrm.cloud.google.com - - cloudbuild.cnrm.cloud.google.com - - compute.cnrm.cloud.google.com - - container.cnrm.cloud.google.com - - dataflow.cnrm.cloud.google.com - - dns.cnrm.cloud.google.com - - firestore.cnrm.cloud.google.com - - iam.cnrm.cloud.google.com - - kms.cnrm.cloud.google.com - - pubsub.cnrm.cloud.google.com - - redis.cnrm.cloud.google.com - - resourcemanager.cnrm.cloud.google.com - - servicenetworking.cnrm.cloud.google.com - - serviceusage.cnrm.cloud.google.com - - sourcerepo.cnrm.cloud.google.com - - spanner.cnrm.cloud.google.com - - sql.cnrm.cloud.google.com - - storage.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: -- apiGroups: - - "" - resources: - - events - - configmaps - - secrets - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-role -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - core.cnrm.cloud.google.com - resources: - - servicemappings - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-admin-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-admin -subjects: -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-deletiondefender-role -subjects: -- kind: ServiceAccount - name: cnrm-deletiondefender - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-recorder-role -subjects: -- kind: ServiceAccount - name: cnrm-resource-stats-recorder - namespace: cnrm-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cnrm-webhook-role -subjects: -- kind: ServiceAccount - name: cnrm-webhook-manager - namespace: cnrm-system ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - ports: - - name: deletiondefender - port: 443 - selector: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - prometheus.io/port: "8888" - prometheus.io/scrape: "true" - labels: - cnrm.cloud.google.com/monitored: "true" - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder-service - namespace: cnrm-system -spec: - ports: - - name: metrics - port: 8888 - selector: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - name: cnrm-resource-stats-recorder - namespace: cnrm-system -spec: - replicas: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-resource-stats-recorder - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --prometheus-scrape-endpoint=:8888 - - --metric-interval=60 - command: - - /configconnector/recorder - env: - - name: CONFIG_CONNECTOR_VERSION - value: 1.7.1 - image: gcr.io/cnrm-eap/recorder:f190973 - imagePullPolicy: Always - name: recorder - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-resource-stats-recorder - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system -spec: - replicas: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/webhook - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:f190973 - imagePullPolicy: Always - name: webhook - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-webhook-manager - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender - namespace: cnrm-system -spec: - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - serviceName: cnrm-deletiondefender - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - labels: - cnrm.cloud.google.com/component: cnrm-deletiondefender - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:f190973 - imagePullPolicy: Always - name: deletiondefender - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-deletiondefender - terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/upstream/management/cnrm-install/install-system/crds.yaml b/test-infra/management/upstream/management/cnrm-install/install-system/crds.yaml deleted file mode 100644 index f76dda4219e..00000000000 --- a/test-infra/management/upstream/management/cnrm-install/install-system/crds.yaml +++ /dev/null @@ -1,17665 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessLevel - plural: accesscontextmanageraccesslevels - shortNames: - - gcpaccesscontextmanageraccesslevel - - gcpaccesscontextmanageraccesslevels - singular: accesscontextmanageraccesslevel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - accessPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - basic: - description: A set of predefined conditions for the access level and - a combining function. - properties: - combiningFunction: - description: |- - How the conditions list should be combined to determine if a request - is granted this AccessLevel. If AND is used, each Condition in - conditions must be satisfied for the AccessLevel to be applied. If - OR is used, at least one Condition in conditions must be satisfied - for the AccessLevel to be applied. Defaults to AND if unspecified. - type: string - conditions: - description: A set of requirements for the AccessLevel to be granted. - items: - properties: - devicePolicy: - description: |- - Device specific restrictions, all restrictions must hold for - the Condition to be true. If not specified, all devices are - allowed. - properties: - allowedDeviceManagementLevels: - description: |- - A list of allowed device management levels. - An empty list allows all management levels. - items: - type: string - type: array - allowedEncryptionStatuses: - description: |- - A list of allowed encryptions statuses. - An empty list allows all statuses. - items: - type: string - type: array - osConstraints: - description: |- - A list of allowed OS versions. - An empty list allows all types and all versions. - items: - properties: - minimumVersion: - description: |- - The minimum allowed OS version. If not set, any version - of this OS satisfies the constraint. - Format: "major.minor.patch" such as "10.5.301", "9.2.1". - type: string - osType: - description: The operating system type of the device. - type: string - required: - - osType - type: object - type: array - requireAdminApproval: - description: Whether the device needs to be approved by - the customer admin. - type: boolean - requireCorpOwned: - description: Whether the device needs to be corp owned. - type: boolean - requireScreenLock: - description: |- - Whether or not screenlock is required for the DevicePolicy - to be true. Defaults to false. - type: boolean - type: object - ipSubnetworks: - description: |- - A list of CIDR block IP subnetwork specification. May be IPv4 - or IPv6. - Note that for a CIDR IP address block, the specified IP address - portion must be properly truncated (i.e. all the host bits must - be zero) or the input is considered malformed. For example, - "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, - for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" - is not. The originating IP of a request must be in one of the - listed subnets in order for this Condition to be true. - If empty, all IP addresses are allowed. - items: - type: string - type: array - members: - items: - properties: - group: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - user: - type: string - type: object - type: array - negate: - description: |- - Whether to negate the Condition. If true, the Condition becomes - a NAND over its non-empty fields, each field must be false for - the Condition overall to be satisfied. Defaults to false. - type: boolean - requiredAccessLevels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - type: array - required: - - conditions - type: object - description: - description: Description of the AccessLevel and its use. Does not affect - behavior. - type: string - title: - description: Human readable title. Must be unique within the Policy. - type: string - required: - - accessPolicyRef - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com -spec: - group: accesscontextmanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: AccessContextManagerAccessPolicy - plural: accesscontextmanageraccesspolicies - shortNames: - - gcpaccesscontextmanageraccesspolicy - - gcpaccesscontextmanageraccesspolicies - singular: accesscontextmanageraccesspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - title: - description: Human readable title. Does not affect behavior. - type: string - required: - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time the AccessPolicy was created in UTC. - type: string - name: - description: 'Resource name of the AccessPolicy. Format: {policy_id}' - type: string - updateTime: - description: Time the AccessPolicy was updated in UTC. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryDataset - plural: bigquerydatasets - shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - access: - description: An array of objects that define dataset access for one - or more entities. - items: - properties: - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Primitive, Predefined and custom - roles are supported. Predefined roles that have equivalent - primitive roles are swapped by the API to their Primitive - counterparts, and will show a diff post-create. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. - type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com - type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. - type: string - required: - - datasetId - - projectId - - tableId - type: object - type: object - type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. - type: integer - description: - description: A user-friendly description of the dataset - type: string - friendlyName: - description: A descriptive name for the dataset - type: string - location: - description: |- - The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - Possible regional values include: 'asia-east1', 'asia-northeast1', - 'asia-southeast1', 'australia-southeast1', 'europe-north1', - 'europe-west2' and 'us-east4'. - - - Possible multi-regional values: 'EU' and 'US'. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com -spec: - group: bigquery.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigQueryTable - plural: bigquerytables - shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - clustering: - items: - type: string - type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - type: string - encryptionConfiguration: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - expirationTime: - type: integer - externalDataConfiguration: - properties: - autodetect: - type: boolean - compression: - type: string - csvOptions: - properties: - allowJaggedRows: - type: boolean - allowQuotedNewlines: - type: boolean - encoding: - type: string - fieldDelimiter: - type: string - quote: - type: string - skipLeadingRows: - type: integer - required: - - quote - type: object - googleSheetsOptions: - properties: - range: - type: string - skipLeadingRows: - type: integer - type: object - ignoreUnknownValues: - type: boolean - maxBadRecords: - type: integer - sourceFormat: - type: string - sourceUris: - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - type: string - schema: - type: string - timePartitioning: - properties: - expirationMs: - type: integer - field: - type: string - requirePartitionFilter: - type: boolean - type: - type: string - required: - - type - type: object - view: - properties: - query: - type: string - useLegacySql: - type: boolean - required: - - query - type: object - required: - - datasetRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTime: - type: integer - etag: - type: string - lastModifiedTime: - type: integer - location: - type: string - numBytes: - type: integer - numLongTermBytes: - type: integer - numRows: - type: integer - selfLink: - type: string - type: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com -spec: - group: bigtable.cnrm.cloud.google.com - names: - categories: - - gcp - kind: BigtableInstance - plural: bigtableinstances - shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - cluster: - items: - properties: - clusterId: - type: string - numNodes: - type: integer - storageType: - type: string - zone: - type: string - required: - - clusterId - - zone - type: object - type: array - displayName: - type: string - instanceType: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com -spec: - group: cloudbuild.cnrm.cloud.google.com - names: - categories: - - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers - shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - build: - description: Contents of the build template. Either a filename or build - template must be provided. