diff --git a/gcp/v2/management/cnrm-install/README.md b/gcp/v2/management/cnrm-install/README.md index ac29a2a63..9f5420dbf 100644 --- a/gcp/v2/management/cnrm-install/README.md +++ b/gcp/v2/management/cnrm-install/README.md @@ -10,23 +10,23 @@ To update: 1. Copy the per namespace components to the template stored in the blueprint repo. 1. Edit "0-cnrm-system.yaml" to add the kpt setter; change - ``` -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - cnrm.cloud.google.com/version: 1.15.1 - iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-controller-manager - namespace: cnrm-system - ``` + ``` + apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + cnrm.cloud.google.com/version: 1.15.1 + iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system + ``` to - ``` - annotations: - ... - iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com # {"$kpt-set":"cnrm-system"} - ``` \ No newline at end of file + ``` + annotations: + ... + iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com # {"$kpt-set":"cnrm-system"} + ``` \ No newline at end of file diff --git a/gcp/v2/management/cnrm-install/install-system/0-cnrm-system.yaml b/gcp/v2/management/cnrm-install/install-system/0-cnrm-system.yaml index ae347ea85..2ed6b854d 100644 --- a/gcp/v2/management/cnrm-install/install-system/0-cnrm-system.yaml +++ b/gcp/v2/management/cnrm-install/install-system/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 iam.gke.io/gcp-service-account: NAME-cnrm-system@PROJECT.iam.gserviceaccount.com # {"$kpt-set":"cnrm-system"} labels: cnrm.cloud.google.com/system: "true" @@ -36,7 +36,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -46,7 +46,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -56,23 +56,66 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager namespace: cnrm-system --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin rules: - apiGroups: - accesscontextmanager.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com - bigquery.cnrm.cloud.google.com - bigtable.cnrm.cloud.google.com - cloudbuild.cnrm.cloud.google.com @@ -83,6 +126,8 @@ rules: - firestore.cnrm.cloud.google.com - iam.cnrm.cloud.google.com - kms.cnrm.cloud.google.com + - logging.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com - pubsub.cnrm.cloud.google.com - redis.cnrm.cloud.google.com - resourcemanager.cnrm.cloud.google.com @@ -109,7 +154,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role @@ -159,7 +204,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-cluster-role @@ -217,7 +262,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-ns-role @@ -242,7 +287,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-role @@ -272,7 +317,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -332,10 +377,46 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -358,7 +439,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -375,7 +456,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -392,7 +473,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -409,7 +490,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -426,7 +507,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -443,7 +524,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -460,7 +541,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -482,7 +563,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -502,7 +583,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -518,7 +599,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -531,69 +612,10 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.15.1 - image: gcr.io/cnrm-eap/recorder:b59b871 + value: 1.27.2 + image: gcr.io/cnrm-eap/recorder:1c8c589 imagePullPolicy: Always name: recorder - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 3 - periodSeconds: 3 - resources: - limits: - cpu: 20m - memory: 64Mi - requests: - cpu: 10m - memory: 32Mi - securityContext: - privileged: false - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: cnrm-resource-stats-recorder - terminationGracePeriodSeconds: 10 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - cnrm.cloud.google.com/version: 1.15.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - name: cnrm-webhook-manager - namespace: cnrm-system -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - template: - metadata: - annotations: - cnrm.cloud.google.com/version: 1.15.1 - labels: - cnrm.cloud.google.com/component: cnrm-webhook-manager - cnrm.cloud.google.com/system: "true" - spec: - containers: - - args: - - --stderrthreshold=INFO - command: - - /configconnector/webhook - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:b59b871 - imagePullPolicy: Always - name: webhook readinessProbe: exec: command: @@ -612,6 +634,61 @@ spec: privileged: false runAsNonRoot: true runAsUser: 1000 + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --stderrthreshold=INFO + command: + - /configconnector/webhook + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/cnrm-eap/webhook:1c8c589 + imagePullPolicy: Always + name: webhook + readinessProbe: + exec: + command: + - cat + - /tmp/ready + initialDelaySeconds: 3 + periodSeconds: 3 + resources: + limits: + cpu: 40m + memory: 64Mi + securityContext: + privileged: false + runAsNonRoot: true + runAsUser: 1000 serviceAccountName: cnrm-webhook-manager terminationGracePeriodSeconds: 10 --- @@ -619,7 +696,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -634,7 +711,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -645,7 +722,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:b59b871 + image: gcr.io/cnrm-eap/controller:1c8c589 imagePullPolicy: Always name: manager readinessProbe: @@ -673,7 +750,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -688,7 +765,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -698,7 +775,7 @@ spec: - --stderrthreshold=INFO command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:b59b871 + image: gcr.io/cnrm-eap/deletiondefender:1c8c589 imagePullPolicy: Always name: deletiondefender readinessProbe: @@ -713,7 +790,6 @@ spec: cpu: 100m memory: 128Mi requests: - cpu: 100m memory: 64Mi securityContext: privileged: false @@ -721,3 +797,27 @@ spec: runAsUser: 1000 serviceAccountName: cnrm-deletiondefender terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 10 + metrics: + - resource: + name: cpu + target: + averageUtilization: 60 + type: Utilization + type: Resource + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager diff --git a/gcp/v2/management/cnrm-install/install-system/crds.yaml b/gcp/v2/management/cnrm-install/install-system/crds.yaml index edb819158..ba87c6454 100644 --- a/gcp/v2/management/cnrm-install/install-system/crds.yaml +++ b/gcp/v2/management/cnrm-install/install-system/crds.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -106,14 +106,14 @@ spec: allowedDeviceManagementLevels: description: |- A list of allowed device management levels. - An empty list allows all management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"] items: type: string type: array allowedEncryptionStatuses: description: |- A list of allowed encryptions statuses. - An empty list allows all statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"] items: type: string type: array @@ -266,6 +266,39 @@ spec: required: - conditions type: object + custom: + description: "Custom access level conditions are set using the Cloud + Common Expression Language to represent the necessary conditions for + the level to apply to a request. \nSee CEL spec at: https://github.com/google/cel-spec." + properties: + expr: + description: "Represents a textual expression in the Common Expression + Language (CEL) syntax. CEL is a C-like expression language.\nThis + page details the objects and attributes that are used to the build + the CEL expressions for \ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec." + properties: + description: + description: Description of the expression + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in the + file + type: string + title: + description: Title for the expression, i.e. a short string describing + its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object description: description: Description of the AccessLevel and its use. Does not affect behavior. @@ -321,7 +354,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -416,7 +449,507 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of an AccessContextManagerAccessPolicy. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"] + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: "(Optional) A list of AccessLevel resource names + that allow resources within \nthe ServicePerimeter to be accessed + from the internet. AccessLevels listed \nmust be in the same + policy as this ServicePerimeter. \nReferencing a nonexistent + AccessLevel is a syntax error. If no \nAccessLevel names are + listed, resources within the perimeter can \nonly be accessed + via GCP calls with request origins within the \nperimeter. For + Service Perimeter Bridge, must be empty. \nFormat:- accessPolicies/{policy_id}/accessLevels/{access_level_name}" + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of an AccessContextManagerAccessLevel. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resources: + items: + description: "(Optional) A list of GCP resources that are inside + of the service perimeter. \nCurrently only projects are allowed. + Format: projects/{project_number}" + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The number of a Project. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: "(Optional) A list of AccessLevel resource names + that allow resources within \nthe ServicePerimeter to be accessed + from the internet. AccessLevels listed \nmust be in the same + policy as this ServicePerimeter. \nReferencing a nonexistent + AccessLevel is a syntax error. If no \nAccessLevel names are + listed, resources within the perimeter can \nonly be accessed + via GCP calls with request origins within the \nperimeter. For + Service Perimeter Bridge, must be empty. \nFormat:- accessPolicies/{policy_id}/accessLevels/{access_level_name}" + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of an AccessContextManagerAccessLevel. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resources: + items: + description: "(Optional) A list of GCP resources that are inside + of the service perimeter. \nCurrently only projects are allowed. + Format: projects/{project_number}" + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a Project. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The user-provided description of the repository. + type: string + format: + description: 'The format of packages that are stored in the repoitory. + Possible values: ["DOCKER"]' + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a KMSCryptoKey. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: The name of the location this repository is located in. + type: string + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "projects/p1/locations/us-central1/repositories/repo1" + type: string + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -469,10 +1002,9 @@ spec: role: description: |- Describes the rights granted to the user specified by the other - member of the access object. Primitive, Predefined and custom - roles are supported. Predefined roles that have equivalent - primitive roles are swapped by the API to their Primitive - counterparts. See + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control). type: string specialGroup: @@ -683,7 +1215,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1289,9 +1821,10 @@ spec: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"]' type: string query: - description: SQL query text to execute. The useLegacySql field can - be used to indicate whether the query uses legacy SQL or standard - SQL. + description: |- + SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. type: string schemaUpdateOptions: description: |- @@ -1409,7 +1942,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1446,6 +1979,9 @@ spec: spec: properties: clustering: + description: Specifies column names to use for data clustering. Up to + four top-level columns are allowed, and should be specified in descending + priority order. items: type: string type: array @@ -1476,8 +2012,12 @@ spec: type: string type: object description: + description: The field description. type: string encryptionConfiguration: + description: Specifies how the table should be encrypted. If left blank, + the table will be encrypted with a Google-managed key; that process + is transparent to the user. properties: kmsKeyRef: oneOf: @@ -1509,51 +2049,109 @@ spec: - kmsKeyRef type: object expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. Expired + tables will be deleted and their storage reclaimed. type: integer externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. type: boolean compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string csvOptions: + description: Additional properties to set if source_format is set + to "CSV". properties: allowJaggedRows: + description: Indicates if BigQuery should accept rows that are + missing trailing optional columns. type: boolean allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. The + default value is false. type: boolean encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string fieldDelimiter: + description: The separator for fields in a CSV file. type: string