Package v1alpha1 contains API Schema definitions for the kubelb.k8c.io v1alpha1 API group
Addresses is the Schema for the addresses API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | Addresses | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec AddressesSpec | |||
status AddressesStatus |
AddressesList contains a list of Addresses
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | AddressesList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items Addresses array |
AddressesSpec defines the desired state of Addresses
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
addresses EndpointAddress array | Addresses contains a list of addresses. | MinItems: 1 |
AddressesStatus defines the observed state of Addresses
Appears in:
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
propagatedAnnotations map[string]string | PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the value field empty in the key-value pair to allow any value.This will have a higher precedence than the annotations specified at the Config level. | ||
propagateAllAnnotations boolean | PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.This will have a higher precedence than the value specified at the Config level. |
CertificatesSettings defines the settings for the certificates.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
disable boolean | Disable is a flag that can be used to disable certificate automation for a tenant. | ||
defaultClusterIssuer string | DefaultClusterIssuer is the Cluster Issuer to use for the certificates by default. This is applied when the cluster issuer is not specified in the annotations on the resource itself. | ||
allowedDomains string array | AllowedDomains is a list of allowed domains for automated Certificate management. Has a higher precedence than the value specified in the Config.If empty, the value specified in tenant.spec.allowedDomains will be used.Examples:- [".example.com"] -> this allows subdomains at the root level such as example.com and test.example.com but won’t allow domains at one level above like test.test.example.com- [".example.com"] -> this allows all subdomains of example.com such as test.dns.example.com and dns.example.com- [“example.com”] -> this allows only example.com- [""] or [""] -> this allows all domainsNote: “**” was added as a special case to allow any levels of subdomains that come before it. “*” works for only 1 level. |
Config is the object that represents the Config for the KubeLB management controller.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | Config | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec ConfigSpec |
ConfigCertificatesSettings defines the global settings for the certificates.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
disable boolean | Disable is a flag that can be used to disable certificate automation globally for all the tenants. | ||
defaultClusterIssuer string | DefaultClusterIssuer is the Cluster Issuer to use for the certificates by default. This is applied when the cluster issuer is not specified in the annotations on the resource itself. |
ConfigDNSSettings defines the global settings for the DNS.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
disable boolean | Disable is a flag that can be used to disable DNS automation globally for all the tenants. |
ConfigList contains a list of Config
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | ConfigList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items Config array |
ConfigSpec defines the desired state of the Config
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
propagatedAnnotations map[string]string | PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the value field empty in the key-value pair to allow any value.This will have a higher precedence than the annotations specified at the Config level. | ||
propagateAllAnnotations boolean | PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.This will have a higher precedence than the value specified at the Config level. | ||
envoyProxy EnvoyProxy | EnvoyProxy defines the desired state of the Envoy Proxy | ||
loadBalancer LoadBalancerSettings | |||
ingress IngressSettings | |||
gatewayAPI GatewayAPISettings | |||
dns ConfigDNSSettings | |||
certificates ConfigCertificatesSettings |
DNSSettings defines the settings for the DNS.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
disable boolean | Disable is a flag that can be used to disable DNS automation for a tenant. | ||
allowedDomains string array | AllowedDomains is a list of allowed domains for automated DNS management. Has a higher precedence than the value specified in the Config.If empty, the value specified in tenant.spec.allowedDomains will be used.Examples:- [".example.com"] -> this allows subdomains at the root level such as example.com and test.example.com but won’t allow domains at one level above like test.test.example.com- [".example.com"] -> this allows all subdomains of example.com such as test.dns.example.com and dns.example.com- [“example.com”] -> this allows only example.com- [""] or [""] -> this allows all domainsNote: “**” was added as a special case to allow any levels of subdomains that come before it. “*” works for only 1 level. |
