|
| 1 | +--- |
| 2 | +apiVersion: apiextensions.k8s.io/v1 |
| 3 | +kind: CustomResourceDefinition |
| 4 | +metadata: |
| 5 | + annotations: |
| 6 | + controller-gen.kubebuilder.io/version: v0.14.0 |
| 7 | + name: loadbalancerconfigurations.gateway.k8s.aws |
| 8 | +spec: |
| 9 | + group: gateway.k8s.aws |
| 10 | + names: |
| 11 | + kind: LoadBalancerConfiguration |
| 12 | + listKind: LoadBalancerConfigurationList |
| 13 | + plural: loadbalancerconfigurations |
| 14 | + singular: loadbalancerconfiguration |
| 15 | + scope: Namespaced |
| 16 | + versions: |
| 17 | + - additionalPrinterColumns: |
| 18 | + - jsonPath: .metadata.creationTimestamp |
| 19 | + name: AGE |
| 20 | + type: date |
| 21 | + name: v1beta1 |
| 22 | + schema: |
| 23 | + openAPIV3Schema: |
| 24 | + description: LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration |
| 25 | + API |
| 26 | + properties: |
| 27 | + apiVersion: |
| 28 | + description: |- |
| 29 | + APIVersion defines the versioned schema of this representation of an object. |
| 30 | + Servers should convert recognized schemas to the latest internal value, and |
| 31 | + may reject unrecognized values. |
| 32 | + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
| 33 | + type: string |
| 34 | + kind: |
| 35 | + description: |- |
| 36 | + Kind is a string value representing the REST resource this object represents. |
| 37 | + Servers may infer this from the endpoint the client submits requests to. |
| 38 | + Cannot be updated. |
| 39 | + In CamelCase. |
| 40 | + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| 41 | + type: string |
| 42 | + metadata: |
| 43 | + type: object |
| 44 | + spec: |
| 45 | + description: LoadBalancerConfigurationSpec defines the desired state of |
| 46 | + LoadBalancerConfiguration |
| 47 | + properties: |
| 48 | + customerOwnedIpv4Pool: |
| 49 | + description: |- |
| 50 | + customerOwnedIpv4Pool [Application LoadBalancer] |
| 51 | + is the ID of the customer-owned address for Application Load Balancers on Outposts pool. |
| 52 | + type: string |
| 53 | + enableICMP: |
| 54 | + description: |- |
| 55 | + EnableICMP [Network LoadBalancer] |
| 56 | + enables the creation of security group rules to the managed security group |
| 57 | + to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs |
| 58 | + type: boolean |
| 59 | + enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: |
| 60 | + description: enforceSecurityGroupInboundRulesOnPrivateLinkTraffic |
| 61 | + Indicates whether to evaluate inbound security group rules for traffic |
| 62 | + sent to a Network Load Balancer through Amazon Web Services PrivateLink. |
| 63 | + type: string |
| 64 | + ipAddressType: |
| 65 | + description: loadBalancerIPType defines what kind of load balancer |
| 66 | + to provision (ipv4, dual stack) |
| 67 | + enum: |
| 68 | + - ipv4 |
| 69 | + - dualstack |
| 70 | + - dualstack-without-public-ipv4 |
| 71 | + type: string |
| 72 | + ipv4IPAMPoolId: |
| 73 | + description: |- |
| 74 | + IPv4IPAMPoolId [Application LoadBalancer] |
| 75 | + defines the IPAM pool ID used for IPv4 Addresses on the ALB. |
| 76 | + type: string |
| 77 | + listenerConfigurations: |
| 78 | + description: listenerConfigurations is an optional list of configurations |
| 79 | + for each listener on LB |
| 80 | + items: |
| 81 | + properties: |
| 82 | + alpnPolicy: |
| 83 | + default: None |
| 84 | + description: alpnPolicy an optional string that allows you to |
| 85 | + configure ALPN policies on your Load Balancer |
| 86 | + enum: |
| 87 | + - HTTP1Only |
| 88 | + - HTTP2Only |
| 89 | + - HTTP2Optional |
| 90 | + - HTTP2Preferred |
| 91 | + - None |
| 92 | + type: string |
| 93 | + certificates: |
| 94 | + description: certificates is the list of other certificates |
| 95 | + to add to the listener. |
| 96 | + items: |
| 97 | + type: string |
| 98 | + type: array |
| 99 | + defaultCertificate: |
| 100 | + description: defaultCertificate the cert arn to be used by default. |
| 101 | + type: string |
| 102 | + listenerAttributes: |
| 103 | + description: listenerAttributes defines the attributes for the |
| 104 | + listener |
| 105 | + items: |
| 106 | + description: ListenerAttribute defines listener attribute. |
| 107 | + properties: |
| 108 | + key: |
| 109 | + description: The key of the attribute. |
| 110 | + type: string |
| 111 | + value: |
| 112 | + description: The value of the attribute. |
| 113 | + type: string |
| 114 | + required: |
| 115 | + - key |
| 116 | + - value |