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. - items: - type: string - type: array - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: |- - The name of the container image that will run this particular build step. - - If the image is available in the host's Docker daemon's cache, it will be - run directly. If not, the host will attempt to pull the image first, using - the builder service account's credentials if necessary. - - The Docker daemon's cache will already have the latest versions of all of - the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). - The Docker daemon will also have cached many of the layers for some popular - images, like "ubuntu", "debian", but they will be refreshed at the time - you attempt to use them. - - If you built an image in a previous build step, it will be stored in the - host's Docker daemon's cache and is available to use as the name for a - later build step. - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step - type: object - description: - description: Human-readable description of the trigger. - type: string - disabled: - description: Whether the trigger is disabled or not. If true, the trigger - will never result in a build. - type: boolean - filename: - description: Path, from the source root, to a file whose contents is - used for the template. Either a filename or build template must be - provided. - type: string - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template' or 'github' must be provided. - properties: - name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". - type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. - type: string - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or tags. Specify - only one of pullRequest or push. - properties: - branch: - description: Regex of branches to match. Specify only one of - branch or tag. - type: string - tag: - description: Regex of tags to match. Specify only one of branch - or tag. - type: string - type: object - type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. - items: - type: string - type: array - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template' or 'github' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - repoRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Time when the trigger was created. - type: string - triggerId: - description: The unique identifier for the trigger. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeAddress - plural: computeaddresses - shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - address: - description: |- - The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. - type: string - addressType: - description: |- - The type of address to reserve, either INTERNAL or EXTERNAL. - If unspecified, defaults to EXTERNAL. - type: string - description: - description: An optional description of this resource. - type: string - ipVersion: - description: |- - The IP Version that will be used by this address. Valid options are - 'IPV4' or 'IPV6'. The default value is 'IPV4'. - type: string - location: - description: 'Location represents the geographical location of the ComputeAddress. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. This field can - take the following values: PREMIUM or STANDARD. If this field is not - specified, it is assumed to be PREMIUM. - type: string - prefixLength: - description: |- - The prefix length of the IP range. If not present, it means the - address field is a single IP address. - - This field is not applicable to addresses with addressType=EXTERNAL. - type: integer - purpose: - description: |- - The purpose of this resource, which can be one of the following values: - - - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. - - This should only be set when using an Internal address. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets - shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. - properties: - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer - required: - - signedUrlCacheMaxAgeSec - type: object - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean - required: - - bucketRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeBackendService - plural: computebackendservices - shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - group: - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. The default is 0.8. Valid - range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. - properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - type: object - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer - type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer - type: object - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. - properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. - type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer - type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: - items: - properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy - properties: - oauth2ClientId: - description: OAuth2 Client ID for IAP - type: string - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP - type: string - required: - - oauth2ClientId - - oauth2ClientSecret - type: object - loadBalancingScheme: - description: |- - Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. Must be 'EXTERNAL' or - 'INTERNAL_SELF_MANAGED' for a global backend service. Defaults to 'EXTERNAL'. - type: string - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are - - - ROUND_ROBIN - This is a simple policy in which each healthy backend - is selected in round robin order. - - LEAST_REQUEST - An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - RING_HASH - The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - RANDOM - The load balancer selects a random healthy host. - - ORIGINAL_DESTINATION - Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - MAGLEV - used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - This field is applicable only when the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. - type: string - location: - description: 'Location represents the geographical location of the ComputeBackendService. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: - description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer - type: object - portName: - description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. - type: string - protocol: - description: |- - The protocol this BackendService uses to communicate with backends. - Possible values are HTTP, HTTPS, HTTP2, TCP, and SSL. The default is - HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - type: string - securityPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sessionAffinity: - description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. - type: string - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer - required: - - healthChecks - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeDisk - plural: computedisks - shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of - the disk. - - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeDisk. - Specify a region name or a zone name. Reference: GCP definition of - regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - physicalBlockSizeBytes: - description: |- - Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - replicaZones: - description: URLs of the zones where the disk should be replicated to. - items: - type: string - type: array - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - type: integer - snapshotRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. - type: string - selfLink: - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance - items: - type: string - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways - shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - interface: - description: A list of interfaces on this external VPN gateway. - items: - properties: - id: - description: |- - The numberic ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY' - type: integer - ipAddress: - description: |- - IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider’s VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: Indicates the redundancy type of this external VPN gateway - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewall - plural: computefirewalls - shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - destinationRanges: - description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: - description: |- - Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - sourceRanges OR sourceTags. - type: string - disabled: - description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: |- - This field denotes whether to enable logging for a particular - firewall rule. If logging is enabled, logs will be exported to - Stackdriver. - type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer - sourceRanges: - description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. - items: - type: string - type: array - sourceServiceAccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. - items: - type: string - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetTags: - description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. - items: - type: string - type: array - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules - shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allPorts: - description: |- - For internal TCP/UDP load balancing (i.e. load balancing scheme is - INTERNAL and protocol is TCP/UDP), set this to true to allow packets - addressed to any ports to be forwarded to the backends configured - with this forwarding rule. Used with backend service. Cannot be set - if port or portRange are set. - type: boolean - allowGlobalAccess: - description: |- - If true, clients can access ILB from all regions. - Otherwise only allows from the local region the ILB is located at. - type: boolean - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - ipAddress: - properties: - addressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ip: - type: string - type: object - ipProtocol: - description: |- - The IP protocol to which this rule applies. Valid options are TCP, - UDP, ESP, AH, SCTP or ICMP. - - When the load balancing scheme is INTERNAL, only TCP and UDP are - valid. - type: string - ipVersion: - description: |- - The IP Version that will be used by this global forwarding rule. - Valid options are IPV4 or IPV6. - type: string - loadBalancingScheme: - description: |- - This signifies what the ForwardingRule will be used for and can be - EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic - Cloud VPN gateways, protocol forwarding to VMs from an external IP address, - and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. - INTERNAL is used for protocol forwarding to VMs from an internal IP address, - and internal TCP/UDP load balancers. - INTERNAL_MANAGED is used for internal HTTP(S) load balancers. - type: string - location: - description: 'Location represents the geographical location of the ComputeForwardingRule. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing - configuration to a limited set xDS compliant clients. In their xDS - requests to Loadbalancer, xDS clients present node metadata. If a - match takes place, the relevant routing configuration is made available - to those proxies. - - For each metadataFilter in this list, if its filterMatchCriteria is set - to MATCH_ANY, at least one of the filterLabels must match the - corresponding label provided in the metadata. If its filterMatchCriteria - is set to MATCH_ALL, then all of its filterLabels must match with - corresponding labels in the provided metadata. - - metadataFilters specified here can be overridden by those specified in - the UrlMap that this ForwardingRule references. - - metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the - provided metadata based on filterMatchCriteria - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Name of the metadata label. The length must be between - 1 and 1024 characters, inclusive. - type: string - value: - description: |- - The value that the label must match. The value has a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of - filterLabels contribute towards the overall metadataFilter match. - - MATCH_ANY - At least one of the filterLabels must have a matching - label in the provided metadata. - MATCH_ALL - All filterLabels must have matching labels in the - provided metadata. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: |- - The networking tier used for configuring this address. This field can - take the following values: PREMIUM or STANDARD. If this field is not - specified, it is assumed to be PREMIUM. - type: string - portRange: - description: |- - This field is used along with the target field for TargetHttpProxy, - TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, - TargetPool, TargetInstance. - - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets - addressed to ports in the specified range will be forwarded to target. - Forwarding rules with the same [IPAddress, IPProtocol] pair must have - disjoint port ranges. - - Some types of forwarding target have constraints on the acceptable - ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetVpnGateway: 500, 4500 - type: string - ports: - description: |- - This field is used along with the backend_service field for internal - load balancing. - - When the load balancing scheme is INTERNAL, a single port or a comma - separated list of ports can be configured. Only packets addressed to - these ports will be forwarded to the backends configured with this - forwarding rule. - - You may specify a maximum of up to 5 ports. - items: - type: string - type: array - serviceLabel: - description: |- - An optional prefix to the service name for this Forwarding Rule. - If specified, will be the first label of the fully qualified service - name. - - The label must be 1-63 characters long, and comply with RFC1035. - Specifically, the label must be 1-63 characters long and match the - regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first - character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - This field is only used for INTERNAL load balancing. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - target: - properties: - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - serviceName: - description: |- - The internal fully qualified service name for this Forwarding Rule. - This field is only used for INTERNAL load balancing. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHealthCheck - plural: computehealthchecks - shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the ComputeHealthCheck. - Specify a region name or "global" for global resources. Reference: - GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - sslHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource - properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend, either NONE or PROXY_V1. The default is NONE. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks - shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks - shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeImage - plural: computeimages - shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Size of the image when restored onto a persistent disk - (in GB). - type: integer - family: - description: |- - The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - A list of features to enable on the guest operating system. - Applicable only for bootable images. - items: - properties: - type: - description: The type of supported feature. Read [Enabling guest - operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. - type: string - required: - - type - type: object - type: array - licenses: - description: Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: The parameters of the raw disk image. - properties: - containerType: - description: |- - The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. - type: string - sha1: - description: |- - An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - type: object - status: - properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups - shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - namedPort: - items: - properties: - name: - type: string - port: - type: integer - required: - - name - - port - type: object - type: array - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - size: - type: integer - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstance - plural: computeinstances - shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - required: - - instanceTemplateRef - properties: - attachedDisk: - items: - properties: - deviceName: - type: string - diskEncryptionKeyRaw: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceDiskRef - type: object - type: array - bootDisk: - properties: - autoDelete: - type: boolean - deviceName: - type: string - diskEncryptionKeyRaw: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - type: string - initializeParams: - properties: - labels: - type: object - size: - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - type: string - type: object - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - canIpForward: - type: boolean - deletionProtection: - type: boolean - description: - type: string - enableDisplay: - type: boolean - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - hostname: - type: string - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - type: string - minCpuPlatform: - type: string - networkInterface: - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - type: string - publicPtrDomainName: - type: string - type: object - type: array - aliasIpRange: - items: - properties: - ipCidrRange: - type: string - subnetworkRangeName: - type: string - required: - - ipCidrRange - type: object - type: array - name: - type: string - networkIp: - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - scheduling: - properties: - automaticRestart: - type: boolean - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - type: string - preemptible: - type: boolean - type: object - scratchDisk: - items: - properties: - interface: - type: string - required: - - interface - type: object - type: array - serviceAccount: - properties: - scopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - enableVtpm: - type: boolean - type: object - tags: - items: - type: string - type: array - zone: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - cpuPlatform: - type: string - instanceId: - type: string - labelFingerprint: - type: string - metadataFingerprint: - type: string - selfLink: - type: string - tagsFingerprint: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates - shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - canIpForward: - type: boolean - description: - type: string - disk: - items: - properties: - autoDelete: - type: boolean - boot: - type: boolean - deviceName: - type: string - diskEncryptionKey: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - type: string - diskSizeGb: - type: integer - diskType: - type: string - interface: - type: string - labels: - additionalProperties: - type: string - type: object - mode: - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - type: string - type: object - type: array - enableDisplay: - type: boolean - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - instanceDescription: - type: string - machineType: - type: string - metadata: - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - metadataStartupScript: - type: string - minCpuPlatform: - type: string - namePrefix: - type: string - networkInterface: - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - type: string - type: object - type: array - aliasIpRange: - items: - properties: - ipCidrRange: - type: string - subnetworkRangeName: - type: string - required: - - ipCidrRange - type: object - type: array - networkIp: - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkProject: - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - region: - type: string - scheduling: - properties: - automaticRestart: - type: boolean - nodeAffinities: - items: - properties: - value: - type: object - type: object - type: array - onHostMaintenance: - type: string - preemptible: - type: boolean - type: object - serviceAccount: - properties: - scopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - enableVtpm: - type: boolean - type: object - tags: - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - type: string - selfLink: - type: string - tagsFingerprint: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments - shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G - type: string - candidateSubnets: - description: |- - Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - interconnect: - description: |- - URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: |- - The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. - type: string - vlanTag8021q: - description: |- - The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain" - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. - properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the ComputeNetworkEndpointGroup. - Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Type of network endpoints in this network endpoint group. Currently - the only supported value is GCE_VM_IP_PORT. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - type: boolean - importCustomRoutes: - type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - type: string - stateDetails: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetwork - plural: computenetworks - shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoCreateSubnetworks: - description: |- - When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: - type: boolean - description: - description: |- - An optional description of this resource. The resource must be - recreated to modify this field. - type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeGroup - plural: computenodegroups - shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional textual description of the resource. - type: string - nodeTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - size: - description: The total number of nodes in the node group. - type: integer - zone: - description: Zone where this node group is located - type: string - required: - - nodeTemplateRef - - size - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates - shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional textual description of the resource. - type: string - nodeType: - description: |- - Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. - type: string - nodeTypeFlexibility: - description: |- - Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. - properties: - cpus: - description: Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD - type: string - memory: - description: Physical memory available to the node, defined in MB. - type: string - type: object - region: - description: |- - Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - serverBinding: - description: |- - The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. - - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. - type: string - required: - - type - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: The instance properties for the reservation. - properties: - guestAccelerators: - description: Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: The size of the disk in base-2 GB. - type: integer - interface: - description: |- - The disk interface to use for attaching this disk, one - of 'SCSI' or 'NVME'. The default is 'SCSI'. - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - status: - description: The status of the reservation. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies - shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - region: - description: Region where resource policy resides. - type: string - snapshotSchedulePolicy: - description: Policy for creating snapshots of persistent disks. - properties: - retentionPolicy: - description: Retention policy applied to snapshots created by this - resource policy. - properties: - maxRetentionDays: - description: Maximum age of the snapshot that is allowed to - be kept. - type: integer - onSourceDiskDelete: - description: |- - Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. - Valid options are KEEP_AUTO_SNAPSHOTS and APPLY_RETENTION_POLICY - type: string - required: - - maxRetentionDays - type: object - schedule: - description: Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: The policy will execute every nth day at the specified - time. - properties: - daysInCycle: - description: The number of days between snapshots. - type: integer - startTime: - description: |- - This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. - type: string - required: - - daysInCycle - - startTime - type: object - hourlySchedule: - description: The policy will execute every nth hour starting - at the specified time. - properties: - hoursInCycle: - description: The number of hours between snapshots. - type: integer - startTime: - description: |- - Time within the window to start the operations. - It must be in format "HH:MM", - where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Allows specifying a snapshot time for each day - of the week. - properties: - dayOfWeeks: - description: May contain up to seven (one for each day of - the week) snapshot times. - items: - properties: - day: - description: The day of the week to create the snapshot. - e.g. MONDAY - type: string - startTime: - description: |- - Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks - type: object - type: object - snapshotProperties: - description: Properties with which the snapshots are created, such - as labels. - properties: - guestFlush: - description: Whether to perform a 'guest aware' snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: A set of key-value pairs. - type: object - storageLocations: - description: Cloud Storage bucket location in which to store - the snapshot (regional or multi-regional). - items: - type: string - type: array - type: object - required: - - schedule - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces - shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - interconnectAttachmentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ipRange: - type: string - region: - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnTunnelRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterNAT - plural: computerouternats - shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - drainNatIps: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: |- - Specifies the desired filtering of logs on this NAT. Valid - values are: '"ERRORS_ONLY"', '"TRANSLATIONS_ONLY"', '"ALL"' - type: string - required: - - enable - - filter - type: object - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. - type: string - natIps: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Region where the router and NAT reside. - type: string - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS' - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object - type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to 30s - if not set. - type: integer - required: - - natIpAllocateOption - - routerRef - - sourceSubnetworkIpRangesToNat - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouterPeer - plural: computerouterpeers - shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - routerInterfaceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - peerAsn - - peerIpAddress - - routerInterfaceRef - - routerRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - type: string - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRouter - plural: computerouters - shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bgp: - description: BGP information specific to this router. - properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - - Valid values of this enum field are: DEFAULT, CUSTOM - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range - type: object - type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. - type: integer - required: - - asn - type: object - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Region where the router resides. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: - description: |- - The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopGateway: - description: |- - URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nextHopIp: - description: Network IP address of an instance that should handle matching - packets. - type: string - nextHopVPNTunnelRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - priority: - description: |- - The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - tags: - description: A list of instance tags to which this route applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - rule: - items: - properties: - action: - type: string - description: - type: string - match: - properties: - config: - properties: - srcIpRanges: - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - properties: - expression: - type: string - required: - - expression - type: object - versionedExpr: - type: string - type: object - preview: - type: boolean - priority: - type: integer - required: - - action - - match - - priority - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - fingerprint: - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects - shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects - shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSnapshot - plural: computesnapshots - shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - snapshotEncryptionKey: - description: |- - The customer-supplied encryption key of the snapshot. Required if the - source snapshot is protected by a customer-supplied encryption key. - properties: - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - required: - - rawKey - type: object - sourceDiskEncryptionKey: - description: |- - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - rawKey: - description: |- - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - type: object - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - zone: - description: A reference to the zone where the disk is hosted. - type: string - required: - - sourceDiskRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array - selfLink: - type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - sourceDiskLink: - type: string - storageBytes: - description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates - shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - certificate: - description: |- - The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeSSLCertificate. - Specify "global" for global resources. - type: string - privateKey: - description: The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - certificate - - location - - privateKey - type: object - status: - properties: - certificateId: - description: The unique identifier for the resource. - type: integer - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies - shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. This can be one of - 'TLS_1_0', 'TLS_1_1', 'TLS_1_2'. - Default is 'TLS_1_0'. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. - Default is 'COMPATIBLE'. - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSubnetwork - plural: computesubnetworks - shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER' - properties: - aggregationInterval: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. - Possible values are INTERVAL_5_SEC, INTERVAL_30_SEC, INTERVAL_1_MIN, - INTERVAL_5_MIN, INTERVAL_10_MIN, INTERVAL_15_MIN - type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default is 'INCLUDE_ALL_METADATA'. - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - purpose: - description: |- - The purpose of the resource. This field can be either PRIVATE - or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. If unspecified, the - purpose defaults to PRIVATE. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. - type: string - region: - description: URL of the GCP region for this subnetwork. - type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - required: - - ipCidrRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: DEPRECATED — This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies - shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPProxy. - Specify "global" for global resources. - type: string - urlMapRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies - shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - location: - description: Location represents the geographical location of the ComputeTargetHTTPSProxy. - Specify "global" for global resources. - type: string - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Not specifying this field is equivalent to - specifying NONE. - type: string - sslCertificates: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMapRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - location - - sslCertificates - - urlMapRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetInstance - plural: computetargetinstances - shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - natPolicy: - description: |- - NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. - type: string - zone: - description: URL of the zone where the target instance resides. - type: string - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetPool - plural: computetargetpools - shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backupTargetPoolRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - type: string - failoverRatio: - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - type: string - sessionAffinity: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies - shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend, either NONE or PROXY_V1. The default is NONE. - type: string - sslCertificates: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - - sslCertificates - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies - shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend, either NONE or PROXY_V1. The default is NONE. - type: string - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - proxyId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways - shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - gatewayId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeURLMap - plural: computeurlmaps - shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultService: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the response - back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - hostRule: - description: The list of HostRules to use against the URL. - items: - properties: - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid hostnames, except * will - match any string of ([a-z0-9-.]*). In that case, * must be the first character - and must be followed in the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of the URL if the - hostRule matches the URL's host portion. - type: string - required: - - hosts - - pathMatcher - type: object - type: array - location: - description: Location represents the geographical location of the ComputeURLMap. - Specify "global" for global resources. - type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultService: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - description: - description: |- - An optional description of this resource. Provide this property when you create - the resource. - type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - name: - description: The name to which this PathMatcher is referred by - the HostRule. - type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: - properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - * is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string - required: - - backendService - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per retry - attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - type: boolean - required: - - stripQuery - type: object - required: - - paths - type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satifying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - -3 will match. - 0 will - not match. - 0.25 will not match. - -3someString will not match. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regualar expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - items: - properties: - filterLabels: - description: |- - The list of label value pairs that must match labels in the provided metadata - based on filterMatchCriteria This list must not be empty and can have at the - most 64 entries. - items: - properties: - name: - description: |- - Name of metadata label. The name can have a maximum length of 1024 characters - and must be at least 1 character long. - type: string - value: - description: |- - The value of the label must match the specified value. value can have a maximum - length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Specifies how individual filterLabel matches within the list of filterLabels - contribute towards the overall metadataFilter match. Supported values are: - - MATCH_ANY: At least one of the filterLabels must have a matching label in the - provided metadata. - - MATCH_ALL: All filterLabels must have matching labels in - the provided metadata. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - prefixMatch: - description: |- - For satifying the matchRule condition, the request's path must begin with the - specified prefixMatch. prefixMatch must begin with a /. The value must be - between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or - regexMatch must be specified. - type: string - queryParameterMatches: - description: |- - Specifies a list of query parameter match criteria, all of which must match - corresponding query parameters in the request. - items: - properties: - exactMatch: - description: |- - The queryParameterMatch matches if the value of the parameter exactly matches - the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch - must be set. - type: string - name: - description: |- - The name of the query parameter to match. The query parameter must exist in the - request, in the absence of which the request match fails. - type: string - presentMatch: - description: |- - Specifies that the queryParameterMatch matches if the request contains the query - parameter, irrespective of whether the parameter has a value or not. Only one of - presentMatch, exactMatch and regexMatch must be set. - type: boolean - regexMatch: - description: |- - The queryParameterMatch matches if the value of the parameter matches the - regular expression specified by regexMatch. For the regular expression grammar, - please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, - exactMatch and regexMatch must be set. - type: string - required: - - name - type: object - type: array - regexMatch: - description: |- - For satifying the matchRule condition, the path of the request must satisfy the - regular expression specified in regexMatch after removing any query parameters - and anchor supplied with the original URL. For regular expression grammar please - see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, - fullPathMatch or regexMatch must be specified. - type: string - type: object - type: array - priority: - description: |- - For routeRules within a given pathMatcher, priority determines the order - in which load balancer will interpret routeRules. RouteRules are evaluated - in order of priority, from the lowest to highest number. The priority of - a rule decreases as its number increases (1, 2, 3, N+1). The first rule - that matches the request is applied. - - You cannot configure two or more routeRules with the same priority. - Priority for each rule must be set to a number between 0 and - 2147483647 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules - in the future without affecting the rest of the rules. For example, - 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which - you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the - future without any impact on existing rules. - type: integer - routeAction: - description: |- - In response to a matching matchRule, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: |- - If true, specifies the CORS policy is disabled. - which indicates that the CORS policy is in effect. Defaults to false. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string - required: - - backendService - type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction - is not set, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if the gRPC status code in - the response header is set to unavailable - items: - type: string - type: array - required: - - numRetries - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - type: string - urlRedirect: - description: |- - When this rule is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. Defaults to false. - type: boolean - type: object - required: - - priority - type: object - type: array - required: - - name - type: object - type: array - test: - description: |- - The list of expected URL mapping tests. Request to update this UrlMap will - succeed only if all of the test cases pass. You can specify a maximum of 100 - tests per UrlMap. - items: - properties: - description: - description: Description of this test case. - type: string - host: - description: Host portion of the URL. - type: string - path: - description: Path portion of the URL. - type: string - service: - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - host - - path - - service - type: object - type: array - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this object. This - field is used in optimistic locking. - type: string - mapId: - description: The unique identifier for the resource. - type: integer - selfLink: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpngateways.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNGateway - plural: computevpngateways - shortNames: - - gcpcomputevpngateway - - gcpcomputevpngateways - singular: computevpngateway - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: The region this gateway should sit in. - type: string - required: - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - vpnInterfaces: - description: A list of interfaces on this VPN gateway. - items: - properties: - id: - description: The numeric ID of this VPN gateway interface. - type: integer - ipAddress: - description: The external IP address for this VPN gateway interface. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computevpntunnels.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeVPNTunnel - plural: computevpntunnels - shortNames: - - gcpcomputevpntunnel - - gcpcomputevpntunnels - singular: computevpntunnel - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: An optional description of this resource. - type: string - ikeVersion: - description: |- - IKE protocol version to use when establishing the VPN tunnel with - peer VPN gateway. - Acceptable IKE versions are 1 or 2. Default version is 2. - type: integer - localTrafficSelector: - description: |- - Local traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - peerExternalGatewayInterface: - description: The interface ID of the external VPN gateway to which this - VPN tunnel is connected. - type: integer - peerExternalGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerGCPGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - peerIp: - description: IP address of the peer VPN gateway. Only IPv4 is supported. - type: string - region: - description: The region where the tunnel is located. If unset, is set - to the region of 'target_vpn_gateway'. - type: string - remoteTrafficSelector: - description: |- - Remote traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example '192.168.0.0/16'. The ranges should be disjoint. - Only IPv4 is supported. - items: - type: string - type: array - routerRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sharedSecret: - description: |- - Shared secret used to set the secure session between the Cloud VPN - gateway and the peer VPN gateway. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - vpnGatewayInterface: - description: The interface ID of the VPN gateway with which this VPN - tunnel is associated. - type: integer - vpnGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - sharedSecret - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - detailedStatus: - description: Detailed status message for the VPN tunnel. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - selfLink: - type: string - sharedSecretHash: - description: Hash of the shared secret. - type: string - tunnelId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containerclusters.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerCluster - plural: containerclusters - shortNames: - - gcpcontainercluster - - gcpcontainerclusters - singular: containercluster - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - addonsConfig: - properties: - cloudrunConfig: - properties: - disabled: - type: boolean - required: - - disabled - type: object - horizontalPodAutoscaling: - properties: - disabled: - type: boolean - required: - - disabled - type: object - httpLoadBalancing: - properties: - disabled: - type: boolean - required: - - disabled - type: object - istioConfig: - properties: - auth: - type: string - disabled: - type: boolean - required: - - disabled - type: object - networkPolicyConfig: - properties: - disabled: - type: boolean - required: - - disabled - type: object - type: object - authenticatorGroupsConfig: - properties: - securityGroup: - type: string - required: - - securityGroup - type: object - clusterAutoscaling: - properties: - autoProvisioningDefaults: - properties: - oauthScopes: - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - enabled: - type: boolean - resourceLimits: - items: - properties: - maximum: - type: integer - minimum: - type: integer - resourceType: - type: string - required: - - resourceType - type: object - type: array - required: - - enabled - type: object - clusterIpv4Cidr: - type: string - databaseEncryption: - properties: - keyName: - type: string - state: - type: string - required: - - state - type: object - defaultMaxPodsPerNode: - type: integer - description: - type: string - enableBinaryAuthorization: - type: boolean - enableIntranodeVisibility: - type: boolean - enableKubernetesAlpha: - type: boolean - enableLegacyAbac: - type: boolean - enableShieldedNodes: - type: boolean - enableTpu: - type: boolean - initialNodeCount: - type: integer - ipAllocationPolicy: - properties: - clusterIpv4CidrBlock: - type: string - clusterSecondaryRangeName: - type: string - servicesIpv4CidrBlock: - type: string - servicesSecondaryRangeName: - type: string - type: object - location: - type: string - loggingService: - type: string - maintenancePolicy: - properties: - dailyMaintenanceWindow: - properties: - duration: - type: string - startTime: - type: string - required: - - startTime - type: object - recurringWindow: - properties: - endTime: - type: string - recurrence: - type: string - startTime: - type: string - required: - - endTime - - recurrence - - startTime - type: object - type: object - masterAuth: - properties: - clientCertificate: - type: string - clientCertificateConfig: - properties: - issueClientCertificate: - type: boolean - required: - - issueClientCertificate - type: object - clientKey: - type: string - clusterCaCertificate: - type: string - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: - type: string - type: object - masterAuthorizedNetworksConfig: - properties: - cidrBlocks: - items: - properties: - cidrBlock: - type: string - displayName: - type: string - required: - - cidrBlock - type: object - type: array - type: object - minMasterVersion: - type: string - monitoringService: - type: string - networkPolicy: - properties: - enabled: - type: boolean - provider: - type: string - required: - - enabled - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeConfig: - properties: - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - labels: - additionalProperties: - type: string - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeLocations: - items: - type: string - type: array - nodeVersion: - type: string - podSecurityPolicyConfig: - properties: - enabled: - type: boolean - required: - - enabled - type: object - privateClusterConfig: - properties: - enablePrivateEndpoint: - type: boolean - enablePrivateNodes: - type: boolean - masterIpv4CidrBlock: - type: string - peeringName: - type: string - privateEndpoint: - type: string - publicEndpoint: - type: string - required: - - enablePrivateEndpoint - type: object - releaseChannel: - properties: - channel: - type: string - required: - - channel - type: object - resourceUsageExportConfig: - properties: - bigqueryDestination: - properties: - datasetId: - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - type: boolean - required: - - bigqueryDestination - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - verticalPodAutoscaling: - properties: - enabled: - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - properties: - identityNamespace: - type: string - required: - - identityNamespace - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - endpoint: - type: string - instanceGroupUrls: - items: - type: string - type: array - labelFingerprint: - type: string - masterVersion: - type: string - operation: - type: string - servicesIpv4Cidr: - type: string - tpuIpv4CidrBlock: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com -spec: - group: container.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ContainerNodePool - plural: containernodepools - shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - autoscaling: - properties: - maxNodeCount: - type: integer - minNodeCount: - type: integer - required: - - maxNodeCount - - minNodeCount - type: object - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - initialNodeCount: - type: integer - location: - type: string - management: - properties: - autoRepair: - type: boolean - autoUpgrade: - type: boolean - type: object - maxPodsPerNode: - type: integer - namePrefix: - type: string - nodeConfig: - properties: - diskSizeGb: - type: integer - diskType: - type: string - guestAccelerator: - items: - properties: - count: - type: integer - type: - type: string - required: - - count - - type - type: object - type: array - imageType: - type: string - labels: - additionalProperties: - type: string - type: object - localSsdCount: - type: integer - machineType: - type: string - metadata: - additionalProperties: - type: string - type: object - minCpuPlatform: - type: string - oauthScopes: - items: - type: string - type: array - preemptible: - type: boolean - sandboxConfig: - properties: - sandboxType: - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - properties: - enableIntegrityMonitoring: - type: boolean - enableSecureBoot: - type: boolean - type: object - tags: - items: - type: string - type: array - taint: - items: - properties: - effect: - type: string - key: - type: string - value: - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - properties: - nodeMetadata: - type: string - required: - - nodeMetadata - type: object - type: object - nodeCount: - type: integer - nodeLocations: - items: - type: string - type: array - upgradeSettings: - properties: - maxSurge: - type: integer - maxUnavailable: - type: integer - required: - - maxSurge - - maxUnavailable - type: object - version: - type: string - required: - - clusterRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - instanceGroupUrls: - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com -spec: - group: dataflow.