EndpointAddress is a tuple that describes single IP address.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ip string | The IP of this endpoint.May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16),or link-local multicast ((224.0.0.0/24). | MinLength: 7 | |
hostname string | The Hostname of this endpoint |
EndpointPort is a tuple that describes a single port.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | The name of this port. This must match the ’name’ field in thecorresponding ServicePort.Must be a DNS_LABEL.Optional only if one port is defined. | ||
port integer | The port number of the endpoint. | ||
protocol Protocol | The IP protocol for this port. Defaults to “TCP”. | Enum: [TCP UDP] |
EnvoyProxy defines the desired state of the EnvoyProxy
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
topology EnvoyProxyTopology | Topology defines the deployment topology for Envoy Proxy. Valid values are: shared and global.DEPRECATION NOTICE: The value “dedicated” is deprecated and will be removed in a future release. Dedicated topology will now default to shared topology. | shared | Enum: [shared dedicated global] |
useDaemonset boolean | UseDaemonset defines whether Envoy Proxy will run as daemonset. By default, Envoy Proxy will run as deployment.If set to true, Replicas will be ignored. | ||
replicas integer | Replicas defines the number of replicas for Envoy Proxy. This field is ignored if UseDaemonset is set to true. | 3 | Minimum: 1 |
singlePodPerNode boolean | SinglePodPerNode defines whether Envoy Proxy pods will be spread across nodes. This ensures that multiple replicas are not running on the same node. | ||
nodeSelector object (keys:string, values:string) | NodeSelector is used to select nodes to run Envoy Proxy. If specified, the node must have all the indicated labels. | ||
tolerations Toleration array | Tolerations is used to schedule Envoy Proxy pods on nodes with matching taints. | ||
resources ResourceRequirements | Resources defines the resource requirements for Envoy Proxy. | ||
affinity Affinity | Affinity is used to schedule Envoy Proxy pods on nodes with matching affinity. |
Underlying type: string
Appears in:
| Field | Description |
|---|---|
shared | |
dedicated | |
global |
GatewayAPISettings defines the settings for the gateway API.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
class string | Class is the class of the gateway API to use. This can be used to specify a specific gateway API implementation.This has higher precedence than the value specified in the Config. | ||
disable boolean | Disable is a flag that can be used to disable Gateway API for a tenant. | ||
gateway GatewaySettings | |||
disableHTTPRoute boolean | |||
disableGRPCRoute boolean | |||
disableTCPRoute boolean | |||
disableUDPRoute boolean | |||
disableTLSRoute boolean |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
disableHTTPRoute boolean | |||
disableGRPCRoute boolean | |||
disableTCPRoute boolean | |||
disableUDPRoute boolean | |||
disableTLSRoute boolean |
GatewaySettings defines the settings for the gateway resource.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
limit integer | Limit is the maximum number of gateways to create.If a lower limit is set than the number of reources that exist, the limit will be disallow creation of new resources but will not delete existing resources. The reason behind thisis that it is not possible for KubeLB to know which resources are safe to remove. |
IngressSettings defines the settings for the ingress.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
class string | Class is the class of the ingress to use.This has higher precedence than the value specified in the Config. | ||
disable boolean | Disable is a flag that can be used to disable Ingress for a tenant. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
resource Unstructured | EmbeddedResource: {} | ||
services UpstreamService array | Services contains the list of services that are used as the source for the Route. |
LoadBalancer is the Schema for the loadbalancers API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | LoadBalancer | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec LoadBalancerSpec | |||
status LoadBalancerStatus |
LoadBalancerEndpoints is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:
{ Addresses: [{“ip”: “10.10.1.1”}, {“ip”: “10.10.2.2”}], Ports: [{“name”: “a”, “port”: 8675}, {“name”: “b”, “port”: 309}] }
The resulting set of endpoints can be viewed as:
a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], b: [ 10.10.1.1:309, 10.10.2.2:309 ]
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the endpoints. | ||
addresses EndpointAddress array | IP addresses which offer the related ports that are marked as ready. These endpointsshould be considered safe for load balancers and clients to utilize. | MinItems: 1 | |
addressesReference ObjectReference | AddressesReference is a reference to the Addresses object that contains the IP addresses.If this field is set, the Addresses field will be ignored. | ||
ports EndpointPort array | Port numbers available on the related IP addresses.This field is ignored for routes that are using kubernetes resources as the source. | MinItems: 1 |
LoadBalancerList contains a list of LoadBalancer
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | LoadBalancerList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items LoadBalancer array |
