159 lines
5.3 KiB
YAML
159 lines
5.3 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: networkservices v1alpha1 Gateway export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
required:
|
|
- ports
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
addresses:
|
|
description: |-
|
|
Zero or one IPv4 or IPv6 address on which the Gateway will receive the
|
|
traffic. When no address is provided, an IP from the subnetwork is
|
|
allocated This field only applies to gateways of type
|
|
'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for
|
|
IPv4 and :: for IPv6.
|
|
type: array
|
|
items:
|
|
type: string
|
|
authorizationPolicy:
|
|
description: |-
|
|
A fully-qualified AuthorizationPolicy URL reference. Specifies how
|
|
traffic is authorized. If empty, authorization checks are disabled.
|
|
type: string
|
|
certificateUrls:
|
|
description: |-
|
|
A fully-qualified Certificates URL reference. The proxy presents a
|
|
Certificate (selected based on SNI) when establishing a TLS
|
|
connection. This feature only applies to gateways of type
|
|
'SECURE_WEB_GATEWAY'.
|
|
type: array
|
|
items:
|
|
type: string
|
|
description:
|
|
description: |-
|
|
A free-text description of the resource. Max length 1024
|
|
characters.
|
|
type: string
|
|
envoyHeaders:
|
|
description: |-
|
|
Determines if envoy will insert internal debug headers into
|
|
upstream requests. Other Envoy headers may still be injected. By
|
|
default, envoy will not insert any debug headers.
|
|
type: string
|
|
enum:
|
|
- DEBUG_HEADERS
|
|
- ENVOY_HEADERS_UNSPECIFIED
|
|
- NONE
|
|
gatewaySecurityPolicy:
|
|
description: |-
|
|
A fully-qualified GatewaySecurityPolicy URL reference. Defines how
|
|
a server should apply security policy to inbound (VM to Proxy)
|
|
initiated connections. For example:
|
|
`projects/*/locations/*/gatewaySecurityPolicies/swg-policy`. This
|
|
policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.
|
|
type: string
|
|
ipVersion:
|
|
description: |-
|
|
The IP Version that will be used by this gateway. Valid options
|
|
are IPV4 or IPV6. Default is IPV4.
|
|
type: string
|
|
enum:
|
|
- IPV4
|
|
- IPV6
|
|
- IP_VERSION_UNSPECIFIED
|
|
labels:
|
|
description: Set of label tags associated with the Gateway resource.
|
|
$ref: LabelsValue.yaml
|
|
name:
|
|
description: |-
|
|
Identifier. Name of the Gateway resource. It matches pattern
|
|
`projects/*/locations/*/gateways/`.
|
|
type: string
|
|
network:
|
|
description: |-
|
|
The relative resource name identifying the VPC network that is
|
|
using this configuration. For example:
|
|
`projects/*/global/networks/network-1`. Currently, this field is
|
|
specific to gateways of type 'SECURE_WEB_GATEWAY'.
|
|
type: string
|
|
ports:
|
|
description: |-
|
|
One or more port numbers (1-65535), on which the Gateway will
|
|
receive traffic. The proxy binds to the specified ports. Gateways
|
|
of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of
|
|
type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and
|
|
support multiple ports.
|
|
type: array
|
|
items:
|
|
type: integer
|
|
routingMode:
|
|
description: |-
|
|
The routing mode of the Gateway. This field is configurable
|
|
only for gateways of type SECURE_WEB_GATEWAY. This field is
|
|
required for gateways of type SECURE_WEB_GATEWAY.
|
|
type: string
|
|
enum:
|
|
- EXPLICIT_ROUTING_MODE
|
|
- NEXT_HOP_ROUTING_MODE
|
|
scope:
|
|
description: |-
|
|
Scope determines how configuration across multiple Gateway
|
|
instances are merged. The configuration for multiple Gateway
|
|
instances with the same scope will be merged as presented as a
|
|
single coniguration to the proxy/load balancer. Max length 64
|
|
characters. Scope should start with a letter and can only have
|
|
letters, numbers, hyphens.
|
|
type: string
|
|
securityPolicy:
|
|
description: |-
|
|
A fully-qualified GatewaySecurityPolicy URL reference. Defines
|
|
how a server should apply security policy to inbound (VM to
|
|
Proxy) initiated connections. This policy is specific to
|
|
gateways of type 'SECURE_WEB_GATEWAY'. DEPRECATED!!!! Use the
|
|
gateway_security_policy field instead.
|
|
type: string
|
|
serverTlsPolicy:
|
|
description: |-
|
|
A fully-qualified ServerTLSPolicy URL reference. Specifies how
|
|
TLS traffic is terminated. If empty, TLS termination is
|
|
disabled.
|
|
type: string
|
|
subnetwork:
|
|
description: |-
|
|
The relative resource name identifying the subnetwork in which
|
|
this SWG is allocated. For example: `projects/*/regions/us-
|
|
central1/subnetworks/network-1` Currently, this field is
|
|
specific to gateways of type 'SECURE_WEB_GATEWAY".
|
|
type: string
|
|
type:
|
|
description: |-
|
|
Immutable. The type of the customer managed gateway. This
|
|
field is required. If unspecified, an error is returned.
|
|
type: string
|
|
enum:
|
|
- OPEN_MESH
|
|
- SECURE_WEB_GATEWAY
|
|
- TYPE_UNSPECIFIED
|