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataflowJob - plural: dataflowjobs - shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ipConfiguration: - type: string - machineType: - type: string - maxWorkers: - type: integer - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - parameters: - type: object - region: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - type: string - templateGcsPath: - type: string - zone: - type: string - required: - - tempGcsLocation - - templateGcsPath - - zone - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - jobId: - type: string - state: - type: string - type: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSManagedZone - plural: dnsmanagedzones - shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - dnsName: - description: The DNS name of this managed zone, for instance "example.com.". - type: string - dnssecConfig: - description: DNSSEC configuration - properties: - defaultKeySpecs: - description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - items: - properties: - algorithm: - description: String mnemonic specifying the DNSSEC algorithm - of this key - type: string - keyLength: - description: Length of the keys in bits - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. - type: string - kind: - description: Identifies what kind of resource this is - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is - type: string - nonExistence: - description: Specifies the mechanism used to provide authenticated - denial-of-existence responses. - type: string - state: - description: Specifies whether DNSSEC is enabled, and what mode - it is in - type: string - type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. - properties: - targetNetwork: - description: The network with which to peer. - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - networks: - items: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - visibility: - description: |- - The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. - Must be one of: 'public', 'private'. - type: string - required: - - dnsName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server - items: - type: string - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSPolicy - plural: dnspolicies - shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. - properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - description: - type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com -spec: - group: dns.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DNSRecordSet - plural: dnsrecordsets - shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - type: string - rrdatas: - items: - type: string - type: array - ttl: - type: integer - type: - type: string - required: - - managedZoneRef - - name - - rrdatas - - ttl - - type - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com -spec: - group: firestore.cnrm.cloud.google.com - names: - categories: - - gcp - kind: FirestoreIndex - plural: firestoreindexes - shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - collection: - description: The collection being indexed. - type: string - database: - description: The Firestore database id. Defaults to '"(default)"'. - type: string - fields: - description: |- - The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). - items: - properties: - arrayConfig: - description: |- - Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. - type: string - fieldPath: - description: Name of the field. - type: string - order: - description: |- - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. - type: string - type: object - type: array - queryScope: - description: |- - The scope at which a query is run. One of '"COLLECTION"' or - '"COLLECTION_GROUP"'. Defaults to '"COLLECTION"'. - type: string - required: - - collection - - fields - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Folder - plural: folders - shortNames: - - gcpfolder - - gcpfolders - singular: folder - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - displayName: - type: string - required: - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - type: string - lifecycleState: - type: string - name: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMCustomRole - plural: iamcustomroles - shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - permissions: - items: - type: string - type: array - stage: - type: string - title: - type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - type: boolean - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - kind: IAMPolicy - plural: iampolicies - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bindings: - description: Optional. The list of IAM bindings. - items: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - members: - description: Optional. The list of IAM users to be bound to the - role. - items: - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: string - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: array - role: - description: Required. The role to bind the users to. - pattern: ^roles/[\w\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: iampolicymembers.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - kind: IAMPolicyMember - plural: iampolicymembers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - condition: - description: Optional. The condition under which the binding applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - title - - expression - type: object - member: - description: Required. The list of IAM identities to be bound to the - role - pattern: ^(user|serviceAccount|group|domain):.+|allUsers|allAuthenticatedUsers$ - type: string - resourceRef: - description: Required. The GCP resource to set the IAM policy on. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external - properties: - apiVersion: - type: string - external: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - role: - description: Required. The role for which the Member will be bound. - pattern: ^roles/[\w\.]+$ - type: string - required: - - resourceRef - - member - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observations - of the IAM policy's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys - shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyAlgorithm: - type: string - privateKeyType: - type: string - publicKeyType: - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - serviceAccountRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: - type: string - privateKey: - type: string - publicKey: - type: string - validAfter: - type: string - validBefore: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts - shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - type: string - displayName: - type: string - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - email: - type: string - name: - type: string - uniqueId: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmscryptokeys.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSCryptoKey - plural: kmscryptokeys - shortNames: - - gcpkmscryptokey - - gcpkmscryptokeys - singular: kmscryptokey - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - keyRingRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: - description: |- - The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. - type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: The protection level to use when creating a version - based on this template. - type: string - required: - - algorithm - type: object - required: - - keyRingRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com -spec: - group: kms.cnrm.cloud.google.com - names: - categories: - - gcp - kind: KMSKeyRing - plural: kmskeyrings - shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - location: - description: |- - The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. - type: string - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com -spec: - group: resourcemanager.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Project - plural: projects - shortNames: - - gcpproject - - gcpprojects - singular: project - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - billingAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - type: string - required: - - name - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - number: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions - shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retainAckedMessages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: - description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - path: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com -spec: - group: pubsub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PubSubTopic - plural: pubsubtopics - shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com -spec: - group: redis.cnrm.cloud.google.com - names: - categories: - - gcp - kind: RedisInstance - plural: redisinstances - shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - alternativeLocationId: - description: |- - Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the instance. - type: string - locationId: - description: |- - The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - memorySizeGb: - description: Redis memory size in GiB. - type: integer - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Currently, the supported values are: - - - REDIS_4_0 for Redis 4.0 compatibility - - REDIS_3_2 for Redis 3.2 compatibility - type: string - region: - description: The name of the Redis region of the instance. - type: string - reservedIpRange: - description: |- - The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - tier: - description: |- - The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances - type: string - required: - - memorySizeGb - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - controller-tools.k8s.io: "1.0" - name: servicemappings.core.cnrm.cloud.google.com -spec: - group: core.cnrm.cloud.google.com - names: - kind: ServiceMapping - plural: servicemappings - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceMappingSpec defines the aspects common to all resources - of a particular service being mapped from the Terraform provider to Kubernetes - Resource Model (KRM). - properties: - name: - description: Name is the name of the service being mapped (e.g. Spanner, - PubSub). This is used for the construction of the generated CRDs' - API group and kind. - type: string - resources: - description: Resources is a list of configurations specifying how to - map a specific resource from the Terraform provider to KRM. - items: - properties: - containers: - description: Containers describes all the container mappings this - resource understands. Config Connector maps Kubernetes namespaces - to the abstract GCP container objects they are scoped by via - namespaces. For most resource types, this is a project, but - certain resources live outside the scope of a project, like - folders or projects themselves. Containers are expressed as - annotations on a given Namespace, though users may provide resource-level - overrides. - items: - properties: - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that represents the implicit reference - to the container object. Use periods to delimit the fields - in the path. For example, if the field is "bar" nested - inside "foo" ("foo" being either an object or a list of - objects), the associated TFField should be "foo.bar") - type: string - type: - description: Type is the type of container this represents. - type: string - valueTemplate: - description: ValueTemplate is a template by which the value - of the container annotation should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the container annotation is "123456789", a valueTemplate - of "folders/{{value}}" would mean the final value passed - to the provider is "folders/123456789" - type: string - required: - - type - - tfField - type: object - type: array - directives: - description: Directives is a list of Terraform fields that perform - unique behaviors on top of the resource which are not part of - a GET response. If the KCC annotation's key contains a directive - from this list (e.g. `cnrm.cloud.google.com/force-destroy`), - the value from the annotation is stored/overwritten in the TF - config (e.g. force_destroy -> true) - items: - type: string - type: array - iamConfig: - description: IAMConfig contains the mappings from a given resource - onto its associated terraform IAM resources (policies, bindings, - and members) - properties: - policyMemberName: - description: PolicyMemberName is the terraform name of the - associated IAM Policy Member resource (e.g. google_spanner_instance_iam_member) - type: string - policyName: - description: PolicyName is the terraform name of the associated - IAM Policy resource (e.g. google_spanner_instance_iam_policy) - type: string - referenceField: - description: A description of the manner in which the IAM - Policy references its resource. - properties: - name: - description: The name of the field in the policy or binding - which references the resource. For 'google_spanner_instance_iam_policy' - this value is 'instance'. - type: string - type: - description: The type of value that should be used in - this field. It can be one of { name, id }. For 'google_spanner_instance_iam_policy' - it would be 'name' for 'google_kms_key_ring_iam_policy' - it would be 'id'. - type: string - required: - - name - - type - type: object - supportsConditions: - description: SupportsConditions indicates whether or not the - resource supports IAM Conditions. - type: boolean - required: - - policyName - - policyMemberName - - supportsConditions - type: object - idTemplate: - description: IDTemplate defines the format in which the ID fed - into the TF resource's importer should look. Fields may be sourced - from the TF resource by using the `{{foo}}` syntax. (e.g. {{project}}/{{location}}/{{name}}. - If SkipImport is true, this must be specified, and its expanded - form will be directly used as the TF resource's `id` field. - type: string - ignoredFields: - description: IgnoredFields is a list of fields that should be - dropped from the underlying Terraform resource. - items: - type: string - type: array - kind: - description: Kind is the Kubernetes kind you wish the resource - to have. - type: string - locationality: - description: 'Locationality categorizes the GCP resources as global, - regional, or zonal. It''s only applicable to the effort of unifying - multiple locational TF resources into one, e.g. KCC could have - a single ComputeAddress CRD to represent two TF/GCE resources - - compute address and global compute address. The location field - in ComputeAddress CRD is used to specify whether it is a global - address or regional address. If unset, it''s assumed that there - is no multiple TF locational resources mapping to the same compute - resource schema. Currently, this supports the following values: - global, regional, zonal.' - type: string - metadataMapping: - description: MetadataMapping determines how to map Kubernetes - metadata fields to the Terraform resource's configuration. - properties: - labels: - description: Labels is a JSONPath to the field in the TF resource - where the KRM "metadata.labels" field will be mapped to. - By default, this is mapped to the "labels" field, if that - field is found in the TF resource schema. - type: string - name: - description: Name is a JSONPath to the field in the TF resource - where the KRM "metadata.name" field will be mapped to. By - default, this is mapped to the "name" field, if that field - is found in the TF resource schema. - type: string - nameValueTemplate: - description: NameValueTemplate is a template by which the - value of the metadata.name value should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from metadata.name is "foo_bar", a nameValueTemplate of - "resource/{{value}}" would mean the final value passed to - the provider is "resource/foo_bar" - type: string - type: object - name: - description: Name is the Terraform name of the resource (e.g. - google_spanner_instance) - type: string - resourceReferences: - description: ResourceReferences configures the mapping of fields - in the Terraform resource that implicitly define references - to other GCP resources into explicit Kubernetes-style references. - items: - properties: - group: - description: Group is the Kubernetes group of the resource - being referenced. If not is set, it is implied that the - kind specified is unique across all groups. - type: string - jsonSchemaType: - description: JSONSchemaType specifies the type as understood - by JSON schema validation of this reference field. Should - never be specified for a TypeConfig inlined in the ReferenceConfig. This - field is mutually exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow the - Kubernetes reference naming semantics: `fooRef`, where - foo is some describer of what is being referenced (e.g. instanceRef, - healthCheckRef) Complex references (those with a "Types" - list defined) or lists of references should not specify - a key.' - type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are assumed - to match the referencing resource's. This field is mutually - exclusive with JSONSchemaType. - type: string - parent: - description: Parent specifies whether the referenced resource - is a parent. If the parent is successfully deleted, this - resource may be deleted without any call to the underlying - API. Only one parent may be present. A parent reference's - TFField must not be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's Terraform - field that will be extracted and set as the value of the - TFField. For example, a ComputeSubnetwork can reference - a ComputeNetwork's self link by setting TargetField to - "self_link", a field defined on the google_compute_network - resource. - type: string - tfField: - description: TFField is the path to the field in the underlying - Terraform provider that is the implicit reference. Use - periods to delimit the fields in the path. For example, - if the reference field is "bar" nested inside "foo" ("foo" - being either an object or a list of objects), the associated - TFField should be "foo.bar") - type: string - types: - description: Types is the supported types this resource - reference supports. Must not be specified if the inlined - TypeConfig is filled out. If the value for the reference - is not specified in the KRM spec, it is possible that - a default value may be set by GCP. This default reference - value will be populated in the KRM resource's spec. In - cases where a resource reference has multiple types, the - first type in this list will become the default TypeConfig - for that value. - items: - properties: - group: - description: Group is the Kubernetes group of the - resource being referenced. If not is set, it is - implied that the kind specified is unique across - all groups. - type: string - jsonSchemaType: - description: JSONSchemaType specifies the type as - understood by JSON schema validation of this reference - field. Should never be specified for a TypeConfig - inlined in the ReferenceConfig. This field is mutually - exclusive with Kind and TargetField. - type: string - key: - description: 'Key is the field name that will be exposed - through the KRM resource''s spec. It should follow - the Kubernetes reference naming semantics: `fooRef`, - where foo is some describer of what is being referenced - (e.g. instanceRef, healthCheckRef) Complex references - (those with a "Types" list defined) or lists of - references should not specify a key.' - type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are - assumed to match the referencing resource's. This - field is mutually exclusive with JSONSchemaType. - type: string - parent: - description: Parent specifies whether the referenced - resource is a parent. If the parent is successfully - deleted, this resource may be deleted without any - call to the underlying API. Only one parent may - be present. A parent reference's TFField must not - be a nested path. - type: boolean - targetField: - description: TargetField is the referenced resource's - Terraform field that will be extracted and set as - the value of the TFField. For example, a ComputeSubnetwork - can reference a ComputeNetwork's self link by setting - TargetField to "self_link", a field defined on the - google_compute_network resource. - type: string - valueTemplate: - description: ValueTemplate is a template by which - the value sourced from the reference should be interpreted - before being passed to the Terraform provider. {{value}} - is used in place of this sourced value. e.g. If - the value sourced from the reference is "foo@domain.com", - a valueTemplate of "serviceAccount:{{value}}" would - mean the final value passed to the provider is "serviceAccount:foo@domain.com" - type: string - type: object - type: array - valueTemplate: - description: ValueTemplate is a template by which the value - sourced from the reference should be interpreted before - being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the reference is "foo@domain.com", a valueTemplate - of "serviceAccount:{{value}}" would mean the final value - passed to the provider is "serviceAccount:foo@domain.com" - type: string - required: - - tfField - type: object - type: array - serverGeneratedIDField: - description: ServerGeneratedIDField is the field in the resource's - status that corresponds to the server-generated resource ID. - If unset, it's assumed the resource ID is specified by the user. - Resources with this set do not support acquisition. - type: string - skipImport: - description: SkipImport skips the import step when fetching the - live state of the underlying resource. If specified, IDTemplate - must also be specified, and its expanded form will be used as - the TF resource's `id` field. - type: boolean - required: - - name - - kind - type: object - type: array - version: - description: Version is the API version for all the resource CRDs being - generated. - type: string - required: - - name - - version - - resources - type: object - type: object - version: v1alpha1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com -spec: - group: servicenetworking.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections - shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - type: string - required: - - networkRef - - reservedPeeringRanges - - service - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - peering: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: Service - plural: services - shortNames: - - gcpservice - - gcpservices - singular: service - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com -spec: - group: sourcerepo.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SourceRepoRepository - plural: sourcereporepositories - shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: |- - How this repository publishes a change in the repository through Cloud Pub/Sub. - Keyed by the topic names. - items: - properties: - messageFormat: - description: |- - The format of the Cloud Pub/Sub messages. - - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. - - JSON: The message payload is a JSON string of SourceRepoEvent. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - messageFormat - - topicRef - type: object - type: array - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source Repositories. - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerDatabase - plural: spannerdatabases - shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: An explanation of the status of the database. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com -spec: - group: spanner.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SpannerInstance - plural: spannerinstances - shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - config: - description: |- - The name of the instance's configuration (similar but not - quite the same as a region) which defines defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). - type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. - type: string - numNodes: - description: The number of nodes allocated to this instance. - type: integer - required: - - config - - displayName - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - state: - description: 'Instance status: ''CREATING'' or ''READY''.' - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLDatabase - plural: sqldatabases - shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLInstance - plural: sqlinstances - shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - databaseVersion: - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - type: string - replicaConfiguration: - properties: - caCertificate: - type: string - clientCertificate: - type: string - clientKey: - type: string - connectRetryInterval: - type: integer - dumpFilePath: - type: string - failoverTarget: - type: boolean - masterHeartbeatPeriod: - type: integer - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if - 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - sslCipher: - type: string - username: - type: string - verifyServerCertificate: - type: boolean - type: object - rootPassword: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - settings: - properties: - activationPolicy: - type: string - authorizedGaeApplications: - items: - type: string - type: array - availabilityType: - type: string - backupConfiguration: - properties: - binaryLogEnabled: - type: boolean - enabled: - type: boolean - location: - type: string - startTime: - type: string - type: object - crashSafeReplication: - type: boolean - databaseFlags: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - diskAutoresize: - type: boolean - diskSize: - type: integer - diskType: - type: string - ipConfiguration: - properties: - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - ipv4Enabled: - type: boolean - privateNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - type: string - zone: - type: string - type: object - maintenanceWindow: - properties: - day: - type: integer - hour: - type: integer - updateTrack: - type: string - type: object - pricingPlan: - type: string - replicationType: - type: string - tier: - type: string - required: - - tier - type: object - required: - - settings - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - connectionName: - type: string - firstIpAddress: - type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - type: string - serverCaCert: - properties: - cert: - type: string - commonName: - type: string - createTime: - type: string - expirationTime: - type: string - sha1Fingerprint: - type: string - type: object - serviceAccountEmailAddress: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com -spec: - group: sql.cnrm.cloud.google.com - names: - categories: - - gcp - kind: SQLUser - plural: sqlusers - shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' is - specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - instanceRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols - shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. - type: string - role: - description: The access permission for the