| 117 | + type: object |
| 118 | + type: array |
| 119 | + mutualAuthentication: |
| 120 | + default: |
| 121 | + mode: "off" |
| 122 | + description: mutualAuthentication defines the mutual authentication |
| 123 | + configuration information. |
| 124 | + properties: |
| 125 | + advertiseTrustStoreCaNames: |
| 126 | + description: Indicates whether trust store CA certificate |
| 127 | + names are advertised. |
| 128 | + enum: |
| 129 | + - "on" |
| 130 | + - "off" |
| 131 | + type: string |
| 132 | + ignoreClientCertificateExpiry: |
| 133 | + description: Indicates whether expired client certificates |
| 134 | + are ignored. |
| 135 | + type: boolean |
| 136 | + mode: |
| 137 | + description: The client certificate handling method. Options |
| 138 | + are off, passthrough or verify |
| 139 | + enum: |
| 140 | + - "off" |
| 141 | + - passthrough |
| 142 | + - verify |
| 143 | + type: string |
| 144 | + trustStore: |
| 145 | + description: The Name or ARN of the trust store. |
| 146 | + type: string |
| 147 | + required: |
| 148 | + - mode |
| 149 | + type: object |
| 150 | + x-kubernetes-validations: |
| 151 | + - message: trustStore is required when mutualAuthentication |
| 152 | + mode is 'verify' |
| 153 | + rule: '!(self.mode == ''verify'' && !has(self.trustStore))' |
| 154 | + - message: Mutual Authentication mode 'off' or 'passthrough' |
| 155 | + does not support 'trustStore' |
| 156 | + rule: '!(self.mode != ''verify'' && has(self.trustStore))' |
| 157 | + - message: Mutual Authentication mode 'off' or 'passthrough' |
| 158 | + does not support 'ignoreClientCertificateExpiry' |
| 159 | + rule: '!(self.mode != ''verify'' && has(self.ignoreClientCertificateExpiry))' |
| 160 | + - message: Mutual Authentication mode 'off' or 'passthrough' |
| 161 | + does not support 'advertiseTrustStoreCaNames' |
| 162 | + rule: '!(self.mode != ''verify'' && has(self.advertiseTrustStoreCaNames))' |
| 163 | + protocolPort: |
| 164 | + description: protocolPort is identifier for the listener on |
| 165 | + load balancer. It should be of the form PROTOCOL:PORT |
| 166 | + pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$ |
| 167 | + type: string |
| 168 | + sslPolicy: |
| 169 | + description: sslPolicy is the security policy that defines which |
| 170 | + protocols and ciphers are supported for secure listeners [HTTPS |
| 171 | + or TLS listener]. |
| 172 | + type: string |
| 173 | + required: |
| 174 | + - protocolPort |
| 175 | + type: object |
| 176 | + type: array |
| 177 | + loadBalancerAttributes: |
| 178 | + description: LoadBalancerAttributes defines the attribute of LB |
| 179 | + items: |
| 180 | + description: LoadBalancerAttribute defines LB attribute. |
| 181 | + properties: |
| 182 | + key: |
| 183 | + description: The key of the attribute. |
| 184 | + type: string |
| 185 | + value: |
| 186 | + description: The value of the attribute. |
| 187 | + type: string |
| 188 | + required: |
| 189 | + - key |
| 190 | + - value |
| 191 | + type: object |
| 192 | + type: array |
| 193 | + loadBalancerName: |
| 194 | + description: loadBalancerName defines the name of the LB to provision. |
| 195 | + If unspecified, it will be automatically generated. |
| 196 | + maxLength: 32 |
| 197 | + minLength: 1 |
| 198 | + type: string |
| 199 | + loadBalancerSubnets: |
| 200 | + description: |- |
| 201 | + loadBalancerSubnets is an optional list of subnet configurations to be used in the LB |
| 202 | + This value takes precedence over loadBalancerSubnetsSelector if both are selected. |
| 203 | + items: |
| 204 | + description: SubnetConfiguration defines the subnet settings for |
| 205 | + a Load Balancer. |
| 206 | + properties: |
| 207 | + eipAllocation: |
| 208 | + description: eipAllocation [Network LoadBalancer] the EIP name |
| 209 | + for this subnet. |
| 210 | + type: string |
| 211 | + identifier: |
| 212 | + description: identifier [Application LoadBalancer / Network |
| 213 | + LoadBalancer] name or id for the subnet |
| 214 | + type: string |
| 215 | + ipv6Allocation: |
| 216 | + description: IPv6Allocation [Network LoadBalancer] the ipv6 |
| 217 | + address to assign to this subnet. |
| 218 | + type: string |
| 219 | + privateIPv4Allocation: |
| 220 | + description: privateIPv4Allocation [Network LoadBalancer] the |
| 221 | + private ipv4 address to assign to this subnet. |
| 222 | + type: string |
| 223 | + sourceNatIPv6Prefix: |
| 224 | + description: SourceNatIPv6Prefix [Network LoadBalancer] The |