LoadBalancerPort contains information on service’s port.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | The name of this port within the service. This must be a DNS_LABEL.All ports within a Spec must have unique names. When consideringthe endpoints for a Service, this must match the ’name’ field in theEndpointPort.Optional if only one ServicePort is defined on this service. | ||
protocol Protocol | The IP protocol for this port. Defaults to “TCP”. | Enum: [TCP UDP] | |
port integer | The port that will be exposed by the LoadBalancer. |
LoadBalancerSettings defines the settings for the load balancers.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
class string | Class is the class of the load balancer to use.This has higher precedence than the value specified in the Config. | ||
limit integer | Limit is the maximum number of load balancers to create.If a lower limit is set than the number of reources that exist, the limit will be disallow creation of new resources but will not delete existing resources. The reason behind thisis that it is not possible for KubeLB to know which resources are safe to remove. | ||
disable boolean | Disable is a flag that can be used to disable L4 load balancing for a tenant. |
LoadBalancerSpec defines the desired state of LoadBalancer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
endpoints LoadBalancerEndpoints array | Sets of addresses and ports that comprise an exposed user service on a cluster. | MinItems: 1 | |
ports LoadBalancerPort array | The list of ports that are exposed by the load balancer service.only needed for layer 4 | ||
type ServiceType | type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.“ExternalName” maps to the specified externalName.“ClusterIP” allocates a cluster-internal IP address for load-balancing toendpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object. If clusterIP is“None”, no virtual IP is allocated and the endpoints are published as aset of endpoints rather than a stable IP.“NodePort” builds on ClusterIP and allocates a port on every node whichroutes to the clusterIP.“LoadBalancer” builds on NodePort and creates anexternal load-balancer (if supported in the current cloud) which routesto the clusterIP.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | ClusterIP |
LoadBalancerStatus defines the observed state of LoadBalancer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
loadBalancer LoadBalancerStatus | LoadBalancer contains the current status of the load-balancer,if one is present. | ||
service ServiceStatus | Service contains the current status of the LB service. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | APIVersion is the API version of the resource. | ||
name string | Name is the name of the resource. | ||
namespace string | Namespace is the namespace of the resource. | ||
generatedName string | GeneratedName is the generated name of the resource. | ||
status RawExtension | Status is the actual status of the resource. | ||
conditions Condition array |
Route is the object that represents a route in the cluster.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | Route | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec RouteSpec | |||
status RouteStatus |
RouteList contains a list of Routes
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | RouteList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items Route array |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
source string | |||
services object (keys:string, values:RouteServiceStatus) | |||
route ResourceState |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | APIVersion is the API version of the resource. | ||
name string | Name is the name of the resource. | ||
namespace string | Namespace is the namespace of the resource. | ||
generatedName string | GeneratedName is the generated name of the resource. | ||
status RawExtension | Status is the actual status of the resource. | ||
conditions Condition array | |||
ports ServicePort array |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
kubernetes KubernetesSource | Kubernetes contains the information about the Kubernetes source.This field is automatically populated by the KubeLB CCM and in most cases, users should not set this field manually. |
RouteSpec defines the desired state of the Route.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
endpoints LoadBalancerEndpoints array | Sets of addresses and ports that comprise an exposed user service on a cluster. | MinItems: 1 | |
source RouteSource | Source contains the information about the source of the route. This is used when the route is created from external sources. |
RouteStatus defines the observed state of the Route.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
resources RouteResourcesStatus | Resources contains the list of resources that are created/processed as a result of the Route. |
ServicePort contains information on service’s port.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | The name of this port within the service. This must be a DNS_LABEL.All ports within a ServiceSpec must have unique names. When consideringthe endpoints for a Service, this must match the ’name’ field in theEndpointPort.Optional if only one ServicePort is defined on this service. | ||