entity. - type: string - required: - - bucketRef - - entity - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageBucket - plural: storagebuckets - shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketPolicyOnly: - type: boolean - cors: - items: - properties: - maxAgeSeconds: - type: integer - method: - items: - type: string - type: array - origin: - items: - type: string - type: array - responseHeader: - items: - type: string - type: array - type: object - type: array - encryption: - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - items: - properties: - action: - properties: - storageClass: - type: string - type: - type: string - required: - - type - type: object - condition: - properties: - age: - type: integer - createdBefore: - type: string - matchesStorageClass: - items: - type: string - type: array - numNewerVersions: - type: integer - withState: - type: string - type: object - required: - - action - - condition - type: object - type: array - location: - type: string - logging: - properties: - logBucket: - type: string - logObjectPrefix: - type: string - required: - - logBucket - type: object - requesterPays: - type: boolean - retentionPolicy: - properties: - isLocked: - type: boolean - retentionPeriod: - type: integer - required: - - retentionPeriod - type: object - storageClass: - type: string - versioning: - properties: - enabled: - type: boolean - required: - - enabled - type: object - website: - properties: - mainPageSuffix: - type: string - notFoundPage: - type: string - type: object - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - selfLink: - type: string - url: - type: string - type: object - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols - shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - type: string - object: - description: The name of the object, if applied to an object. - type: string - role: - description: The access permission for the entity. - type: string - required: - - bucketRef - - entity - - role - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. - type: string - entityId: - description: The ID for the entity - type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer - projectTeam: - description: The project team associated with the entity - properties: - projectNumber: - description: The project team associated with the entity - type: string - team: - description: The team. - type: string - type: object - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.7.1 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com -spec: - group: storage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: StorageNotification - plural: storagenotifications - shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - customAttributes: - additionalProperties: - type: string - type: object - eventTypes: - items: - type: string - type: array - objectNamePrefix: - type: string - payloadFormat: - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - bucketRef - - payloadFormat - - topicRef - type: object - status: - properties: - conditions: - description: Conditions represents the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about last - transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - notificationId: - type: string - selfLink: - type: string - type: object - required: - - spec - type: object - version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/test-infra/management/upstream/management/cnrm-install/instance/configconnector.yaml b/test-infra/management/upstream/management/cnrm-install/instance/configconnector.yaml new file mode 100644 index 00000000000..acd39b9457f --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/instance/configconnector.yaml @@ -0,0 +1,7 @@ +apiVersion: core.cnrm.cloud.google.com/v1beta1 +kind: ConfigConnector +metadata: + name: configconnector.core.cnrm.cloud.google.com +spec: + mode: cluster + googleServiceAccount: "kf-ci-management-cnrm-system@kubeflow-ci.iam.gserviceaccount.com" # {"$kpt-set":"cnrm-system"} diff --git a/test-infra/management/upstream/management/cnrm-install/instance/kustomization.yaml b/test-infra/management/upstream/management/cnrm-install/instance/kustomization.yaml new file mode 100644 index 00000000000..8b07b44b24e --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/instance/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- configconnector.yaml diff --git a/test-infra/management/upstream/management/cnrm-install/operator-system/configconnector-operator.yaml b/test-infra/management/upstream/management/cnrm-install/operator-system/configconnector-operator.yaml new file mode 100644 index 00000000000..413737877f8 --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/operator-system/configconnector-operator.yaml @@ -0,0 +1,467 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-system +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnectorcontexts.core.cnrm.cloud.google.com +spec: + group: core.cnrm.cloud.google.com + names: + kind: ConfigConnectorContext + listKind: ConfigConnectorContextList + plural: configconnectorcontexts + singular: configconnectorcontext + scope: Namespaced + validation: + openAPIV3Schema: + description: ConfigConnectorContext is the Schema for the ConfigConnectorContexts + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext + properties: + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs in the associated namespace. + type: string + requestProjectPolicy: + description: Specifies which project to use for preconditions, quota, + and billing for requests made to Google Cloud APIs for resources in + the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT' + or 'RESOURCE_PROJECT'. Defaults to 'SERVICE_ACCOUNT_PROJECT'. If set + to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google Service + Account belongs to. If set to 'RESOURCE_PROJECT', uses the project + that the resource belongs to. + enum: + - SERVICE_ACCOUNT_PROJECT + - RESOURCE_PROJECT + type: string + required: + - googleServiceAccount + type: object + status: + description: ConfigConnectorContextStatus defines the observed state of + ConfigConnectorContext + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + required: + - healthy + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnectors.core.cnrm.cloud.google.com +spec: + group: core.cnrm.cloud.google.com + names: + kind: ConfigConnector + listKind: ConfigConnectorList + plural: configconnectors + singular: configconnector + scope: Cluster + validation: + openAPIV3Schema: + description: ConfigConnector is the Schema for the configconnectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - oneOf: + - not: + required: + - googleServiceAccount + required: + - credentialSecretName + - not: + required: + - credentialSecretName + required: + - googleServiceAccount + properties: + mode: + enum: + - cluster + - not: + anyOf: + - required: + - googleServiceAccount + - required: + - credentialSecretName + properties: + mode: + enum: + - namespaced + description: ConfigConnectorSpec defines the desired state of ConfigConnector + properties: + credentialSecretName: + description: The Kubernetes secret that contains the Google Service + Account Key's credentials to be used by ConfigConnector to authenticate + with Google Cloud APIs. This field is used only when in cluster mode. + It's recommended to use `googleServiceAccount` when running ConfigConnector + in Google Kubernetes Engine (GKE) clusters with Workload Identity + enabled. This field cannot be specified together with `googleServiceAccount`. + type: string + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs. This field is used only when + running in cluster mode with Workload Identity enabled. See Google + Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) + for details. This field cannot be specified together with `credentialSecretName`. + For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext + CRD to specify the Google Service Account to be used to authenticate + with Google Cloud APIs per namespace. + type: string + mode: + description: The mode that Config Connector will run in. This can be + either 'cluster' or 'namespaced'. The default is 'namespaced'. Cluster + mode uses a single Google Service Account to create and manage resources, + even if you are using Config Connector to manage multiple Projects. + You must specify either `credentialSecretName` or `googleServiceAccount` + when in cluster mode, but not both. Namespaced mode allows you to + use different Google service accounts for different Projects. When + in namespaced mode, you must create a ConfigConnectorContext object + per namespace that you want to enable Config Connector in, and each + must set `googleServiceAccount` to specify the Google Service Account + to be used to authenticate with Google Cloud APIs for the namespace. + enum: + - cluster + - namespaced + type: string + type: object + status: + description: ConfigConnectorStatus defines the observed state of ConfigConnector + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + required: + - healthy + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator + namespace: configconnector-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - events + - namespaces + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - configconnectors + - configconnectorcontexts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - configconnectors/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - roles + verbs: + - create + - delete + - escalate + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - cnrm-admin + - cnrm-manager-cluster-role + - cnrm-manager-ns-role + - cnrm-recorder-role + - cnrm-webhook-role + resources: + - clusterroles + verbs: + - bind +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: configconnector-operator-manager-role +subjects: +- kind: ServiceAccount + name: configconnector-operator + namespace: configconnector-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-service + namespace: configconnector-operator-system +spec: + ports: + - name: controller-manager + port: 443 + selector: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator + namespace: configconnector-operator-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + serviceName: configconnector-operator-service + template: + metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.29.0 + labels: + cnrm.cloud.google.com/component: configconnector-operator + cnrm.cloud.google.com/operator-system: "true" + spec: + containers: + - args: + - --local-repo=/configconnector-operator/channels + command: + - /configconnector-operator/manager + image: gcr.io/gke-release/cnrm/operator:737484d + name: manager + resources: + limits: + memory: 200Mi + requests: + cpu: 50m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: configconnector-operator + terminationGracePeriodSeconds: 10 diff --git a/test-infra/management/upstream/management/cnrm-install/operator-system/kustomization.yaml b/test-infra/management/upstream/management/cnrm-install/operator-system/kustomization.yaml new file mode 100644 index 00000000000..a16f5f6d8a1 --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/operator-system/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- configconnector-operator.yaml diff --git a/test-infra/management/upstream/management/cnrm-install/services/enable-services.yaml b/test-infra/management/upstream/management/cnrm-install/services/enable-services.yaml new file mode 100644 index 00000000000..28f6c5831f3 --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/services/enable-services.yaml @@ -0,0 +1,9 @@ +# cloudresourcemanager, used for creating projects +apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/deletion-policy: abandon + cnrm.cloud.google.com/disable-dependent-services: "false" + name: cloudresourcemanager.googleapis.com + namespace: caip-bp-admin diff --git a/test-infra/management/upstream/management/cnrm-install/services/kustomization.yaml b/test-infra/management/upstream/management/cnrm-install/services/kustomization.yaml new file mode 100644 index 00000000000..65ee075be47 --- /dev/null +++ b/test-infra/management/upstream/management/cnrm-install/services/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- enable-services.yaml diff --git a/test-infra/management/upstream/management/hack/example-config.sh b/test-infra/management/upstream/management/hack/example-config.sh new file mode 100755 index 00000000000..6f43fb8f5df --- /dev/null +++ b/test-infra/management/upstream/management/hack/example-config.sh @@ -0,0 +1,3 @@ +kpt cfg set ./ name kf-mgmt +kpt cfg set ./ gcloud.core.project management-proj +kpt cfg set ./ location asia-east1-c diff --git a/test-infra/management/upstream/management/hack/reset.sh b/test-infra/management/upstream/management/hack/reset.sh new file mode 100755 index 00000000000..811ad37969a --- /dev/null +++ b/test-infra/management/upstream/management/hack/reset.sh @@ -0,0 +1,3 @@ +kpt cfg set ./ name NAME +kpt cfg set ./ gcloud.core.project PROJECT +kpt cfg set ./ location LOCATION