| 225 | + IPv6 prefix to use for source NAT. Specify an IPv6 prefix |
| 226 | + (/80 netmask) from the subnet CIDR block or auto_assigned |
| 227 | + to use an IPv6 prefix selected at random from the subnet CIDR |
| 228 | + block. |
| 229 | + type: string |
| 230 | + type: object |
| 231 | + type: array |
| 232 | + loadBalancerSubnetsSelector: |
| 233 | + additionalProperties: |
| 234 | + items: |
| 235 | + type: string |
| 236 | + type: array |
| 237 | + description: |- |
| 238 | + LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each |
| 239 | + tag specified in the map key contains one of the values in the corresponding |
| 240 | + value list. |
| 241 | + type: object |
| 242 | + manageBackendSecurityGroupRules: |
| 243 | + description: |- |
| 244 | + ManageBackendSecurityGroupRules [Application / Network LoadBalancer] |
| 245 | + specifies whether you want the controller to configure security group rules on Node/Pod for traffic access |
| 246 | + when you specify securityGroups |
| 247 | + type: boolean |
| 248 | + mergingMode: |
| 249 | + description: |- |
| 250 | + mergingMode defines the merge behavior when both the Gateway and GatewayClass have a defined LoadBalancerConfiguration. |
| 251 | + This field is only honored for the configuration attached to the GatewayClass. |
| 252 | + enum: |
| 253 | + - prefer-gateway |
| 254 | + - prefer-gateway-class |
| 255 | + type: string |
| 256 | + minimumLoadBalancerCapacity: |
| 257 | + description: MinimumLoadBalancerCapacity define the capacity reservation |
| 258 | + for LoadBalancers |
| 259 | + properties: |
| 260 | + capacityUnits: |
| 261 | + description: The Capacity Units Value. |
| 262 | + format: int32 |
| 263 | + type: integer |
| 264 | + required: |
| 265 | + - capacityUnits |
| 266 | + type: object |
| 267 | + scheme: |
| 268 | + description: scheme defines the type of LB to provision. If unspecified, |
| 269 | + it will be automatically inferred. |
| 270 | + enum: |
| 271 | + - internal |
| 272 | + - internet-facing |
| 273 | + type: string |
| 274 | + securityGroupPrefixes: |
| 275 | + description: securityGroupPrefixes an optional list of prefixes that |
| 276 | + are allowed to access the LB. |
| 277 | + items: |
| 278 | + type: string |
| 279 | + type: array |
| 280 | + securityGroups: |
| 281 | + description: securityGroups an optional list of security group ids |
| 282 | + or names to apply to the LB |
| 283 | + items: |
| 284 | + type: string |
| 285 | + type: array |
| 286 | + shieldConfiguration: |
| 287 | + description: ShieldAdvanced define the AWS Shield settings for a Gateway |
| 288 | + [Application Load Balancer] |
| 289 | + properties: |
| 290 | + enabled: |
| 291 | + description: Enabled whether Shield Advanced should be configured |
| 292 | + with the Gateway |
| 293 | + type: boolean |
| 294 | + type: object |
| 295 | + sourceRanges: |
| 296 | + description: sourceRanges an optional list of CIDRs that are allowed |
| 297 | + to access the LB. |
| 298 | + items: |
| 299 | + type: string |
| 300 | + type: array |
| 301 | + tags: |
| 302 | + additionalProperties: |
| 303 | + type: string |
| 304 | + description: Tags the AWS Tags on all related resources to the gateway. |
| 305 | + type: object |
| 306 | + vpcId: |
| 307 | + description: vpcId is the ID of the VPC for the load balancer. |
| 308 | + type: string |
| 309 | + wafV2: |
| 310 | + description: WAFv2 define the AWS WAFv2 settings for a Gateway [Application |
| 311 | + Load Balancer] |
| 312 | + properties: |
| 313 | + webACL: |
| 314 | + description: ACL The WebACL to configure with the Gateway |
| 315 | + type: string |
| 316 | + required: |
| 317 | + - webACL |
| 318 | + type: object |
| 319 | + type: object |
| 320 | + status: |
| 321 | + description: LoadBalancerConfigurationStatus defines the observed state |
| 322 | + of TargetGroupBinding |
| 323 | + properties: |
| 324 | + observedGatewayClassConfigurationGeneration: |
| 325 | + description: The generation of the Gateway Configuration attached |
| 326 | + to the GatewayClass object. |
| 327 | + format: int64 |
| 328 | + type: integer |
| 329 | + observedGatewayConfigurationGeneration: |
| 330 | + description: The generation of the Gateway Configuration attached |
| 331 | + to the Gateway object. |
| 332 | + format: int64 |
| 333 | + type: integer |
| 334 | + type: object |
| 335 | + type: object |
| 336 | + served: true |
| 337 | + storage: true |
| 338 | + subresources: |
| 339 | + status: {} |
0 commit comments