quote: type: string skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. type: integer required: - quote type: object googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20"' type: string skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. type: integer type: object hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting hive + partitioning on an unsupported format will lead to an error, as + will providing an invalid specification. properties: mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string sourceUriPrefix: + description: When hive partition detection is requested, a common + for all source uris must be required. The prefix must end + immediately before the partition key encoding begins. type: string type: object ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra values + are ignored. If false, records with extra columns are treated + as bad records, and if there are too many bad records, an invalid + error is returned in the job result. The default value is false. type: boolean maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. type: integer + schema: + description: A JSON schema for the external table. Schema is required + for CSV and JSON formats and is disallowed for Google Cloud Bigtable, + Cloud Datastore backups, and Avro formats when using external + tables. + type: string sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", and "DATSTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' type: string sourceUris: + description: A list of the fully-qualified URIs that point to your + data in Google Cloud. items: type: string type: array @@ -1563,18 +2161,46 @@ spec: - sourceUris type: object friendlyName: + description: A descriptive name for the table. type: string + materializedView: + description: If specified, configures this table as a materialized view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000 + type: integer + required: + - query + type: object rangePartitioning: + description: If specified, configures range-based partitioning for this + table. properties: field: + description: The field used to determine how to create a range-based + partition. type: string range: + description: Information required to partition based on ranges. + Structure is documented below. properties: end: + description: End of the range partitioning, exclusive. type: integer interval: + description: The width of each range within the partition. type: integer start: + description: Start of the range partitioning, inclusive. type: integer required: - end @@ -1586,25 +2212,42 @@ spec: - range type: object schema: + description: A JSON schema for the table. type: string timePartitioning: + description: If specified, configures time-based partitioning for this + table. properties: expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. type: integer field: + description: The field used to determine how to create a time-based + partition. If time-based partitioning is enabled without this + value, the table is partitioned based on the load time. type: string requirePartitionFilter: + description: If set to true, queries over this table require a partition + filter that can be used for partition elimination to be specified. type: boolean type: + description: The supported types are DAY and HOUR, which will generate + one partition per day or hour based on data loading time. type: string required: - type type: object view: + description: If specified, configures this table as a view. properties: query: + description: A query that BigQuery executes when the view is referenced. type: string useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL type: boolean required: - query @@ -1641,22 +2284,37 @@ spec: type: object type: array creationTime: + description: The time when this table was created, in milliseconds since + the epoch. type: integer etag: + description: A hash of the resource. type: string lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. type: integer location: + description: The geographic location where the table resides. This value + is inherited from the dataset. type: string numBytes: + description: The geographic location where the table resides. This value + is inherited from the dataset. type: integer numLongTermBytes: + description: The number of bytes in the table that are considered "long-term + storage". type: integer numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. type: integer selfLink: + description: The URI of the created resource. type: string type: + description: Describes the table type. type: string type: object required: @@ -1674,7 +2332,311 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a BigtableInstance. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values are + of the form 'projects//instances//appProfiles/'. + type: string + type: object + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: The name of the column family. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a BigtableInstance. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: GC policy that applies to all cells older than the given + age. + items: + properties: + days: + description: Number of days before applying GC policy. + type: integer + required: + - days + type: object + type: array + maxVersion: + description: GC policy that applies to all versions of a cell except + for the most recent. + items: + properties: + number: + description: Number of version before applying the GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: If multiple policies are set, you should choose between + UNION OR INTERSECTION. + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a BigtableTable. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1712,7 +2674,7 @@ spec: properties: cluster: description: A block of cluster configuration options. This can be specified - 1 or 2 times. + at least once, and up to 4 times. items: properties: clusterId: @@ -1720,8 +2682,11 @@ spec: type: string numNodes: description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for a PRODUCTION instance. Must - be left unset for a DEVELOPMENT instance. + For PRODUCTION instances where the numNodes will be managed + by Config Connector, this field is required with a minimum of + 1. For a DEVELOPMENT instance or for an existing instance where + the numNodes is managed outside of Config Connector, this field + must be left unset. type: integer storageType: description: The storage type to use. One of "SSD" or "HDD". Defaults @@ -1747,8 +2712,15 @@ spec: Defaults to the instance name. type: string instanceType: - description: The instance type to create. One of "DEVELOPMENT" or "PRODUCTION". - Defaults to "PRODUCTION". + description: DEPRECATED — It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be converted + to "PRODUCTION" instances. It is recommended for users to use "PRODUCTION" + instances in any case, since a 1-node "PRODUCTION" instance is functionally + identical to a "DEVELOPMENT" instance, but without the accompanying + restrictions. The instance type to create. One of "DEVELOPMENT" or + "PRODUCTION". Defaults to "PRODUCTION". type: string type: object status: @@ -1793,7 +2765,133 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a BigtableInstance. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1833,6 +2931,69 @@ spec: description: Contents of the build template. Either a filename or build template must be provided. properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object images: description: |- A list of images to be pushed upon the successful completion of all build steps. @@ -1842,6 +3003,307 @@ spec: items: type: string type: array + logsBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The url of a StorageBucket. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"]' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "NONE"]' + type: string + machineType: + description: 'Compute Engine machine type on which to run the + build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", "N1_HIGHCPU_32"]' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"]' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"]' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"] + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the build + is enqueued longer than this value, \nthe build will expire and + the build status will be EXPIRED.\nThe TTL starts ticking from + createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a KMSCryptoKey. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax" + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one a + of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, in + which to run the build.\nThis must be a relative path. + If a step's dir is specified and is an absolute path, + \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting the + build is assumed." + type: string + repoRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a SourceRepoRepository. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax" + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in Google + Cloud Storage. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a StorageBucket. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the object. + \nIf the generation is omitted, the latest generation + will be used" + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object step: description: The operations to be performed on the workspace. items: @@ -1977,6 +3439,11 @@ spec: - name type: object type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object tags: description: Tags for annotation of a Build. These are not docker tags. @@ -2032,8 +3499,12 @@ spec: commentControl: description: 'Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED"]' + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"]' type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean required: - branch type: object @@ -2045,6 +3516,10 @@ spec: description: Regex of branches to match. Specify only one of branch or tag. type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean tag: description: Regex of tags to match. Specify only one of branch or tag. @@ -2086,6 +3561,11 @@ spec: type: string description: Substitutions data for Build resource. type: object + tags: + description: Tags for annotation of a BuildTrigger + items: + type: string + type: array triggerTemplate: description: |- Template describing the types of source changes to trigger a build. @@ -2113,6 +3593,10 @@ spec: is an absolute path, this value is ignored for that step's execution. type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean repoRef: description: |- The Cloud Source Repository to build. If omitted, the repo with @@ -2197,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2279,7 +3763,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2303,10 +3787,9 @@ spec: purpose: description: |- The purpose of this resource, which can be one of the following values: - - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. - - This should only be set when using an Internal address. Possible values: ["GCE_ENDPOINT"] + - SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers + This should only be set when using an Internal address. Possible values: ["GCE_ENDPOINT", "SHARED_LOADBALANCER_VIP"] type: string subnetworkRef: description: |- @@ -2330,7 +3813,7 @@ spec: - external properties: external: - description: The name of a ComputeSubnetwork. + description: The selfLink of a ComputeSubnetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2401,7 +3884,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2541,7 +4024,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3028,7 +4511,7 @@ spec: - external properties: external: - description: The name of a ComputeHTTPHealthCheck. + description: The selfLink of a ComputeHTTPHealthCheck. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -3295,7 +4778,7 @@ spec: description: |- The protocol this BackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL"] + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"] type: string securityPolicyRef: description: The security policy associated with this backend service. @@ -3335,7 +4818,6 @@ spec: failed request. Default is 30 seconds. Valid range is [1, 86400]. type: integer required: - - healthChecks - location type: object status: @@ -3392,7 +4874,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3481,6 +4963,35 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The email of an IAMServiceAccount. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object rawKey: description: |- Specifies a 256-bit customer-supplied encryption key, encoded in @@ -3678,6 +5189,35 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The email of an IAMServiceAccount. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object rawKey: description: |- Specifies a 256-bit customer-supplied encryption key, encoded in @@ -3728,6 +5268,35 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The email of an IAMServiceAccount. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object rawKey: description: |- Specifies a 256-bit customer-supplied encryption key, encoded in @@ -3831,7 +5400,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3886,7 +5455,7 @@ spec: description: |- IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider’s VPN gateway, + your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. type: string type: object @@ -3941,7 +5510,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4001,7 +5570,7 @@ spec: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip), or the IP protocol number. + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. type: string required: - protocol @@ -4030,7 +5599,7 @@ spec: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip), or the IP protocol number. + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. type: string required: - protocol @@ -4064,11 +5633,22 @@ spec: is unspecified, the firewall rule will be enabled. type: boolean enableLogging: - description: |- - This field denotes whether to enable logging for a particular - firewall rule. If logging is enabled, logs will be exported to - Stackdriver. + description: DEPRECATED — Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude metadata + for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA"]' + type: string + required: + - metadata + type: object networkRef: description: The network to attach this firewall to. oneOf: @@ -4087,7 +5667,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4268,7 +5848,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4523,7 +6103,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4833,7 +6413,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4879,6 +6459,46 @@ spec: An optional description of this resource. Provide this property when you create the resource. type: string + grpcHealthCheck: + description: A nested object resource + properties: + grpcServiceName: + description: "The gRPC service name for the health check. \nThe + value of grpcServiceName has the following meanings by convention:\n + \ - Empty serviceName means the overall status of all services + at the backend.\n - Non-empty serviceName means the health of + that gRPC service, as defined by the owner of the service.\nThe + grpcServiceName can only be ASCII." + type: string + port: + description: "The port number for the health check request. \nMust + be specified if portName and portSpecification are not set \nor + if port_specification is USE_FIXED_PORT. Valid values are 1 through + 65535." + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"] + type: string + type: object healthyThreshold: description: |- A so-far unhealthy instance will be marked healthy after this many @@ -5222,7 +6842,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5348,7 +6968,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5474,7 +7094,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5567,7 +7187,7 @@ spec: description: 'The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "WINDOWS"]' type: string required: @@ -5603,6 +7223,58 @@ spec: required: - source type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a ComputeImage. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a ComputeSnapshot. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object status: properties: @@ -5661,7 +7333,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5698,6 +7370,7 @@ spec: spec: properties: description: + description: An optional textual description of the instance group. type: string instances: items: @@ -5728,11 +7401,14 @@ spec: type: object type: array namedPort: + description: The named port configuration. items: properties: name: + description: The name which the port will be mapped to. type: string port: + description: The port number to map the name to. type: integer required: - name @@ -5766,6 +7442,7 @@ spec: type: string type: object zone: + description: The zone that this instance group should be created in. type: string required: - zone @@ -5799,8 +7476,10 @@ spec: type: object type: array selfLink: + description: The URI of the created resource. type: string size: + description: The number of instances in the group. type: integer type: object required: @@ -5818,7 +7497,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5864,11 +7543,17 @@ spec: - zone properties: attachedDisk: + description: List of disks attached to the instance items: properties: deviceName: + description: Name with which the attached disk is accessible under + /dev/disk/by-id/ type: string diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. oneOf: - not: required: @@ -5907,6 +7592,8 @@ spec: type: object type: object diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. type: string kmsKeyRef: oneOf: @@ -5935,6 +7622,8 @@ spec: type: string type: object mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". type: string sourceDiskRef: oneOf: @@ -5967,12 +7656,20 @@ spec: type: object type: array bootDisk: + description: The boot disk for the instance. properties: autoDelete: + description: Whether the disk will be auto-deleted when the instance + is deleted. type: boolean deviceName: + description: Name with which attached disk will be accessible under + /dev/disk/by-id/ type: string diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. oneOf: - not: required: @@ -6010,12 +7707,19 @@ spec: type: object type: object diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. type: string initializeParams: + description: Parameters with which a disk was created alongside + the instance. properties: labels: + description: A set of key/value label pairs assigned to the + disk. type: object size: + description: The size of the image in gigabytes. type: integer sourceImageRef: oneOf: @@ -6044,6 +7748,8 @@ spec: type: string type: object type: + description: The Google Compute Engine disk type. One of pd-standard, + pd-ssd or pd-balanced. type: string type: object kmsKeyRef: @@ -6073,6 +7779,8 @@ spec: type: string type: object mode: + description: Read/write mode for the disk. One of "READ_ONLY" or + "READ_WRITE". type: string sourceDiskRef: oneOf: @@ -6102,21 +7810,44 @@ spec: type: object type: object canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. type: boolean + confidentialInstanceConfig: + description: The Confidential VM config being used by the instance. on_host_maintenance + has to be set to TERMINATE or this will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object deletionProtection: + description: Whether deletion protection is enabled on this instance. type: boolean description: + description: A brief description of the resource. type: string desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". type: string enableDisplay: + description: Whether the instance has virtual displays enabled. type: boolean guestAccelerator: + description: List of the type and count of accelerator cards attached + to the instance. items: properties: count: + description: The number of the guest accelerator cards exposed + to this instance. type: integer type: + description: The accelerator type resource exposed to this instance. + E.g. nvidia-tesla-k80. type: string required: - count @@ -6124,6 +7855,11 @@ spec: type: object type: array hostname: + description: A custom hostname for the instance. Must be a fully qualified + DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 + characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), + concatenated with periods. The entire hostname must not exceed 253 + characters. Changing this forces a new resource to be created. type: string instanceTemplateRef: oneOf: @@ -6152,6 +7888,7 @@ spec: type: string type: object machineType: + description: The machine type to create. type: string metadata: items: @@ -6166,13 +7903,18 @@ spec: type: object type: array metadataStartupScript: + description: Metadata startup scripts made available within the instance. type: string minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. type: string networkInterface: + description: The networks attached to the instance. items: properties: accessConfig: + description: Access configurations, i.e. IPs via which this instance + can be accessed via the Internet. items: properties: natIpRef: @@ -6203,25 +7945,36 @@ spec: type: string type: object networkTier: + description: The networking tier used for configuring this + instance. One of PREMIUM or STANDARD. type: string publicPtrDomainName: + description: The DNS domain name for the public PTR record. type: string type: object type: array aliasIpRange: + description: An array of alias IP ranges for this network interface. items: properties: ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. type: string subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. type: string required: - ipCidrRange type: object type: array name: + description: The name of the interface type: string networkIp: + description: The private IP address assigned to the instance. type: string networkRef: oneOf: @@ -6250,6 +8003,7 @@ spec: type: string type: object subnetworkProject: + description: The project in which the subnetwork belongs. type: string subnetworkRef: oneOf: @@ -6308,9 +8062,14 @@ spec: type: object type: array scheduling: + description: The scheduling strategy being used by the instance. properties: automaticRestart: + description: Specifies if the instance should be restarted if it + was terminated by Compute Engine (not a user). type: boolean + minNodeCpus: + type: integer nodeAffinities: items: properties: @@ -6319,22 +8078,30 @@ spec: type: object type: array onHostMaintenance: + description: Describes maintenance behavior for the instance. One + of MIGRATE or TERMINATE, type: string preemptible: + description: Whether the instance is preemptible. type: boolean type: object scratchDisk: + description: The scratch disks attached to the instance. items: properties: interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. type: string required: - interface type: object type: array serviceAccount: + description: The service account to attach to the instance. properties: scopes: + description: A list of service scopes. items: type: string type: array @@ -6368,19 +8135,27 @@ spec: - scopes type: object shieldedInstanceConfig: + description: The shielded vm config being used by the instance. properties: enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. type: boolean enableSecureBoot: + description: Whether secure boot is enabled for the instance. type: boolean enableVtpm: + description: Whether the instance uses vTPM. type: boolean type: object tags: + description: The list of tags attached to the instance. items: type: string type: array zone: + description: The zone of the instance. If self_link is provided, this + value is ignored. If neither self_link nor zone are provided, the + provider zone is used. type: string type: object status: @@ -6412,18 +8187,25 @@ spec: type: object type: array cpuPlatform: + description: The CPU platform used by this instance. type: string currentStatus: + description: Current status of the instance. type: string instanceId: + description: The server-assigned unique identifier of this instance. type: string labelFingerprint: + description: The unique fingerprint of the labels. type: string metadataFingerprint: + description: The unique fingerprint of the metadata. type: string selfLink: + description: The URI of the created resource. type: string tagsFingerprint: + description: The unique fingerprint of the tags. type: string type: object required: @@ -6441,7 +8223,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -6478,19 +8260,45 @@ spec: spec: properties: canIpForward: + description: Whether to allow sending and receiving of packets with + non-matching source or destination IPs. This defaults to false. type: boolean + confidentialInstanceConfig: + description: The Confidential VM config being used by the instance. + on_host_maintenance has to be set to TERMINATE or this will fail to + create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object description: + description: A brief description of this resource. type: string disk: + description: Disks to attach to instances created from this template. + This can be specified multiple times for multiple disks. items: properties: autoDelete: + description: Whether or not the disk should be auto-deleted. This + defaults to true. type: boolean boot: + description: Indicates that this is a boot disk. type: boolean deviceName: + description: A unique device name that is reflected into the /dev/ + tree of a Linux operating system running within the instance. + If not specified, the server chooses a default device name to + apply to this disk. type: string diskEncryptionKey: + description: Encrypts or decrypts a disk using a customer-supplied + encryption key. properties: kmsKeyRef: oneOf: @@ -6522,18 +8330,31 @@ spec: - kmsKeyRef type: object diskName: + description: Name of the disk. When not provided, this defaults + to the name of the instance. type: string diskSizeGb: + description: The size of the image in gigabytes. If not specified, + it will inherit the size of its base image. For SCRATCH disks, + the size must be exactly 375GB. type: integer diskType: + description: The Google Compute Engine disk type. Can be either + "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". type: string interface: + description: Specifies the disk interface to use for attaching + this disk. type: string labels: additionalProperties: type: string + description: A set of key/value label pairs to assign to disks, type: object mode: + description: The mode in which to attach this disk, either READ_WRITE + or READ_ONLY. If you are attaching or creating a boot disk, + this must read-write mode. type: string sourceDiskRef: oneOf: @@ -6588,17 +8409,27 @@ spec: type: string type: object type: + description: The type of Google Compute Engine disk, can be either + "SCRATCH" or "PERSISTENT". type: string type: object type: array enableDisplay: + description: 'Enable Virtual Displays on this instance. Note: allow_stopping_for_update + must be set to true in order to update this field.' type: boolean guestAccelerator: + description: List of the type and count of accelerator cards attached + to the instance. items: properties: count: + description: The number of the guest accelerator cards exposed + to this instance. type: integer type: + description: The accelerator type resource to expose to this instance. + E.g. nvidia-tesla-k80. type: string required: - count @@ -6606,8 +8437,12 @@ spec: type: object type: array instanceDescription: + description: A description of the instance. type: string machineType: + description: The machine type to create. To create a machine with a + custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB + like custom-6-20480 for 6 vCPU and 20GB of RAM. type: string metadata: items: @@ -6622,12 +8457,23 @@ spec: type: object type: array metadataStartupScript: + description: An alternative to using the startup-script metadata key, + mostly to match the compute_instance resource. This replaces the startup-script + metadata key on the created instance and thus the two mechanisms are + not allowed to be used simultaneously. type: string minCpuPlatform: + description: Specifies a minimum CPU platform. Applicable values are + the friendly names of CPU platforms, such as Intel Haswell or Intel + Skylake. type: string namePrefix: + description: Creates a unique name beginning with the specified prefix. + Conflicts with name. type: string networkInterface: + description: Networks to attach to instances created from this template. + This can be specified multiple times for multiple networks. items: properties: accessConfig: @@ -6661,25 +8507,47 @@ spec: type: string type: object networkTier: + description: 'The networking tier used for configuring this + instance template. This field can take the following values: + PREMIUM or STANDARD. If this field is not specified, it + is assumed to be PREMIUM.' type: string publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. type: string type: object type: array aliasIpRange: + description: An array of alias IP ranges for this network interface. + Can only be specified for network interfaces on subnet-mode + networks. items: properties: ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. This IP CIDR range must belong to the specified + subnetwork and cannot contain IP addresses reserved by + system or used by other network interfaces. At the time + of writing only a netmask (e.g. /24) may be supplied, + with a CIDR format resulting in an API error. type: string subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. If left unspecified, the + primary range of the subnetwork will be used. type: string required: - ipCidrRange type: object type: array name: + description: The name of the network_interface. type: string networkIp: + description: The private IP address to assign to the instance. + If empty, the address will be automatically assigned. type: string networkRef: oneOf: @@ -6708,6 +8576,8 @@ spec: type: string type: object subnetworkProject: + description: The ID of the project in which the subnetwork belongs. + If it is not provided, the provider project is used. type: string subnetworkRef: oneOf: @@ -6738,11 +8608,24 @@ spec: type: object type: array region: + description: An instance template is a global resource that is not bound + to a zone or a region. However, you can still specify some regional + resources in an instance template, which restricts the template to + the region where that resource resides. For example, a custom subnetwork + resource is tied to a specific region. Defaults to the region of the + Provider if no value is given. type: string scheduling: + description: The scheduling strategy to use. properties: automaticRestart: + description: Specifies whether the instance should be automatically + restarted if it is terminated by Compute Engine (not terminated + by a user). This defaults to true. type: boolean + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer nodeAffinities: items: properties: @@ -6751,13 +8634,19 @@ spec: type: object type: array onHostMaintenance: + description: Defines the maintenance behavior for this instance. type: string preemptible: + description: Allows instance to be preempted. This defaults to false. type: boolean type: object serviceAccount: + description: Service account to attach to the instance. properties: scopes: + description: A list of service scopes. Both OAuth2 URLs and gcloud + short names are supported. To allow full access to all Cloud APIs, + use the cloud-platform scope. items: type: string type: array @@ -6791,15 +8680,29 @@ spec: - scopes type: object shieldedInstanceConfig: + description: 'Enable Shielded VM on this instance. Shielded VM provides + verifiable integrity to prevent against malware and rootkits. Defaults + to disabled. Note: shielded_instance_config can only be used with + boot images with shielded vm support.' properties: enableIntegrityMonitoring: + description: Compare the most recent boot measurements to the integrity + policy baseline and return a pair of pass/fail results depending + on whether they match or not. Defaults to true. type: boolean enableSecureBoot: + description: Verify the digital signature of all boot components, + and halt the boot process if signature verification fails. Defaults + to false. type: boolean enableVtpm: + description: Use a virtualized trusted platform module, which is + a specialized computer chip you can use to encrypt objects like + keys and certificates. Defaults to true. type: boolean type: object tags: + description: Tags to attach to the instance. items: type: string type: array @@ -6836,10 +8739,13 @@ spec: type: object type: array metadataFingerprint: + description: The unique fingerprint of the metadata. type: string selfLink: + description: The URI of the created resource. type: string tagsFingerprint: + description: The unique fingerprint of the tags. type: string type: object required: @@ -6857,7 +8763,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -6962,7 +8868,7 @@ spec: - external properties: external: - description: The name of a ComputeRouter. + description: The selfLink of a ComputeRouter. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7076,7 +8982,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7150,7 +9056,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7178,7 +9084,7 @@ spec: - external properties: external: - description: The name of a ComputeSubnetwork. + description: The selfLink of a ComputeSubnetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7240,7 +9146,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7277,8 +9183,16 @@ spec: spec: properties: exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: type: boolean importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: type: boolean networkRef: oneOf: @@ -7365,8 +9279,11 @@ spec: type: object type: array state: + description: State for the peering, either ACTIVE or INACTIVE. The peering + is ACTIVE when there's a matching configuration in the peer network. type: string stateDetails: + description: Details about the current state of the peering. type: string type: object required: @@ -7384,7 +9301,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7494,7 +9411,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7541,16 +9458,18 @@ spec: to 100 and greater than or equal to min-nodes. type: integer minNodes: - description: "Minimum size of the node group. Must be less \nthan - or equal to max-nodes. The default value is 0." + description: |- + Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. type: integer mode: - description: "The autoscaling mode. Set to one of the following:\n - \ - OFF: Disables the autoscaler.\n - ON: Enables scaling in - and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out. - \n You must use this mode if your node groups are configured - to \n restart their hosted VMs on minimal servers. Possible values: - [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]" + description: |- + The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"] type: string type: object description: @@ -7643,7 +9562,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7679,6 +9598,10 @@ spec: type: object spec: properties: + cpuOvercommitType: + description: 'CPU overcommit. Default value: "NONE" Possible values: + ["ENABLED", "NONE"]' + type: string description: description: An optional textual description of the resource. type: string @@ -7784,7 +9707,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -7962,7 +9885,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8178,7 +10101,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8241,8 +10164,14 @@ spec: type: string type: object ipRange: + description: IP address and range of the interface. The IP range must + be in the RFC3927 link-local IP space. Changing this forces a new + interface to be created. type: string region: + description: The region this interface's router sits in. If not specified, + the project region will be used. Changing this forces a new interface + to be created. type: string routerRef: oneOf: @@ -8287,7 +10216,7 @@ spec: - external properties: external: - description: The name of a ComputeVPNTunnel. + description: The selfLink of a ComputeVPNTunnel. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8344,7 +10273,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8631,7 +10560,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8854,7 +10783,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8962,7 +10891,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9027,7 +10956,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9091,7 +11020,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9266,7 +11195,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9303,19 +11232,43 @@ spec: spec: properties: description: + description: An optional description of this security policy. Max size + is 2048. type: string rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, a + default rule with action "allow" will be added. items: properties: action: + description: 'Action to take when match matches the request. Valid + values: "allow" : allow access to target, "deny(status)" : + deny access to target, returns the HTTP response code specified + (valid values are 403, 404 and 502)' type: string description: + description: An optional description of this rule. Max size is + 64. type: string match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action is + enforced. properties: config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr is + not specified. properties: srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or IPV6) + in CIDR notation to match against inbound traffic. There + is a limit of 10 IP ranges per rule. A value of '*' + matches all IPs (can be used to override the default + behavior). items: type: string type: array @@ -9323,18 +11276,35 @@ spec: - srcIpRanges type: object expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. properties: expression: + description: Textual representation of an expression in + Common Expression Language syntax. The application context + of the containing message determines which well-known + feature set of CEL is supported. type: string required: - expression type: object versionedExpr: + description: 'Predefined rule expression. If this field is + specified, config must also be specified. Available options: SRC_IPS_V1: + Must specify the corresponding src_ip_ranges field in config.' type: string type: object preview: + description: When set to true, the action specified above is not + enforced. Stackdriver logs for requests that trigger a preview + action are annotated as such. type: boolean priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest priority + (lowest numerically) to lowest priority (highest numerically) + in order. type: integer required: - action @@ -9372,8 +11342,10 @@ spec: type: object type: array fingerprint: + description: Fingerprint of this resource. type: string selfLink: + description: The URI of the created resource. type: string type: object type: object @@ -9389,7 +11361,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9465,7 +11437,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9574,7 +11546,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9618,6 +11590,62 @@ spec: The customer-supplied encryption key of the snapshot. Required if the source snapshot is protected by a customer-supplied encryption key. properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a KMSCryptoKey. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The email of an IAMServiceAccount. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object rawKey: description: |- Specifies a 256-bit customer-supplied encryption key, encoded in @@ -9663,8 +11691,6 @@ spec: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. type: string - required: - - rawKey type: object sourceDiskEncryptionKey: description: |- @@ -9672,6 +11698,35 @@ spec: if the source snapshot is protected by a customer-supplied encryption key. properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The email of an IAMServiceAccount. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object rawKey: description: |- Specifies a 256-bit customer-supplied encryption key, encoded in @@ -9740,6 +11795,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + storageLocations: + description: Cloud Storage bucket storage location of the snapshot (regional + or multi-regional). + items: + type: string + type: array zone: description: A reference to the zone where the disk is hosted. type: string @@ -9823,7 +11884,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10002,7 +12063,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10130,7 +12191,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10190,9 +12251,12 @@ spec: Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. - Possible values are INTERVAL_5_SEC, INTERVAL_30_SEC, INTERVAL_1_MIN, - INTERVAL_5_MIN, INTERVAL_10_MIN, INTERVAL_15_MIN Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"] + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"] + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. type: string flowSampling: description: |- @@ -10206,8 +12270,15 @@ spec: description: |- Can only be specified if VPC flow logging for this subnetwork is enabled. Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA"] + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"] type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array type: object networkRef: description: |- @@ -10229,7 +12300,7 @@ spec: - external properties: external: - description: The name of a ComputeNetwork. + description: The selfLink of a ComputeNetwork. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10350,7 +12421,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10478,7 +12549,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10678,7 +12749,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10749,6 +12820,36 @@ spec: NAT option controlling how IPs are NAT'ed to the instance. Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"] type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The selfLink of a ComputeNetwork. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object zone: description: URL of the zone where the target instance resides. type: string @@ -10805,7 +12906,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10868,8 +12969,11 @@ spec: type: string type: object description: + description: Textual description field. type: string failoverRatio: + description: Ratio (0 to 1) of failed nodes before using the backup + pool (which must also be set). type: number healthChecks: items: @@ -10931,8 +13035,12 @@ spec: type: object type: array region: + description: Where the target pool resides. Defaults to project region. type: string sessionAffinity: + description: How to distribute load. Options are "NONE" (no affinity). + "CLIENT_IP" (hash of the source/dest addresses / ports), and "CLIENT_IP_PROTO" + also includes the protocol (default "NONE"). type: string required: - region @@ -10966,6 +13074,7 @@ spec: type: object type: array selfLink: + description: The URI of the created resource. type: string type: object required: @@ -10983,7 +13092,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11173,7 +13282,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11299,7 +13408,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11424,7 +13533,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11460,6 +13569,349 @@ spec: type: object spec: properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions + like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. + If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService + is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests are aborted + as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are delayed + as part of fault injection, before being sent to a backend + service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + connection failure, and refused streams. + gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, prior to + forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request prior + to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + type: integer + type: object + type: array + type: object defaultService: description: |- The backend service or backend bucket to use when none of the given @@ -11560,12 +14012,17 @@ spec: redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] type: string stripQuery: @@ -11686,6 +14143,353 @@ spec: description: The list of named PathMatchers to use against the URL. items: properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with this + route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + connection failure, and refused streams. + gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, prior + to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + type: integer + type: object + type: array + type: object defaultService: description: |- The backend service or backend bucket to use when none of the given @@ -11786,12 +14590,17 @@ spec: redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] type: string stripQuery: @@ -12036,12 +14845,36 @@ spec: responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - backendService + - backendServiceRef type: object retryPolicy: description: Specifies the retry policy associated with @@ -12148,10 +14981,6 @@ spec: items: properties: backendServiceRef: - description: |- - The default ComputeBackendService resource. Before forwarding the - request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. oneOf: - not: required: @@ -12168,7 +14997,7 @@ spec: - external properties: external: - description: The selfLink of a ComputeBackendService. + description: The name of a ComputeBackendService. type: string name: description: 'Name of the referent. More info: @@ -12369,12 +15198,17 @@ spec: redirectResponseCode: description: |- The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - PERMANENT_REDIRECT, which corresponds to 308. In this case, + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] type: string stripQuery: @@ -12810,12 +15644,36 @@ spec: responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: - backendService: - description: The BackendService resource being mirrored - to. - type: string + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a ComputeBackendService. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - backendService + - backendServiceRef type: object retryPolicy: description: Specifies the retry policy associated with @@ -12926,10 +15784,6 @@ spec: items: properties: backendServiceRef: - description: |- - The default ComputeBackendService resource. Before forwarding the - request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. oneOf: - not: required: @@ -12946,7 +15800,7 @@ spec: - external properties: external: - description: The selfLink of a ComputeBackendService. + description: The name of a ComputeBackendService. type: string name: description: 'Name of the referent. More info: @@ -13083,12 +15937,17 @@ spec: type: string redirectResponseCode: description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"] type: string stripQuery: description: |- @@ -13250,7 +16109,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13381,7 +16240,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13712,7 +16571,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13757,6 +16616,8 @@ spec: properties: disabled: type: boolean + loadBalancerType: + type: string required: - disabled type: object @@ -13952,6 +16813,13 @@ spec: work for routes-based clusters, where ip_allocation_policy is not defined. type: string + clusterTelemetry: + properties: + type: + type: string + required: + - type + type: object databaseEncryption: description: 'Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state @@ -13967,11 +16835,27 @@ spec: required: - state type: object + datapathProvider: + description: The desired datapath provider for this cluster. By default, + uses the IPTables-based kube-proxy implementation. + type: string defaultMaxPodsPerNode: description: The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object description: description: ' Description of the cluster.' type: string @@ -14023,12 +16907,9 @@ spec: a specific range to use. type: string clusterSecondaryRangeName: - description: The IP address range of the services IPs in this cluster. - Set to blank to have a range chosen with the default size. Set - to /netmask (e.g. /14) to have a range chosen with a specific - netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 - private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) - to pick a specific range to use. + description: The name of the existing secondary range in the cluster's + subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block + can be used to automatically create a GKE-managed one. type: string servicesIpv4CidrBlock: description: The IP address range of the services IPs in this cluster. @@ -14241,6 +17122,10 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + networkingMode: + description: Determines whether alias IPs or routes will be used for + pod IPs in the cluster. + type: string nodeConfig: properties: bootDiskKMSCryptoKeyRef: @@ -14287,10 +17172,30 @@ spec: type: array imageType: type: string + kubeletConfig: + properties: + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + required: + - cpuManagerPolicy + type: object labels: additionalProperties: type: string type: object + linuxNodeConfig: + properties: + sysctls: + additionalProperties: + type: string + type: object + required: + - sysctls + type: object localSsdCount: type: integer machineType: @@ -14384,6 +17289,48 @@ spec: type: array nodeVersion: type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications + properties: + pubsub: + description: Notification config for Cloud Pub/Sub + properties: + enabled: + description: Whether or not the notification config is enabled + type: boolean + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a PubSubTopic. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object podSecurityPolicyConfig: description: Configuration for the PodSecurityPolicy feature. properties: @@ -14412,6 +17359,16 @@ spec: only applies to private clusters, when enable_private_nodes is true. type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object masterIpv4CidrBlock: description: The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private @@ -14565,6 +17522,9 @@ spec: type: string operation: type: string + selfLink: + description: Server-defined URL for the resource. + type: string servicesIpv4Cidr: description: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are @@ -14590,7 +17550,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14743,10 +17703,30 @@ spec: type: array imageType: type: string + kubeletConfig: + properties: + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + required: + - cpuManagerPolicy + type: object labels: additionalProperties: type: string type: object + linuxNodeConfig: + properties: + sysctls: + additionalProperties: + type: string + type: object + required: + - sysctls + type: object localSsdCount: type: integer machineType: @@ -14921,7 +17901,101 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: + type: string + parameters: + type: object + region: + description: The region in which the created job should run. + type: string + required: + - containerSpecGcsPath + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14958,14 +18032,21 @@ spec: spec: properties: additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. items: type: string type: array ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string machineType: + description: The machine type to use for the job. type: string maxWorkers: + description: The number of workers permitted to work on the job. More + workers may improve processing speed at additional cost. type: integer networkRef: oneOf: @@ -14994,8 +18075,11 @@ spec: type: string type: object parameters: + description: Key/Value pairs to be passed to the Dataflow job (as used + in the template). type: object region: + description: The region in which the created job should run. type: string serviceAccountRef: oneOf: @@ -15050,10 +18134,20 @@ spec: type: string type: object tempGcsLocation: + description: A writeable location on Google Cloud Storage for the Dataflow + job to dump its temporary data. type: string templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object zone: + description: The zone in which the created job should run. If it is + not provided, the provider zone is used. type: string required: - tempGcsLocation @@ -15088,10 +18182,14 @@ spec: type: object type: array jobId: + description: The unique ID of this job. type: string state: + description: The current state of the resource, selected from the JobState + enum. type: string type: + description: The type of this job, selected from the JobType enum. type: string type: object required: @@ -15109,7 +18207,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15146,6 +18244,8 @@ spec: spec: properties: description: + description: A textual description field. Defaults to 'Managed by Config + Connector'. type: string