protocol Protocol | The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”.Default is TCP. | ||
appProtocol string | The application protocol for this port.This is used as a hint for implementations to offer richer behavior for protocols that they understand.This field follows standard Kubernetes label syntax.Valid values are either:Un-prefixed protocol names - reserved for IANA standard service names (as perRFC-6335 and https://www.iana.org/assignments/service-names). Kubernetes-defined prefixed names: ‘kubernetes.io/h2c’ - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- ‘kubernetes.io/ws’ - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 ‘kubernetes.io/wss’ - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 Other protocols should use implementation-defined prefixed names such asmycompany.com/my-custom-protocol. | ||
port integer | The port that will be exposed by this service. | ||
targetPort IntOrString | Number or name of the port to access on the pods targeted by the service.Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.If this is a string, it will be looked up as a named port in thetarget Pod’s container ports. If this is not specified, the valueof the ‘port’ field is used (an identity map).This field is ignored for services with clusterIP=None, and should beomitted or set equal to the ‘port’ field.More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service | ||
nodePort integer | The port on each node on which this service is exposed when type isNodePort or LoadBalancer. Usually assigned by the system. If a value isspecified, in-range, and not in use it will be used, otherwise theoperation will fail. If not specified, a port will be allocated if thisService requires one. If this field is specified when creating aService which does not need it, creation will fail. This field will bewiped when updating a Service to no longer need it (e.g. changing typefrom NodePort to ClusterIP).More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | ||
upstreamTargetPort integer |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ports ServicePort array |
SyncSecret is a wrapper over Kubernetes Secret object. This is used to sync secrets from tenants to the LB cluster in a controlled and secure way.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | SyncSecret | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
immutable boolean | |||
data object (keys:string, values:integer array) | |||
stringData object (keys:string, values:string) | |||
type SecretType |
SyncSecretList contains a list of SyncSecrets
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | SyncSecretList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items SyncSecret array |
Tenant is the Schema for the tenants API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | Tenant | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec TenantSpec | |||
status TenantStatus |
TenantList contains a list of Tenant
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | kubelb.k8c.io/v1alpha1 | ||
kind string | TenantList | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items Tenant array |
TenantSpec defines the desired state of Tenant
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
propagatedAnnotations map[string]string | PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the value field empty in the key-value pair to allow any value.This will have a higher precedence than the annotations specified at the Config level. | ||
propagateAllAnnotations boolean | PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.This will have a higher precedence than the value specified at the Config level. | ||
loadBalancer LoadBalancerSettings | |||
ingress IngressSettings | |||
gatewayAPI GatewayAPISettings | |||
dns DNSSettings | |||
certificates CertificatesSettings | |||
allowedDomains string array | List of allowed domains for the tenant. This is used to restrict the domains that can be usedfor the tenant. If specified, applies on all the components such as Ingress, GatewayAPI, DNS, certificates, etc.Examples:- [".example.com"] -> this allows subdomains at the root level such as example.com and test.example.com but won’t allow domains at one level above like test.test.example.com- [".example.com"] -> this allows all subdomains of example.com such as test.dns.example.com and dns.example.com- [“example.com”] -> this allows only example.com- [""] or [""] -> this allows all domainsNote: “” was added as a special case to allow any levels of subdomains that come before it. “*” works for only 1 level.Default: value is [""] and all domains are allowed. | [**] |
TenantStatus defines the observed state of Tenant
Appears in:
UpstreamService is a wrapper over the corev1.Service object. This is required as kubebuilder:validation:EmbeddedResource marker adds the x-kubernetes-embedded-resource to the array instead of the elements within it. Which results in a broken CRD; validation error. Without this marker, the embedded resource is not properly serialized to the CRD.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec ServiceSpec | Spec defines the behavior of a service.https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | ||
status ServiceStatus | Most recently observed status of the service.Populated by the system.Read-only.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |