diff --git a/.github/workflows/update-crds.yml b/.github/workflows/update-crds.yml index 60409585c..5770c6ded 100644 --- a/.github/workflows/update-crds.yml +++ b/.github/workflows/update-crds.yml @@ -33,6 +33,8 @@ jobs: ./code-generator/fix-cargo-warnings.sh "${feature}" fi done + env: + K8S_OPENAPI_ENABLED_VERSION: "1.30" - id: cpr name: Create Pull Request uses: peter-evans/create-pull-request@v6 diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 9463f137b..63345fc7c 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -36,8 +36,10 @@ jobs: fi env: RUSTFLAGS: "--deny warnings" + K8S_OPENAPI_ENABLED_VERSION: "1.30" - name: Check Dependency Updates run: ./code-generator/test-custom-resources.sh about_k8s_io if: ${{ github.actor == 'dependabot[bot]' }} env: RUSTFLAGS: "--deny warnings" + K8S_OPENAPI_ENABLED_VERSION: "1.30" diff --git a/.reuse/dep5 b/.reuse/dep5 index d1160a32f..04f6674f8 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -551,6 +551,10 @@ Files: crd-catalog/GoogleCloudPlatform/gke-managed-certs/* Copyright: The GoogleCloudPlatform/gke-managed-certs Authors License: Apache-2.0 +Files: crd-catalog/GoogleCloudPlatform/gke-networking-recipes/* +Copyright: The GoogleCloudPlatform/gke-networking-recipes Authors +License: Apache-2.0 + Files: crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/* Copyright: The GoogleCloudPlatform/spark-on-k8s-operator Authors License: Apache-2.0 diff --git a/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpbackendpolicies.yaml b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpbackendpolicies.yaml new file mode 100644 index 000000000..d55f7b6d7 --- /dev/null +++ b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpbackendpolicies.yaml @@ -0,0 +1,207 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "(unknown)" + name: "gcpbackendpolicies.networking.gke.io" +spec: + conversion: + strategy: "None" + group: "networking.gke.io" + names: + kind: "GCPBackendPolicy" + listKind: "GCPBackendPolicyList" + plural: "gcpbackendpolicies" + singular: "gcpbackendpolicy" + scope: "Namespaced" + versions: + - name: "v1" + schema: + openAPIV3Schema: + description: "GCPBackendPolicy provides a way to apply LoadBalancer policy configuration with the GKE implementation of the Gateway API." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired state of GCPBackendPolicy." + properties: + default: + description: "Default defines default policy configuration for the targeted resource." + properties: + connectionDraining: + description: "ConnectionDraining contains configuration for connection draining" + properties: + drainingTimeoutSec: + description: "DrainingTimeoutSec is a BackendService parameter. It is used during removal of VMs from instance groups. This guarantees that for the specified time all existing connections to a VM will remain untouched, but no new connections will be accepted. Set timeout to zero to disable connection draining. Enable the feature by specifying a timeout of up to one hour. If the field is omitted, a default value (0s) will be used. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices" + format: "int64" + maximum: 3600.0 + minimum: 0.0 + type: "integer" + type: "object" + iap: + description: "IAP contains the configurations for Identity-Aware Proxy. Identity-Aware Proxy manages access control policies for backend services associated with a HTTPRoute, so they can be accessed only by authenticated users or applications with correct Identity and Access Management (IAM) role. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices" + properties: + clientID: + description: "ClientID is the OAuth2 client ID to use for the authentication flow. See iap.oauth2ClientId in https://cloud.google.com/compute/docs/reference/rest/v1/backendServices ClientID must be set if Enabled is set to true." + type: "string" + enabled: + description: "Enabled denotes whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the ClientID and Oauth2ClientSecret fields must be non-empty. If not specified, this defaults to false, which means Identity-Aware Proxy is disabled by default." + type: "boolean" + oauth2ClientSecret: + description: "Oauth2ClientSecret contains the OAuth2 client secret to use for the authentication flow. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices Oauth2ClientSecret must be set if Enabled is set to true." + properties: + name: + description: "Name is the reference to the secret resource." + type: "string" + type: "object" + type: "object" + logging: + description: "LoggingConfig contains configuration for logging." + properties: + enabled: + description: "Enabled denotes whether to enable logging for the load balancer traffic served by this backend service. If not specified, this defaults to false, which means logging is disabled by default." + type: "boolean" + sampleRate: + description: "This field can only be specified if logging is enabled for this backend service. The value of the field must be in range [0, 1e6]. This is converted to a floating point value in the range [0, 1] by dividing by 1e6 for use with the GCE api and interpreted as the proportion of requests that will be logged. By default all requests will be logged." + format: "int32" + maximum: 1000000.0 + minimum: 0.0 + type: "integer" + type: "object" + securityPolicy: + description: "SecurityPolicy is a reference to a GCP Cloud Armor SecurityPolicy resource." + type: "string" + sessionAffinity: + description: "SessionAffinityConfig contains configuration for stickiness parameters." + properties: + cookieTtlSec: + description: "CookieTTLSec specifies the lifetime of cookies in seconds. This setting requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600)." + format: "int64" + maximum: 1209600.0 + minimum: 0.0 + type: "integer" + type: + description: "Type specifies the type of session affinity to use. If not specified, this defaults to NONE." + enum: + - "CLIENT_IP" + - "CLIENT_IP_PORT_PROTO" + - "CLIENT_IP_PROTO" + - "GENERATED_COOKIE" + - "HEADER_FIELD" + - "HTTP_COOKIE" + - "NONE" + type: "string" + type: "object" + timeoutSec: + description: "TimeoutSec is a BackendService parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices. If the field is omitted, a default value (30s) will be used." + format: "int64" + maximum: 2147483647.0 + minimum: 1.0 + type: "integer" + type: "object" + targetRef: + description: "TargetRef identifies an API object to apply policy to." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + required: + - "targetRef" + type: "object" + status: + description: "Status defines the current state of GCPBackendPolicy." + properties: + conditions: + description: "Conditions describe the current conditions of the GCPBackendPolicy." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + maxItems: 8 + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "GCPBackendPolicy" + listKind: "GCPBackendPolicyList" + plural: "gcpbackendpolicies" + singular: "gcpbackendpolicy" + conditions: [] + storedVersions: [] diff --git a/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpgatewaypolicies.yaml b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpgatewaypolicies.yaml new file mode 100644 index 000000000..7eb127201 --- /dev/null +++ b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpgatewaypolicies.yaml @@ -0,0 +1,148 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + components.gke.io/layer: "addon" + controller-gen.kubebuilder.io/version: "(unknown)" + creationTimestamp: 2023-03-17T15:13:00Z + generation: 2 + labels: + addonmanager.kubernetes.io/mode: "Reconcile" + name: "gcpgatewaypolicies.networking.gke.io" + resourceVersion: "448465202" + uid: "9b0f8cae-3091-4cdc-a690-cea9468f7bc4" +spec: + conversion: + strategy: "None" + group: "networking.gke.io" + names: + kind: "GCPGatewayPolicy" + listKind: "GCPGatewayPolicyList" + plural: "gcpgatewaypolicies" + singular: "gcpgatewaypolicy" + scope: "Namespaced" + versions: + - name: "v1" + schema: + openAPIV3Schema: + description: "GCPGatewayPolicy provides a way to apply SSL policy and other configuration to the GKE Gateway." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired state of GCPGatewayPolicy." + properties: + default: + description: "Default defines default gateway policy configuration for the targeted resource." + properties: + allowGlobalAccess: + type: "boolean" + sslPolicy: + type: "string" + type: "object" + targetRef: + description: "TargetRef identifies an API object to apply policy to." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + required: + - "targetRef" + type: "object" + status: + description: "Status defines the current state of GCPGatewayPolicy." + properties: + conditions: + description: "Conditions describe the current conditions of the GatewayPolicy." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + maxItems: 8 + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + listKind: "" + plural: "" + singular: "" + conditions: [] + storedVersions: [] diff --git a/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/healthcheckpolicies.yaml b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/healthcheckpolicies.yaml new file mode 100644 index 000000000..5021a93b5 --- /dev/null +++ b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/healthcheckpolicies.yaml @@ -0,0 +1,371 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "(unknown)" + name: "healthcheckpolicies.networking.gke.io" +spec: + group: "networking.gke.io" + names: + kind: "HealthCheckPolicy" + listKind: "HealthCheckPolicyList" + plural: "healthcheckpolicies" + singular: "healthcheckpolicy" + scope: "Namespaced" + versions: + - name: "v1" + schema: + openAPIV3Schema: + description: "HealthCheckPolicy provides a way to create and attach a HealthCheck to a BackendService with the GKE implementation of the Gateway API. This policy can only be attached to a BackendService." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired state of HealthCheckPolicy." + properties: + default: + description: "Default defines default policy configuration for the targeted resource." + properties: + checkIntervalSec: + description: "How often (in seconds) to send a health check. If not specified, a default value of 5 seconds will be used." + format: "int64" + maximum: 300.0 + minimum: 1.0 + type: "integer" + config: + description: "Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field. Config contains per protocol (i.e. HTTP, HTTPS, HTTP2, TCP, GRPC) configuration. If not specified, health check type defaults to HTTP." + properties: + grpcHealthCheck: + description: "GRPC is the health check configuration of type GRPC." + properties: + grpcServiceName: + description: "The gRPC service name for the health check. This field is optional. The value of grpcServiceName has the following meanings by convention: - Empty serviceName means the overall status of all services at the backend. - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. The grpcServiceName can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + port: + description: "The TCP port number for the health check request. Valid values are 1 through 65535." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + portName: + description: "Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence." + maxLength: 63 + pattern: "[a-z]([-a-z0-9]*[a-z0-9])?" + type: "string" + portSpecification: + description: "Specifies how port is selected for health checking, can be one of following values: \n USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. \n If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT." + enum: + - "USE_FIXED_PORT" + - "USE_NAMED_PORT" + - "USE_SERVING_PORT" + type: "string" + type: "object" + http2HealthCheck: + description: "HTTP2 is the health check configuration of type HTTP2." + properties: + host: + description: "Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used." + maxLength: 2048 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + port: + description: "The TCP port number for the health check request. Valid values are 1 through 65535." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + portName: + description: "Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence." + maxLength: 63 + pattern: "[a-z]([-a-z0-9]*[a-z0-9])?" + type: "string" + portSpecification: + description: "Specifies how port is selected for health checking, can be one of following values: \n USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. \n If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT." + enum: + - "USE_FIXED_PORT" + - "USE_NAMED_PORT" + - "USE_SERVING_PORT" + type: "string" + proxyHeader: + description: "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE." + enum: + - "NONE" + - "PROXY_V1" + type: "string" + requestPath: + description: "The request path of the HTTP health check request. If not specified or left empty, a default value of \"/\" is used." + maxLength: 2048 + pattern: "\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]*$" + type: "string" + response: + description: "The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + type: "object" + httpHealthCheck: + description: "HTTP is the health check configuration of type HTTP." + properties: + host: + description: "Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used." + maxLength: 2048 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + port: + description: "The TCP port number for the health check request. Valid values are 1 through 65535." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + portName: + description: "Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence." + maxLength: 63 + pattern: "[a-z]([-a-z0-9]*[a-z0-9])?" + type: "string" + portSpecification: + description: "Specifies how port is selected for health checking, can be one of following values: \n USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. \n If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT." + enum: + - "USE_FIXED_PORT" + - "USE_NAMED_PORT" + - "USE_SERVING_PORT" + type: "string" + proxyHeader: + description: "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE." + enum: + - "NONE" + - "PROXY_V1" + type: "string" + requestPath: + description: "The request path of the HTTP health check request. If not specified or left empty, a default value of \"/\" is used." + maxLength: 2048 + pattern: "\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]*$" + type: "string" + response: + description: "The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + type: "object" + httpsHealthCheck: + description: "HTTPS is the health check configuration of type HTTPS." + properties: + host: + description: "Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used." + maxLength: 2048 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + port: + description: "The TCP port number for the health check request. Valid values are 1 through 65535." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + portName: + description: "Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence." + maxLength: 63 + pattern: "[a-z]([-a-z0-9]*[a-z0-9])?" + type: "string" + portSpecification: + description: "Specifies how port is selected for health checking, can be one of following values: \n USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. \n If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT." + enum: + - "USE_FIXED_PORT" + - "USE_NAMED_PORT" + - "USE_SERVING_PORT" + type: "string" + proxyHeader: + description: "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE." + enum: + - "NONE" + - "PROXY_V1" + type: "string" + requestPath: + description: "The request path of the HTTP health check request. If not specified or left empty, a default value of \"/\" is used." + maxLength: 2048 + pattern: "\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]*$" + type: "string" + response: + description: "The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + type: "object" + tcpHealthCheck: + description: "TCP is the health check configuration of type TCP." + properties: + port: + description: "The TCP port number for the health check request. Valid values are 1 through 65535." + format: "int64" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + portName: + description: "Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence." + maxLength: 63 + pattern: "[a-z]([-a-z0-9]*[a-z0-9])?" + type: "string" + portSpecification: + description: "Specifies how port is selected for health checking, can be one of following values: \n USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. \n If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT." + enum: + - "USE_FIXED_PORT" + - "USE_NAMED_PORT" + - "USE_SERVING_PORT" + type: "string" + proxyHeader: + description: "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE." + enum: + - "NONE" + - "PROXY_V1" + type: "string" + request: + description: "The application data to send once the TCP connection has been established. If not specified, this defaults to empty. If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + response: + description: "The bytes to match against the beginning of the response data. If not specified or left empty, any response will indicate health. The response data can only be ASCII." + maxLength: 1024 + pattern: "[\\x00-\\xFF]+" + type: "string" + type: "object" + type: + description: "Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field." + enum: + - "TCP" + - "HTTP" + - "HTTPS" + - "HTTP2" + - "GRPC" + type: "string" + type: "object" + healthyThreshold: + description: "A so-far unhealthy instance will be marked healthy after this many consecutive successes. If not specified, a default value of 2 will be used." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + logConfig: + description: "LogConfig configures logging on this health check." + properties: + enabled: + description: "Enabled indicates whether or not to export health check logs. If not specified, this defaults to false, which means health check logging will be disabled." + type: "boolean" + type: "object" + timeoutSec: + description: "How long (in seconds) to wait before claiming failure. If not specified, a default value of 5 seconds will be used. It is invalid for timeoutSec to have greater value than checkIntervalSec." + format: "int64" + maximum: 300.0 + minimum: 1.0 + type: "integer" + unhealthyThreshold: + description: "A so-far healthy instance will be marked unhealthy after this many consecutive failures. If not specified, a default value of 2 will be used." + format: "int64" + maximum: 10.0 + minimum: 1.0 + type: "integer" + type: "object" + targetRef: + description: "TargetRef identifies an API object to apply policy to." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + required: + - "targetRef" + type: "object" + status: + description: "Status defines the current state of HealthCheckPolicy." + properties: + conditions: + description: "Conditions describe the current conditions of the HealthCheckPolicy." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + maxItems: 8 + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/lbpolicies.yaml b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/lbpolicies.yaml new file mode 100644 index 000000000..26ee14ea2 --- /dev/null +++ b/crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/lbpolicies.yaml @@ -0,0 +1,183 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "(unknown)" + name: "lbpolicies.networking.gke.io" +spec: + group: "networking.gke.io" + names: + kind: "LBPolicy" + listKind: "LBPolicyList" + plural: "lbpolicies" + singular: "lbpolicy" + scope: "Namespaced" + versions: + - name: "v1" + schema: + openAPIV3Schema: + description: "LBPolicy provides a way to apply LoadBalancer policy configuration with the GKE implementation of the Gateway API." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired state of LBPolicy." + properties: + default: + description: "Default defines default policy configuration for the targeted resource." + properties: + connectionDraining: + description: "ConnectionDraining contains configuration for connection draining" + properties: + drainingTimeoutSec: + description: "DrainingTimeoutSec is a BackendService parameter. It is used during removal of VMs from instance groups. This guarantees that for the specified time all existing connections to a VM will remain untouched, but no new connections will be accepted. Set timeout to zero to disable connection draining. Enable the feature by specifying a timeout of up to one hour. If the field is omitted, a default value (0s) will be used. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices" + format: "int64" + maximum: 3600.0 + minimum: 0.0 + type: "integer" + type: "object" + logging: + description: "LoggingConfig contains configuration for logging." + properties: + enabled: + description: "Enabled denotes whether to enable logging for the load balancer traffic served by this backend service. If not specified, this defaults to false, which means logging is disabled by default." + type: "boolean" + sampleRate: + description: "This field can only be specified if logging is enabled for this backend service. The value of the field must be in range [0, 1e6]. This is converted to a floating point value in the range [0, 1] by dividing by 1e6 for use with the GCE api and interpreted as the proportion of requests that will be logged. By default all requests will be logged." + format: "int32" + maximum: 1000000.0 + minimum: 0.0 + type: "integer" + type: "object" + sessionAffinity: + description: "SessionAffinityConfig contains configuration for stickiness parameters." + properties: + cookieTtlSec: + description: "CookieTTLSec specifies the lifetime of cookies in seconds. This setting requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600)." + format: "int64" + maximum: 1209600.0 + minimum: 0.0 + type: "integer" + type: + description: "Type specifies the type of session affinity to use. If not specified, this defaults to NONE." + enum: + - "CLIENT_IP" + - "CLIENT_IP_PORT_PROTO" + - "CLIENT_IP_PROTO" + - "GENERATED_COOKIE" + - "HEADER_FIELD" + - "HTTP_COOKIE" + - "NONE" + type: "string" + type: "object" + timeoutSec: + description: "TimeoutSec is a BackendService parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices. If the field is omitted, a default value (30s) will be used." + format: "int64" + maximum: 2147483647.0 + minimum: 1.0 + type: "integer" + type: "object" + targetRef: + description: "TargetRef identifies an API object to apply policy to." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + required: + - "targetRef" + type: "object" + status: + description: "Status defines the current state of LBPolicy." + properties: + conditions: + description: "Conditions describe the current conditions of the LBPolicy." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + maxItems: 8 + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index 1097eb408..94decb539 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -2216,6 +2216,10 @@ apiVersion `networkfirewall.services.k8s.aws/v1alpha1`: apiVersion `networking.gke.io/v1`: - `ManagedCertificate` +- `GCPBackendPolicy` +- `GCPGatewayPolicy` +- `HealthCheckPolicy` +- `LBPolicy` ## networking_istio_io diff --git a/kube-custom-resources-rs/src/networking_gke_io/v1/gcpbackendpolicies.rs b/kube-custom-resources-rs/src/networking_gke_io/v1/gcpbackendpolicies.rs new file mode 100644 index 000000000..5c9e916ef --- /dev/null +++ b/kube-custom-resources-rs/src/networking_gke_io/v1/gcpbackendpolicies.rs @@ -0,0 +1,145 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpbackendpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// Spec defines the desired state of GCPBackendPolicy. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "networking.gke.io", version = "v1", kind = "GCPBackendPolicy", plural = "gcpbackendpolicies")] +#[kube(namespaced)] +#[kube(status = "GCPBackendPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct GCPBackendPolicySpec { + /// Default defines default policy configuration for the targeted resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// TargetRef identifies an API object to apply policy to. + #[serde(rename = "targetRef")] + pub target_ref: GCPBackendPolicyTargetRef, +} + +/// Default defines default policy configuration for the targeted resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefault { + /// ConnectionDraining contains configuration for connection draining + #[serde(default, skip_serializing_if = "Option::is_none", rename = "connectionDraining")] + pub connection_draining: Option, + /// IAP contains the configurations for Identity-Aware Proxy. Identity-Aware Proxy manages access control policies for backend services associated with a HTTPRoute, so they can be accessed only by authenticated users or applications with correct Identity and Access Management (IAM) role. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iap: Option, + /// LoggingConfig contains configuration for logging. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub logging: Option, + /// SecurityPolicy is a reference to a GCP Cloud Armor SecurityPolicy resource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityPolicy")] + pub security_policy: Option, + /// SessionAffinityConfig contains configuration for stickiness parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] + pub session_affinity: Option, + /// TimeoutSec is a BackendService parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices. If the field is omitted, a default value (30s) will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSec")] + pub timeout_sec: Option, +} + +/// ConnectionDraining contains configuration for connection draining +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefaultConnectionDraining { + /// DrainingTimeoutSec is a BackendService parameter. It is used during removal of VMs from instance groups. This guarantees that for the specified time all existing connections to a VM will remain untouched, but no new connections will be accepted. Set timeout to zero to disable connection draining. Enable the feature by specifying a timeout of up to one hour. If the field is omitted, a default value (0s) will be used. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices + #[serde(default, skip_serializing_if = "Option::is_none", rename = "drainingTimeoutSec")] + pub draining_timeout_sec: Option, +} + +/// IAP contains the configurations for Identity-Aware Proxy. Identity-Aware Proxy manages access control policies for backend services associated with a HTTPRoute, so they can be accessed only by authenticated users or applications with correct Identity and Access Management (IAM) role. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefaultIap { + /// ClientID is the OAuth2 client ID to use for the authentication flow. See iap.oauth2ClientId in https://cloud.google.com/compute/docs/reference/rest/v1/backendServices ClientID must be set if Enabled is set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientID")] + pub client_id: Option, + /// Enabled denotes whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the ClientID and Oauth2ClientSecret fields must be non-empty. If not specified, this defaults to false, which means Identity-Aware Proxy is disabled by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Oauth2ClientSecret contains the OAuth2 client secret to use for the authentication flow. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices Oauth2ClientSecret must be set if Enabled is set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2ClientSecret")] + pub oauth2_client_secret: Option, +} + +/// Oauth2ClientSecret contains the OAuth2 client secret to use for the authentication flow. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices Oauth2ClientSecret must be set if Enabled is set to true. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefaultIapOauth2ClientSecret { + /// Name is the reference to the secret resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// LoggingConfig contains configuration for logging. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefaultLogging { + /// Enabled denotes whether to enable logging for the load balancer traffic served by this backend service. If not specified, this defaults to false, which means logging is disabled by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// This field can only be specified if logging is enabled for this backend service. The value of the field must be in range [0, 1e6]. This is converted to a floating point value in the range [0, 1] by dividing by 1e6 for use with the GCE api and interpreted as the proportion of requests that will be logged. By default all requests will be logged. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleRate")] + pub sample_rate: Option, +} + +/// SessionAffinityConfig contains configuration for stickiness parameters. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyDefaultSessionAffinity { + /// CookieTTLSec specifies the lifetime of cookies in seconds. This setting requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cookieTtlSec")] + pub cookie_ttl_sec: Option, + /// Type specifies the type of session affinity to use. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// SessionAffinityConfig contains configuration for stickiness parameters. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum GCPBackendPolicyDefaultSessionAffinityType { + #[serde(rename = "CLIENT_IP")] + ClientIp, + #[serde(rename = "CLIENT_IP_PORT_PROTO")] + ClientIpPortProto, + #[serde(rename = "CLIENT_IP_PROTO")] + ClientIpProto, + #[serde(rename = "GENERATED_COOKIE")] + GeneratedCookie, + #[serde(rename = "HEADER_FIELD")] + HeaderField, + #[serde(rename = "HTTP_COOKIE")] + HttpCookie, + #[serde(rename = "NONE")] + None, +} + +/// TargetRef identifies an API object to apply policy to. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status defines the current state of GCPBackendPolicy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPBackendPolicyStatus { + /// Conditions describe the current conditions of the GCPBackendPolicy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, +} + diff --git a/kube-custom-resources-rs/src/networking_gke_io/v1/gcpgatewaypolicies.rs b/kube-custom-resources-rs/src/networking_gke_io/v1/gcpgatewaypolicies.rs new file mode 100644 index 000000000..b7e06796f --- /dev/null +++ b/kube-custom-resources-rs/src/networking_gke_io/v1/gcpgatewaypolicies.rs @@ -0,0 +1,60 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/gcpgatewaypolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// Spec defines the desired state of GCPGatewayPolicy. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "networking.gke.io", version = "v1", kind = "GCPGatewayPolicy", plural = "gcpgatewaypolicies")] +#[kube(namespaced)] +#[kube(status = "GCPGatewayPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct GCPGatewayPolicySpec { + /// Default defines default gateway policy configuration for the targeted resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// TargetRef identifies an API object to apply policy to. + #[serde(rename = "targetRef")] + pub target_ref: GCPGatewayPolicyTargetRef, +} + +/// Default defines default gateway policy configuration for the targeted resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPGatewayPolicyDefault { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowGlobalAccess")] + pub allow_global_access: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslPolicy")] + pub ssl_policy: Option, +} + +/// TargetRef identifies an API object to apply policy to. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPGatewayPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status defines the current state of GCPGatewayPolicy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct GCPGatewayPolicyStatus { + /// Conditions describe the current conditions of the GatewayPolicy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, +} + diff --git a/kube-custom-resources-rs/src/networking_gke_io/v1/healthcheckpolicies.rs b/kube-custom-resources-rs/src/networking_gke_io/v1/healthcheckpolicies.rs new file mode 100644 index 000000000..202c3b0a3 --- /dev/null +++ b/kube-custom-resources-rs/src/networking_gke_io/v1/healthcheckpolicies.rs @@ -0,0 +1,339 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/healthcheckpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// Spec defines the desired state of HealthCheckPolicy. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "networking.gke.io", version = "v1", kind = "HealthCheckPolicy", plural = "healthcheckpolicies")] +#[kube(namespaced)] +#[kube(status = "HealthCheckPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct HealthCheckPolicySpec { + /// Default defines default policy configuration for the targeted resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// TargetRef identifies an API object to apply policy to. + #[serde(rename = "targetRef")] + pub target_ref: HealthCheckPolicyTargetRef, +} + +/// Default defines default policy configuration for the targeted resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefault { + /// How often (in seconds) to send a health check. If not specified, a default value of 5 seconds will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkIntervalSec")] + pub check_interval_sec: Option, + /// Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field. Config contains per protocol (i.e. HTTP, HTTPS, HTTP2, TCP, GRPC) configuration. If not specified, health check type defaults to HTTP. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub config: Option, + /// A so-far unhealthy instance will be marked healthy after this many consecutive successes. If not specified, a default value of 2 will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthyThreshold")] + pub healthy_threshold: Option, + /// LogConfig configures logging on this health check. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logConfig")] + pub log_config: Option, + /// How long (in seconds) to wait before claiming failure. If not specified, a default value of 5 seconds will be used. It is invalid for timeoutSec to have greater value than checkIntervalSec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSec")] + pub timeout_sec: Option, + /// A so-far healthy instance will be marked unhealthy after this many consecutive failures. If not specified, a default value of 2 will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyThreshold")] + pub unhealthy_threshold: Option, +} + +/// Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field. Config contains per protocol (i.e. HTTP, HTTPS, HTTP2, TCP, GRPC) configuration. If not specified, health check type defaults to HTTP. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfig { + /// GRPC is the health check configuration of type GRPC. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "grpcHealthCheck")] + pub grpc_health_check: Option, + /// HTTP2 is the health check configuration of type HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "http2HealthCheck")] + pub http2_health_check: Option, + /// HTTP is the health check configuration of type HTTP. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpHealthCheck")] + pub http_health_check: Option, + /// HTTPS is the health check configuration of type HTTPS. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpsHealthCheck")] + pub https_health_check: Option, + /// TCP is the health check configuration of type TCP. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpHealthCheck")] + pub tcp_health_check: Option, + /// Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// GRPC is the health check configuration of type GRPC. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfigGrpcHealthCheck { + /// The gRPC service name for the health check. This field is optional. The value of grpcServiceName has the following meanings by convention: - Empty serviceName means the overall status of all services at the backend. - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. The grpcServiceName can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "grpcServiceName")] + pub grpc_service_name: Option, + /// The TCP port number for the health check request. Valid values are 1 through 65535. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portName")] + pub port_name: Option, + /// Specifies how port is selected for health checking, can be one of following values: + /// USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. + /// If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSpecification")] + pub port_specification: Option, +} + +/// GRPC is the health check configuration of type GRPC. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigGrpcHealthCheckPortSpecification { + #[serde(rename = "USE_FIXED_PORT")] + UseFixedPort, + #[serde(rename = "USE_NAMED_PORT")] + UseNamedPort, + #[serde(rename = "USE_SERVING_PORT")] + UseServingPort, +} + +/// HTTP2 is the health check configuration of type HTTP2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfigHttp2HealthCheck { + /// Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// The TCP port number for the health check request. Valid values are 1 through 65535. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portName")] + pub port_name: Option, + /// Specifies how port is selected for health checking, can be one of following values: + /// USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. + /// If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSpecification")] + pub port_specification: Option, + /// Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyHeader")] + pub proxy_header: Option, + /// The request path of the HTTP health check request. If not specified or left empty, a default value of "/" is used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestPath")] + pub request_path: Option, + /// The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// HTTP2 is the health check configuration of type HTTP2. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttp2HealthCheckPortSpecification { + #[serde(rename = "USE_FIXED_PORT")] + UseFixedPort, + #[serde(rename = "USE_NAMED_PORT")] + UseNamedPort, + #[serde(rename = "USE_SERVING_PORT")] + UseServingPort, +} + +/// HTTP2 is the health check configuration of type HTTP2. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttp2HealthCheckProxyHeader { + #[serde(rename = "NONE")] + None, + #[serde(rename = "PROXY_V1")] + ProxyV1, +} + +/// HTTP is the health check configuration of type HTTP. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfigHttpHealthCheck { + /// Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// The TCP port number for the health check request. Valid values are 1 through 65535. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portName")] + pub port_name: Option, + /// Specifies how port is selected for health checking, can be one of following values: + /// USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. + /// If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSpecification")] + pub port_specification: Option, + /// Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyHeader")] + pub proxy_header: Option, + /// The request path of the HTTP health check request. If not specified or left empty, a default value of "/" is used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestPath")] + pub request_path: Option, + /// The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// HTTP is the health check configuration of type HTTP. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttpHealthCheckPortSpecification { + #[serde(rename = "USE_FIXED_PORT")] + UseFixedPort, + #[serde(rename = "USE_NAMED_PORT")] + UseNamedPort, + #[serde(rename = "USE_SERVING_PORT")] + UseServingPort, +} + +/// HTTP is the health check configuration of type HTTP. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttpHealthCheckProxyHeader { + #[serde(rename = "NONE")] + None, + #[serde(rename = "PROXY_V1")] + ProxyV1, +} + +/// HTTPS is the health check configuration of type HTTPS. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfigHttpsHealthCheck { + /// Host is the value of the host header in the HTTP health check request. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. If not specified or left empty, the IP on behalf of which this health check is performed will be used. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// The TCP port number for the health check request. Valid values are 1 through 65535. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portName")] + pub port_name: Option, + /// Specifies how port is selected for health checking, can be one of following values: + /// USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. + /// If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSpecification")] + pub port_specification: Option, + /// Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyHeader")] + pub proxy_header: Option, + /// The request path of the HTTP health check request. If not specified or left empty, a default value of "/" is used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requestPath")] + pub request_path: Option, + /// The string to match anywhere in the first 1024 bytes of the response body. If not specified or left empty, the status code determines health. The response data can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// HTTPS is the health check configuration of type HTTPS. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttpsHealthCheckPortSpecification { + #[serde(rename = "USE_FIXED_PORT")] + UseFixedPort, + #[serde(rename = "USE_NAMED_PORT")] + UseNamedPort, + #[serde(rename = "USE_SERVING_PORT")] + UseServingPort, +} + +/// HTTPS is the health check configuration of type HTTPS. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigHttpsHealthCheckProxyHeader { + #[serde(rename = "NONE")] + None, + #[serde(rename = "PROXY_V1")] + ProxyV1, +} + +/// TCP is the health check configuration of type TCP. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultConfigTcpHealthCheck { + /// The TCP port number for the health check request. Valid values are 1 through 65535. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// Port name as defined in InstanceGroup#NamedPort#name. If both port and portName are defined, port takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portName")] + pub port_name: Option, + /// Specifies how port is selected for health checking, can be one of following values: + /// USE_FIXED_PORT: The port number in port is used for health checking. USE_NAMED_PORT: The portName is used for health checking. USE_SERVING_PORT: For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. + /// If not specified, Protocol health check follows behavior specified in port and portName fields. If neither Port nor PortName is specified, this defaults to USE_SERVING_PORT. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portSpecification")] + pub port_specification: Option, + /// Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyHeader")] + pub proxy_header: Option, + /// The application data to send once the TCP connection has been established. If not specified, this defaults to empty. If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, + /// The bytes to match against the beginning of the response data. If not specified or left empty, any response will indicate health. The response data can only be ASCII. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// TCP is the health check configuration of type TCP. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigTcpHealthCheckPortSpecification { + #[serde(rename = "USE_FIXED_PORT")] + UseFixedPort, + #[serde(rename = "USE_NAMED_PORT")] + UseNamedPort, + #[serde(rename = "USE_SERVING_PORT")] + UseServingPort, +} + +/// TCP is the health check configuration of type TCP. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigTcpHealthCheckProxyHeader { + #[serde(rename = "NONE")] + None, + #[serde(rename = "PROXY_V1")] + ProxyV1, +} + +/// Specifies the type of the healthCheck, either TCP, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check field must be specified, which must match type field. Config contains per protocol (i.e. HTTP, HTTPS, HTTP2, TCP, GRPC) configuration. If not specified, health check type defaults to HTTP. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum HealthCheckPolicyDefaultConfigType { + #[serde(rename = "TCP")] + Tcp, + #[serde(rename = "HTTP")] + Http, + #[serde(rename = "HTTPS")] + Https, + #[serde(rename = "HTTP2")] + Http2, + #[serde(rename = "GRPC")] + Grpc, +} + +/// LogConfig configures logging on this health check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyDefaultLogConfig { + /// Enabled indicates whether or not to export health check logs. If not specified, this defaults to false, which means health check logging will be disabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// TargetRef identifies an API object to apply policy to. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status defines the current state of HealthCheckPolicy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct HealthCheckPolicyStatus { + /// Conditions describe the current conditions of the HealthCheckPolicy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, +} + diff --git a/kube-custom-resources-rs/src/networking_gke_io/v1/lbpolicies.rs b/kube-custom-resources-rs/src/networking_gke_io/v1/lbpolicies.rs new file mode 100644 index 000000000..3e0087120 --- /dev/null +++ b/kube-custom-resources-rs/src/networking_gke_io/v1/lbpolicies.rs @@ -0,0 +1,117 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/GoogleCloudPlatform/gke-networking-recipes/networking.gke.io/v1/lbpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.20.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +/// Spec defines the desired state of LBPolicy. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "networking.gke.io", version = "v1", kind = "LBPolicy", plural = "lbpolicies")] +#[kube(namespaced)] +#[kube(status = "LBPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct LBPolicySpec { + /// Default defines default policy configuration for the targeted resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub default: Option, + /// TargetRef identifies an API object to apply policy to. + #[serde(rename = "targetRef")] + pub target_ref: LBPolicyTargetRef, +} + +/// Default defines default policy configuration for the targeted resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyDefault { + /// ConnectionDraining contains configuration for connection draining + #[serde(default, skip_serializing_if = "Option::is_none", rename = "connectionDraining")] + pub connection_draining: Option, + /// LoggingConfig contains configuration for logging. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub logging: Option, + /// SessionAffinityConfig contains configuration for stickiness parameters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] + pub session_affinity: Option, + /// TimeoutSec is a BackendService parameter. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices. If the field is omitted, a default value (30s) will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSec")] + pub timeout_sec: Option, +} + +/// ConnectionDraining contains configuration for connection draining +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyDefaultConnectionDraining { + /// DrainingTimeoutSec is a BackendService parameter. It is used during removal of VMs from instance groups. This guarantees that for the specified time all existing connections to a VM will remain untouched, but no new connections will be accepted. Set timeout to zero to disable connection draining. Enable the feature by specifying a timeout of up to one hour. If the field is omitted, a default value (0s) will be used. See https://cloud.google.com/compute/docs/reference/rest/v1/backendServices + #[serde(default, skip_serializing_if = "Option::is_none", rename = "drainingTimeoutSec")] + pub draining_timeout_sec: Option, +} + +/// LoggingConfig contains configuration for logging. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyDefaultLogging { + /// Enabled denotes whether to enable logging for the load balancer traffic served by this backend service. If not specified, this defaults to false, which means logging is disabled by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// This field can only be specified if logging is enabled for this backend service. The value of the field must be in range [0, 1e6]. This is converted to a floating point value in the range [0, 1] by dividing by 1e6 for use with the GCE api and interpreted as the proportion of requests that will be logged. By default all requests will be logged. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleRate")] + pub sample_rate: Option, +} + +/// SessionAffinityConfig contains configuration for stickiness parameters. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyDefaultSessionAffinity { + /// CookieTTLSec specifies the lifetime of cookies in seconds. This setting requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cookieTtlSec")] + pub cookie_ttl_sec: Option, + /// Type specifies the type of session affinity to use. If not specified, this defaults to NONE. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// SessionAffinityConfig contains configuration for stickiness parameters. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum LBPolicyDefaultSessionAffinityType { + #[serde(rename = "CLIENT_IP")] + ClientIp, + #[serde(rename = "CLIENT_IP_PORT_PROTO")] + ClientIpPortProto, + #[serde(rename = "CLIENT_IP_PROTO")] + ClientIpProto, + #[serde(rename = "GENERATED_COOKIE")] + GeneratedCookie, + #[serde(rename = "HEADER_FIELD")] + HeaderField, + #[serde(rename = "HTTP_COOKIE")] + HttpCookie, + #[serde(rename = "NONE")] + None, +} + +/// TargetRef identifies an API object to apply policy to. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Status defines the current state of LBPolicy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LBPolicyStatus { + /// Conditions describe the current conditions of the LBPolicy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, +} + diff --git a/kube-custom-resources-rs/src/networking_gke_io/v1/mod.rs b/kube-custom-resources-rs/src/networking_gke_io/v1/mod.rs index 38ac9abba..7dc4f8cfd 100644 --- a/kube-custom-resources-rs/src/networking_gke_io/v1/mod.rs +++ b/kube-custom-resources-rs/src/networking_gke_io/v1/mod.rs @@ -1 +1,5 @@ +pub mod gcpbackendpolicies; +pub mod gcpgatewaypolicies; +pub mod healthcheckpolicies; +pub mod lbpolicies; pub mod managedcertificates;