dnsName: description: The DNS name of this managed zone, for instance "example.com.". @@ -15395,7 +18495,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15444,6 +18544,12 @@ spec: are not available when an alternative name server is specified. items: properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"] + type: string ipv4Address: description: IPv4 address to forward to. type: string @@ -15455,6 +18561,8 @@ spec: - targetNameServers type: object description: + description: A textual description field. Defaults to 'Managed by Config + Connector'. type: string enableInboundForwarding: description: |- @@ -15547,7 +18655,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15610,14 +18718,17 @@ spec: type: string type: object name: + description: The DNS name this record set will apply to. type: string rrdatas: items: type: string type: array ttl: + description: The time-to-live of this record set (seconds). type: integer type: + description: The DNS record set type. type: string required: - managedZoneRef @@ -15670,7 +18781,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15794,7 +18905,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15831,6 +18942,11 @@ spec: spec: properties: displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. type: string required: - displayName @@ -15864,10 +18980,18 @@ spec: type: object type: array createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}" type: string lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. type: string name: + description: The resource name of the Folder. Its format is folders/{folder_id}. type: string type: object required: @@ -15885,7 +19009,139 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + controller-tools.k8s.io: "1.0" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type of + permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ + type: string + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Required. The GCP resource to set the IAMAuditConfig on + (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Required. The service for which to enable Data Access + audit logs. The special value ''allServices'' covers all services. + Note that if there are audit configs covering both ''allServices'' + and a specific service, then the union of the two audit configs is + used for that service: the ''logTypes'' specified in each ''auditLogConfig'' + are enabled, and the ''exemptedMembers'' in each ''auditLogConfg'' + are exempted.' + type: string + required: + - resourceRef + - service + - auditLogConfigs + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + type: object + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15922,14 +19178,19 @@ spec: spec: properties: description: + description: A human-readable description for the role. type: string permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. items: type: string type: array stage: + description: The current launch stage of the role. Defaults to GA. type: string title: + description: A human-readable title for the role. type: string required: - permissions @@ -15964,8 +19225,12 @@ spec: type: object type: array deleted: + description: The current deleted state of the role. type: boolean name: + description: The name of the role in the format projects/{{project}}/roles/{{role_id}}. + Like id, this field can be used as a reference in other resources + such as IAM role bindings. type: string type: object required: @@ -15983,7 +19248,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15993,8 +19258,14 @@ metadata: spec: group: iam.cnrm.cloud.google.com names: + categories: + - gcp kind: IAMPolicy plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy scope: Namespaced validation: openAPIV3Schema: @@ -16013,6 +19284,48 @@ spec: type: object spec: properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this + type of permission. The format is the same as that for + 'members' in IAMPolicy/IAMPolicyMember. + items: + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ + type: string + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data Access + audit logs. The special value ''allServices'' covers all services. + Note that if there are audit configs covering both ''allServices'' + and a specific service, then the union of the two audit configs + is used for that service: the ''logTypes'' specified in each + ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string + required: + - service + - auditLogConfigs + type: object + type: array bindings: description: Optional. The list of IAM bindings. items: @@ -16040,7 +19353,7 @@ spec: type: array role: description: Required. The role to bind the users to. - pattern: ^(projects/[^/]+/)?roles/[\w_\.]+$ + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - role @@ -16131,7 +19444,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16141,8 +19454,14 @@ metadata: spec: group: iam.cnrm.cloud.google.com names: + categories: + - gcp kind: IAMPolicyMember plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember scope: Namespaced validation: openAPIV3Schema: @@ -16221,7 +19540,7 @@ spec: type: object role: description: Required. The role for which the Member will be bound. - pattern: ^(projects/[^/]+/)?roles/[\w_\.]+$ + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - resourceRef @@ -16270,7 +19589,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16307,9 +19626,18 @@ spec: spec: properties: keyAlgorithm: + description: 'The algorithm used to generate the key, used only on create. + KEY_ALG_RSA_2048 is the default algorithm. Valid values are: "KEY_ALG_RSA_1024", + "KEY_ALG_RSA_2048".' type: string privateKeyType: type: string + publicKeyData: + description: A field that allows clients to upload their own public + key. If set, use this public key data to create a service account + key for given service account. Please note, the expected format for + this field is a base64 encoded X509_PEM. + type: string publicKeyType: type: string serviceAccountRef: @@ -16370,14 +19698,24 @@ spec: type: object type: array name: + description: The name used for this key pair type: string privateKey: + description: The private key in JSON format, base64 encoded. This is + what you normally get as a file when creating service account keys + through the CLI or web console. This is only populated when creating + a new key. type: string publicKey: + description: The public key, base64 encoded type: string validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' type: string validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".' type: string type: object required: @@ -16395,7 +19733,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16432,8 +19770,12 @@ spec: spec: properties: description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. type: string displayName: + description: The display name for the service account. Can be updated + without creating a new resource. type: string type: object status: @@ -16465,10 +19807,15 @@ spec: type: object type: array email: + description: The e-mail address of the service account. This value should + be referenced from any google_iam_policy data sources that would grant + the service account privileges. type: string name: + description: The fully-qualified name of the service account. type: string uniqueId: + description: The unique id of the service account. type: string type: object type: object @@ -16484,7 +19831,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16625,7 +19972,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16715,7 +20062,553 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used instead. + In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a BigQueryDataset. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a PubSubTopic. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a StorageBucket. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The folderId of a Folder. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Whether or not to include children organizations in the + sink export. If true, logs associated with child projects are also + exported; otherwise only logs relating to the provided organization + are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of an Organization. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a Project. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + uniqueWriterIdentity: + description: Whether or not to create a unique identity associated with + this sink. If false (the default), then the writer_identity used is + serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then + a unique service account is created and used for this sink. If you + wish to publish logs across projects, you must set unique_writer_identity + to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + writerIdentity: + description: The identity associated with this sink. This identity must + be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond the + display name, for the channel. This may not exceed 1024 Unicode characters. + type: string + enabled: + description: Whether notifications are forwarded to the described channel. + This makes it possible to disable delivery of notifications to a particular + channel without removing the channel from all alerting policies that + reference the channel. This is a more convenient approach when the + change is temporary and you want to receive notifications from the + same set of alerting policies on the channel at some point in the + future. + type: boolean + labels: + additionalProperties: + type: string + type: object + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if + 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel types + that support this field include: webhook_basicauth' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if + 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. Channel + types that support this field include: pagerduty' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if + 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for channels + of this type.This field cannot be modified using a standard UpdateNotificationChannel + operation. To change the value of this field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16778,6 +20671,7 @@ spec: type: string type: object name: + description: The display name of the project. type: string required: - name @@ -16811,6 +20705,7 @@ spec: type: object type: array number: + description: The numeric identifier of the project. type: string type: object required: @@ -16828,7 +20723,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16933,6 +20828,12 @@ spec: basis.\n\nIf this parameter is 0, a default value of 5 is used." type: integer type: object + enableMessageOrdering: + description: |- + If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean expirationPolicy: description: |- A policy that specifies the conditions for this subscription's expiration. @@ -16954,6 +20855,13 @@ spec: required: - ttl type: object + filter: + description: "The subscription only delivers the messages that match + the filter. \nPub/Sub automatically acknowledges the messages that + don't match the filter. You can filter messages\nby their attributes. + The maximum length of a filter is 256 bytes. After creating the subscription, + \nyou can't modify the filter." + type: string messageRetentionDuration: description: |- How long to retain unacknowledged messages in the subscription's @@ -17040,6 +20948,25 @@ spec: they are acknowledged, until they fall out of the messageRetentionDuration window. type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message delivery + for this subscription.\n\nIf not set, the default retry policy is + applied. This generally implies that messages will be retried as soon + as possible for healthy subscribers. \nRetryPolicy will be triggered + on NACKs or acknowledgement deadline exceeded events for a given message" + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries of + a given message. Value should be between 0 and 600 seconds. Defaults + to 600 seconds. \nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object topicRef: description: Reference to a PubSubTopic. oneOf: @@ -17116,7 +21043,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17247,7 +21174,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17350,6 +21277,7 @@ spec: The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: + - REDIS_5_0 for Redis 5.0 compatibility - REDIS_4_0 for Redis 4.0 compatibility - REDIS_3_2 for Redis 3.2 compatibility type: string @@ -17421,6 +21349,13 @@ spec: Hostname or IP address of the exposed Redis endpoint used by clients to connect to the service. type: string + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string port: description: The port number of the exposed Redis endpoint. type: integer @@ -17440,7 +21375,257 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: The name of the Constraint the Policy is configuring, for + example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a Folder. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: 'A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow or + deny all values. ' + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set in + this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a configuration + that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of an Organization. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The name of a Project. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default Policy + is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represents the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about last + transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for optimistic + concurrency control as a way to help prevent simultaneous updates + of a policy from overwriting each other. + type: string + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate to + nanoseconds, representing when the variable was last updated. Example: + "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + version: v1beta1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17561,7 +21746,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17724,7 +21909,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17818,6 +22003,11 @@ spec: onto its associated terraform IAM resources (policies, bindings, and members) properties: + auditConfigName: + description: AuditConfigName is the terraform name of the + associated IAM Audit Config resource, if there is any (e.g. + google_project_iam_audit_config for the Project resource) + type: string policyMemberName: description: PolicyMemberName is the terraform name of the associated IAM Policy Member resource (e.g. google_spanner_instance_iam_member) @@ -17907,7 +22097,7 @@ spec: type: string nameValueTemplate: description: NameValueTemplate is a template by which the - value of the metadata.name value should be interpreted before + value of the metadata.name field should be interpreted before being passed to the Terraform provider. {{value}} is used in place of this sourced value. e.g. If the value sourced from metadata.name is "foo_bar", a nameValueTemplate of @@ -17915,10 +22105,39 @@ spec: the provider is "resource/foo_bar" type: string type: object + mutableButUnreadableFields: + description: MutableButUnreadableFields is a list of Terraform + fields that are mutable but not returned by the Terraform read. + KCC tracks the values of such fields to be able to determine + if the user changed their values on the spec. + items: + type: string + type: array name: description: Name is the Terraform name of the resource (e.g. google_spanner_instance) type: string + resourceID: + description: ResourceID determines how to map the `spec.resourceID` + field to the Terraform resource's configuration. For multiple + ResourceConfigs that map to the same Kind, their ResourceID + definition must be the same. + properties: + targetField: + description: TargetField is the name of the field in the TF + resource where the KRM `spec.resourceID` field will be mapped + to. + type: string + valueTemplate: + description: ValueTemplate is a template by which the value + of the `spec.resourceID` field should be interpreted before + being passed to the Terraform provider. {{value}} is used + in place of the source value, i.e. the value of `spec.resourceID`. E.g. + If `spec.resourceID` is "foo", a ValueTemplate of "resources/{{value}}" + means the final value passed to the Terraform provider is + "resources/foo". + type: string + type: object resourceReferences: description: ResourceReferences configures the mapping of fields in the Terraform resource that implicitly define references @@ -17929,11 +22148,11 @@ spec: description: Description is the description for the resource reference that will be exposed in the CRD. type: string - group: - description: Group is the Kubernetes group of the resource - being referenced. If not is set, it is implied that the - kind specified is unique across all groups. - type: string + gvk: + description: GVK is the Group,Version,Kind of the resource + being referenced. This field is mutually exclusive with + JSONSchemaType. + type: object jsonSchemaType: description: JSONSchemaType specifies the type as understood by JSON schema validation of this reference field. Should @@ -17949,12 +22168,6 @@ spec: list defined) or lists of references should not specify a key.' type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are assumed - to match the referencing resource's. This field is mutually - exclusive with JSONSchemaType. - type: string parent: description: Parent specifies whether the referenced resource is a parent. If the parent is successfully deleted, this @@ -17990,12 +22203,11 @@ spec: for that value. items: properties: - group: - description: Group is the Kubernetes group of the - resource being referenced. If not is set, it is - implied that the kind specified is unique across - all groups. - type: string + gvk: + description: GVK is the Group,Version,Kind of the + resource being referenced. This field is mutually + exclusive with JSONSchemaType. + type: object jsonSchemaType: description: JSONSchemaType specifies the type as understood by JSON schema validation of this reference @@ -18012,12 +22224,6 @@ spec: (those with a "Types" list defined) or lists of references should not specify a key.' type: string - kind: - description: Kind is the Kubernetes kind of the resource - being referenced. The API group and version are - assumed to match the referencing resource's. This - field is mutually exclusive with JSONSchemaType. - type: string parent: description: Parent specifies whether the referenced resource is a parent. If the parent is successfully @@ -18038,10 +22244,15 @@ spec: description: ValueTemplate is a template by which the value sourced from the reference should be interpreted before being passed to the Terraform provider. {{value}} - is used in place of this sourced value. e.g. If + is used in place of this sourced value. The template + can contain other value placeholders that need to + be sourced from the reference resource. e.g. If the value sourced from the reference is "foo@domain.com", a valueTemplate of "serviceAccount:{{value}}" would mean the final value passed to the provider is "serviceAccount:foo@domain.com" + e.g. If the template is "projects/{{project}}/topics/{{value}}", + the project value will be sourced from the referenced + resource. type: string type: object type: array @@ -18049,10 +22260,15 @@ spec: description: ValueTemplate is a template by which the value sourced from the reference should be interpreted before being passed to the Terraform provider. {{value}} is used - in place of this sourced value. e.g. If the value sourced - from the reference is "foo@domain.com", a valueTemplate - of "serviceAccount:{{value}}" would mean the final value + in place of this sourced value. The template can contain + other value placeholders that need to be sourced from + the reference resource. e.g. If the value sourced from + the reference is "foo@domain.com", a valueTemplate of + "serviceAccount:{{value}}" would mean the final value passed to the provider is "serviceAccount:foo@domain.com" + e.g. If the template is "projects/{{project}}/topics/{{value}}", + the project value will be sourced from the referenced + resource. type: string required: - tfField @@ -18102,7 +22318,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18193,6 +22409,9 @@ spec: type: object type: array service: + description: Provider peering service that is managing peering connectivity + for a service provider organization. For Google services that support + this functionality it is 'servicenetworking.googleapis.com'. type: string required: - networkRef @@ -18245,7 +22464,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18321,7 +22540,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18481,7 +22700,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18603,7 +22822,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18707,7 +22926,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18835,7 +23054,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18872,6 +23091,11 @@ spec: spec: properties: databaseVersion: + description: The MySQL, PostgreSQL or SQL Server (beta) version to use. + Supported values include MYSQL_5_6, MYSQL_5_7, POSTGRES_9_6,POSTGRES_11, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. type: string encryptionKMSCryptoKeyRef: oneOf: @@ -18926,24 +23150,46 @@ spec: type: string type: object region: + description: The region the instance will sit in. Note, Cloud SQL is + not available in all regions - choose from one of the options listed + here. A valid region must be provided to use this resource. If a region + is not provided in the resource definition, the provider region will + be used instead, but this will be an apply-time error for instances + if the provider region is not supported with Cloud SQL. If you choose + not to provide the region argument for this resource, make sure you + understand this. type: string replicaConfiguration: + description: The configuration for replication. properties: caCertificate: + description: PEM representation of the trusted CA's x509 certificate. type: string clientCertificate: + description: PEM representation of the slave's x509 certificate. type: string clientKey: + description: PEM representation of the slave's private key. The + corresponding public key in encoded in the client_certificate. type: string connectRetryInterval: + description: The number of seconds between connect retries. type: integer dumpFilePath: + description: Path to a SQL file in Google Cloud Storage from which + slave instances are created. Format is gs://bucket/filename. type: string failoverTarget: + description: Specifies if the replica is the failover target. If + the field is set to true the replica will be designated as a failover + replica. If the master instance fails, the replica instance will + be promoted as the new master instance. type: boolean masterHeartbeatPeriod: + description: Time in ms between replication heartbeats. type: integer password: + description: Password for the replication connection. oneOf: - not: required: @@ -18981,13 +23227,19 @@ spec: type: object type: object sslCipher: + description: Permissible ciphers for use in SSL encryption. type: string username: + description: Username for replication connection. type: string verifyServerCertificate: + description: True if the master's common name value is checked during + the SSL handshake. type: boolean type: object rootPassword: + description: Initial root password. Required for MS SQL Server, ignored + by MySQL and PostgreSQL. oneOf: - not: required: @@ -19025,38 +23277,68 @@ spec: type: object type: object settings: + description: The settings to use for the database. The configuration + is detailed below. properties: activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. type: string authorizedGaeApplications: description: DEPRECATED — This property is only applicable to First Generation instances, and First Generation instances are now deprecated. + This property is only applicable to First Generation instances. + First Generation instances are now deprecated, see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + A list of Google App Engine (GAE) project names that are allowed + to access this instance. items: type: string type: array availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For MySQL instances, ensure that + settings.backup_configuration.enabled and + settings.backup_configuration.binary_log_enabled are both set to true. type: string backupConfiguration: properties: binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Cannot be used with Postgres. type: boolean enabled: + description: True if backup configuration is enabled. type: boolean location: + description: Location of the backup configuration. type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean startTime: + description: HH:MM format time indicating when backup configuration + starts. type: string type: object crashSafeReplication: description: DEPRECATED — This property is only applicable to First Generation instances, and First Generation instances are now deprecated. + This property is only applicable to First Generation instances. + First Generation instances are now deprecated, see here for information + on how to upgrade to Second Generation instances. Specific to + read instances, indicates when crash-safe replication flags are + enabled. type: boolean databaseFlags: items: properties: name: + description: Name of the flag. type: string value: + description: Value of the flag. type: string required: - name @@ -19066,8 +23348,11 @@ spec: diskAutoresize: type: boolean diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. type: integer diskType: + description: 'The type of data disk: PD_SSD or PD_HDD.' type: string ipConfiguration: properties: @@ -19085,6 +23370,9 @@ spec: type: object type: array ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. Either ipv4_enabled must be enabled + or a private_network must be configured. type: boolean privateNetworkRef: oneOf: @@ -19118,26 +23406,45 @@ spec: locationPreference: properties: followGaeApplication: + description: A Google App Engine application whose zone to remain + in. Must be in the same region as this instance. type: string zone: + description: The preferred compute engine zone. type: string type: object maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance window + is specified in UTC time. properties: day: + description: Day of week (1-7), starting on Monday type: integer hour: + description: Hour of day (0-23), ignored if day not set type: integer updateTrack: + description: Receive updates earlier (canary) or later (stable) type: string type: object pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string replicationType: description: DEPRECATED — This property is only applicable to First Generation instances, and First Generation instances are now deprecated. + This property is only applicable to First Generation instances. + First Generation instances are now deprecated, see here for information + on how to upgrade to Second Generation instances. Replication + type for this instance, can be one of ASYNCHRONOUS or SYNCHRONOUS. type: string tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types such as db-f1-micro, and custom machine types such as db-custom-2-13312. + See the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string required: - tier @@ -19174,6 +23481,8 @@ spec: type: object type: array connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. type: string firstIpAddress: type: string @@ -19193,21 +23502,29 @@ spec: publicIpAddress: type: string selfLink: + description: The URI of the created resource. type: string serverCaCert: properties: cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. type: string commonName: + description: The CN valid for the CA Cert. type: string createTime: + description: Creation time of the CA Cert. type: string expirationTime: + description: Expiration time of the CA Cert. type: string sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. type: string type: object serviceAccountEmailAddress: + description: The service account email address assigned to the instance. type: string type: object required: @@ -19225,7 +23542,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19262,6 +23579,9 @@ spec: spec: properties: commonName: + description: The common name to be used in the certificate to identify + the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new + resource to be created. type: string instanceRef: description: The Cloud SQL instance. @@ -19297,8 +23617,10 @@ spec: status: properties: cert: + description: The actual certificate data for this client certificate. type: string certSerialNumber: + description: The serial number extracted from the certificate data. type: string conditions: description: Conditions represents the latest available observation @@ -19327,14 +23649,22 @@ spec: type: object type: array createTime: + description: The time when the certificate was created in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string privateKey: + description: The private key associated with the client certificate. type: string serverCaCert: + description: The CA cert of the server this client cert was generated + from. type: string sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. type: string type: object required: @@ -19352,7 +23682,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19389,6 +23719,9 @@ spec: spec: properties: host: + description: The host the user can connect from. This is only supported + for MySQL instances. Don't set this field for PostgreSQL instances. + Can be an IP address. Changing this forces a new resource to be created. type: string instanceRef: oneOf: @@ -19417,6 +23750,8 @@ spec: type: string type: object password: + description: The password for the user. Can be updated. For Postgres + instances this is a Required field. oneOf: - not: required: @@ -19500,7 +23835,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19639,7 +23974,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19676,21 +24011,36 @@ spec: spec: properties: bucketPolicyOnly: + description: DEPRECATED — Please use the uniform_bucket_level_access + as this field has been renamed by Google. Enables Bucket Policy Only + access to a bucket. type: boolean cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. items: properties: maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. type: integer method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' items: type: string type: array origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' items: type: string type: array responseHeader: + description: The list of HTTP headers other than the simple response + headers to give permission for the user-agent to share across + domains. items: type: string type: array @@ -19699,6 +24049,7 @@ spec: defaultEventBasedHold: type: boolean encryption: + description: The bucket's encryption configuration. properties: kmsKeyRef: oneOf: @@ -19730,30 +24081,51 @@ spec: - kmsKeyRef type: object lifecycleRule: + description: The bucket's Lifecycle Rules configuration. items: properties: action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. properties: storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' type: string type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete and SetStorageClass.' type: string required: - type type: object condition: + description: The Lifecycle Rule's condition configuration. properties: age: + description: Minimum age of an object in days to satisfy this + condition. type: integer createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. type: string matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' items: type: string type: array numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. type: integer withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' type: string type: object required: @@ -19762,41 +24134,68 @@ spec: type: object type: array location: + description: The Google Cloud Storage location type: string logging: + description: The bucket's Access & Storage Logs configuration. properties: logBucket: + description: The bucket that will receive log objects. type: string logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string required: - logBucket type: object requesterPays: + description: Enables Requester Pays on a storage bucket. type: boolean retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. properties: isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: Locking + a bucket is an irreversible action.' type: boolean retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, or + archived. The value must be less than 3,155,760,000 seconds. type: integer required: - retentionPeriod type: object storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean versioning: + description: The bucket's Versioning configuration. properties: enabled: + description: While set to true, versioning is fully enabled for + this bucket. type: boolean required: - enabled type: object website: + description: Configuration if the bucket acts as a website. properties: mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. type: string notFoundPage: + description: The custom object to return when a requested resource + is not found. type: string type: object type: object @@ -19829,8 +24228,10 @@ spec: type: object type: array selfLink: + description: The URI of the created resource. type: string url: + description: The base URL of the bucket, in the format gs://. type: string type: object type: object @@ -19846,7 +24247,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20000,7 +24401,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20065,14 +24466,25 @@ spec: customAttributes: additionalProperties: type: string + description: ' A set of key/value attribute pairs to attach to each + Cloud Pub/Sub message published for this notification subscription' type: object eventTypes: + description: 'List of event type filters for this notification config. + If not specified, Cloud Storage will send notifications for all event + types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE"' items: type: string type: array objectNamePrefix: + description: Specifies a prefix path filter for this notification config. + Cloud Storage will only send notifications for objects in this bucket + whose names begin with the specified prefix. type: string payloadFormat: + description: The desired content of the Payload. One of "JSON_API_V1" + or "NONE". type: string topicRef: oneOf: @@ -20134,8 +24546,10 @@ spec: type: object type: array notificationId: + description: The ID of the created notification. type: string selfLink: + description: The URI of the created resource. type: string type: object required: @@ -20153,7 +24567,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.15.1 + cnrm.cloud.google.com/version: 1.27.2 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20190,16 +24604,26 @@ spec: spec: properties: description: + description: Unique description to identify the Transfer Job. type: string schedule: + description: Schedule specification defining when the Transfer Job should + be scheduled to start, end and and what time to run. properties: scheduleEndDate: + description: The last day the recurring transfer will be run. If + schedule_end_date is the same as schedule_start_date, the transfer + will be executed only once. properties: day: + description: Day of month. Must be from 1 to 31 and valid for + the year and month. type: integer month: + description: Month of year. Must be from 1 to 12. type: integer year: + description: Year of date. Must be from 1 to 9999. type: integer required: - day @@ -20207,12 +24631,19 @@ spec: - year type: object scheduleStartDate: + description: The first day the recurring transfer is scheduled to + run. If schedule_start_date is in the past, the transfer will + run for the first time on the following day. properties: day: + description: Day of month. Must be from 1 to 31 and valid for + the year and month. type: integer month: + description: Month of year. Must be from 1 to 12. type: integer year: + description: Year of date. Must be from 1 to 9999. type: integer required: - day @@ -20220,14 +24651,29 @@ spec: - year type: object startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. If + not specified, recurring and one-time transfers that are scheduled + to run today will run immediately; recurring transfers that are + scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. type: integer minutes: + description: Minutes of hour of day. Must be from 0 to 59. type: integer nanos: + description: Fractions of seconds in nanoseconds. Must be from + 0 to 999,999,999. type: integer seconds: + description: Seconds of minutes of the time. Must normally be + from 0 to 59. type: integer required: - hours @@ -20239,14 +24685,23 @@ spec: - scheduleStartDate type: object status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, and + an operation spawned by the transfer is running, the status change + would not affect the current operation.' type: string transferSpec: + description: Transfer specification. properties: awsS3DataSource: + description: An AWS S3 data source. properties: awsAccessKey: + description: AWS credentials block. properties: accessKeyId: + description: AWS Key ID. oneOf: - not: required: @@ -20286,6 +24741,7 @@ spec: type: object type: object secretAccessKey: + description: AWS Secret Access Key. oneOf: - not: required: @@ -20329,12 +24785,14 @@ spec: - secretAccessKey type: object bucketName: + description: S3 Bucket name. type: string required: - awsAccessKey - bucketName type: object gcsDataSink: + description: A Google Cloud Storage data sink. properties: bucketRef: oneOf: @@ -20366,6 +24824,7 @@ spec: - bucketRef type: object gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: oneOf: @@ -20397,34 +24856,67 @@ spec: - bucketRef type: object httpDataSource: + description: An HTTP URL data source. properties: listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. Currently, + only URLs with HTTP and HTTPS schemes are supported. type: string required: - listUrl type: object objectConditions: + description: Only objects that satisfy these object conditions are + included in the set of data source and data sink objects. Object + conditions based on objects' last_modification_time do not exclude + objects in a data sink. properties: excludePrefixes: + description: exclude_prefixes must follow the requirements described + for include_prefixes. items: type: string type: array includePrefixes: + description: If include_refixes is specified, objects that satisfy + the object conditions must have names that start with one + of the include_prefixes and that do not start with any of + the exclude_prefixes. If include_prefixes is not specified, + all objects except those that have names starting with one + of the exclude_prefixes must satisfy the object conditions. items: type: string type: array maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' type: string minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' type: string type: object transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a data + sink. properties: deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. type: boolean deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. type: boolean overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. type: boolean type: object type: object @@ -20462,12 +24954,16 @@ spec: type: object type: array creationTime: + description: When the Transfer Job was created. type: string deletionTime: + description: When the Transfer Job was deleted. type: string lastModificationTime: + description: When the Transfer Job was last modified. type: string name: + description: The name of the Transfer Job. type: string type: object required: