--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: virtualnodes.appmesh.k8s.aws spec: group: appmesh.k8s.aws names: categories: - all kind: VirtualNode listKind: VirtualNodeList plural: virtualnodes singular: virtualnode scope: Namespaced versions: - additionalPrinterColumns: - description: The AppMesh VirtualNode object's Amazon Resource Name jsonPath: .status.virtualNodeARN name: ARN type: string - jsonPath: .metadata.creationTimestamp name: AGE type: date name: v1beta2 schema: openAPIV3Schema: description: VirtualNode is the Schema for the virtualnodes API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: VirtualNodeSpec defines the desired state of VirtualNode refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_VirtualNodeSpec.html properties: awsName: description: AWSName is the AppMesh VirtualNode object's name. If unspecified or empty, it defaults to be "${name}_${namespace}" of k8s VirtualNode type: string backendDefaults: description: A reference to an object that represents the defaults for backends. properties: clientPolicy: description: A reference to an object that represents a client policy. properties: tls: description: A reference to an object that represents a Transport Layer Security (TLS) client policy. properties: certificate: description: A reference to an object that represents TLS certificate. properties: file: description: An object that represents a TLS cert via a local file properties: certificateChain: description: The certificate chain for the certificate. maxLength: 255 minLength: 1 type: string privateKey: description: The private key for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain - privateKey type: object sds: description: An object that represents a TLS cert via SDS entry properties: secretName: description: The certificate trust chain for a certificate issued via SDS cluster type: string required: - secretName type: object type: object enforce: description: Whether the policy is enforced. If unspecified, default settings from AWS API will be applied. Refer to AWS Docs for default settings. type: boolean ports: description: The range of ports that the policy is enforced for. items: format: int64 maximum: 65535 minimum: 1 type: integer type: array validation: description: A reference to an object that represents a TLS validation context. properties: subjectAlternativeNames: description: Possible Alternative names to consider properties: match: description: Match is a required field properties: exact: description: Exact is a required field items: type: string type: array required: - exact type: object required: - match type: object trust: description: A reference to an object that represents a TLS validation context trust properties: acm: description: A reference to an object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate. properties: certificateAuthorityARNs: description: One or more ACM Amazon Resource Name (ARN)s. items: type: string maxItems: 3 minItems: 1 type: array required: - certificateAuthorityARNs type: object file: description: An object that represents a TLS validation context trust for a local file. properties: certificateChain: description: The certificate trust chain for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain type: object sds: description: An object that represents a TLS validation context trust for a SDS. properties: secretName: description: The certificate trust chain for a certificate obtained via SDS type: string required: - secretName type: object type: object required: - trust type: object required: - validation type: object type: object type: object backendGroups: description: BackendGroups that define a set of backends the virtual node is expected to send outbound traffic to. items: description: BackendGroupReference holds a reference to BackendGroup.appmesh.k8s.aws properties: name: description: Name is the name of BackendGroup CR type: string namespace: description: Namespace is the namespace of BackendGroup CR. If unspecified, defaults to the referencing object's namespace type: string required: - name type: object type: array backends: description: The backends that the virtual node is expected to send outbound traffic to. items: description: Backend refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Backend.html properties: virtualService: description: Specifies a virtual service to use as a backend for a virtual node. properties: clientPolicy: description: A reference to an object that represents the client policy for a backend. properties: tls: description: A reference to an object that represents a Transport Layer Security (TLS) client policy. properties: certificate: description: A reference to an object that represents TLS certificate. properties: file: description: An object that represents a TLS cert via a local file properties: certificateChain: description: The certificate chain for the certificate. maxLength: 255 minLength: 1 type: string privateKey: description: The private key for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain - privateKey type: object sds: description: An object that represents a TLS cert via SDS entry properties: secretName: description: The certificate trust chain for a certificate issued via SDS cluster type: string required: - secretName type: object type: object enforce: description: Whether the policy is enforced. If unspecified, default settings from AWS API will be applied. Refer to AWS Docs for default settings. type: boolean ports: description: The range of ports that the policy is enforced for. items: format: int64 maximum: 65535 minimum: 1 type: integer type: array validation: description: A reference to an object that represents a TLS validation context. properties: subjectAlternativeNames: description: Possible Alternative names to consider properties: match: description: Match is a required field properties: exact: description: Exact is a required field items: type: string type: array required: - exact type: object required: - match type: object trust: description: A reference to an object that represents a TLS validation context trust properties: acm: description: A reference to an object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate. properties: certificateAuthorityARNs: description: One or more ACM Amazon Resource Name (ARN)s. items: type: string maxItems: 3 minItems: 1 type: array required: - certificateAuthorityARNs type: object file: description: An object that represents a TLS validation context trust for a local file. properties: certificateChain: description: The certificate trust chain for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain type: object sds: description: An object that represents a TLS validation context trust for a SDS. properties: secretName: description: The certificate trust chain for a certificate obtained via SDS type: string required: - secretName type: object type: object required: - trust type: object required: - validation type: object type: object virtualServiceARN: description: Amazon Resource Name to AppMesh VirtualService object that is acting as a virtual node backend. Exactly one of 'virtualServiceRef' or 'virtualServiceARN' must be specified. type: string virtualServiceRef: description: Reference to Kubernetes VirtualService CR in cluster that is acting as a virtual node backend. Exactly one of 'virtualServiceRef' or 'virtualServiceARN' must be specified. properties: name: description: Name is the name of VirtualService CR type: string namespace: description: Namespace is the namespace of VirtualService CR. If unspecified, defaults to the referencing object's namespace type: string required: - name type: object type: object required: - virtualService type: object type: array listeners: description: The listener that the virtual node is expected to receive inbound traffic from items: description: Listener refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_Listener.html properties: connectionPool: description: The connection pool settings for the listener properties: grpc: description: Specifies grpc connection pool settings for the virtual node listener properties: maxRequests: description: Represents the maximum number of inflight requests that an envoy can concurrently support across all the hosts in the upstream cluster format: int64 minimum: 1 type: integer required: - maxRequests type: object http: description: Specifies http connection pool settings for the virtual node listener properties: maxConnections: description: Represents the maximum number of outbound TCP connections the envoy can establish concurrently with all the hosts in the upstream cluster. format: int64 minimum: 1 type: integer maxPendingRequests: description: Represents the number of overflowing requests after max_connections that an envoy will queue to an upstream cluster. format: int64 minimum: 1 type: integer required: - maxConnections type: object http2: description: Specifies http2 connection pool settings for the virtual node listener properties: maxRequests: description: Represents the maximum number of inflight requests that an envoy can concurrently support across all the hosts in the upstream cluster format: int64 minimum: 1 type: integer required: - maxRequests type: object tcp: description: Specifies tcp connection pool settings for the virtual node listener properties: maxConnections: description: Represents the maximum number of outbound TCP connections the envoy can establish concurrently with all the hosts in the upstream cluster. format: int64 minimum: 1 type: integer required: - maxConnections type: object type: object healthCheck: description: The health check information for the listener. properties: healthyThreshold: description: The number of consecutive successful health checks that must occur before declaring listener healthy. format: int64 maximum: 10 minimum: 2 type: integer intervalMillis: description: The time period in milliseconds between each health check execution. format: int64 maximum: 300000 minimum: 5000 type: integer path: description: The destination path for the health check request. This value is only used if the specified protocol is http or http2. For any other protocol, this value is ignored. type: string port: description: The destination port for the health check request. format: int64 maximum: 65535 minimum: 1 type: integer protocol: description: The protocol for the health check request enum: - grpc - http - http2 - tcp type: string timeoutMillis: description: The amount of time to wait when receiving a response from the health check, in milliseconds. format: int64 maximum: 60000 minimum: 2000 type: integer unhealthyThreshold: description: The number of consecutive failed health checks that must occur before declaring a virtual node unhealthy. format: int64 maximum: 10 minimum: 2 type: integer required: - healthyThreshold - intervalMillis - protocol - timeoutMillis - unhealthyThreshold type: object outlierDetection: description: The outlier detection for the listener properties: baseEjectionDuration: description: The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object interval: description: The time interval between ejection analysis sweeps. This can result in both new ejections as well as hosts being returned to service properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object maxEjectionPercent: description: The threshold for the max percentage of outlier hosts that can be ejected from the load balancing set. maxEjectionPercent=100 means outlier detection can potentially eject all of the hosts from the upstream service if they are all considered outliers, leaving the load balancing set with zero hosts format: int64 maximum: 100 minimum: 0 type: integer maxServerErrors: description: The threshold for the number of server errors returned by a given host during an outlier detection interval. If the server error count meets/exceeds this threshold the host is ejected. A server error is defined as any HTTP 5xx response (or the equivalent for gRPC and TCP connections) format: int64 minimum: 1 type: integer required: - baseEjectionDuration - interval - maxEjectionPercent - maxServerErrors type: object portMapping: description: The port mapping information for the listener. properties: port: description: The port used for the port mapping. format: int64 maximum: 65535 minimum: 1 type: integer protocol: description: The protocol used for the port mapping. enum: - grpc - http - http2 - tcp type: string required: - port - protocol type: object timeout: description: A reference to an object that represents properties: grpc: description: Specifies grpc timeout information for the virtual node. properties: idle: description: An object that represents idle timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object perRequest: description: An object that represents per request timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object type: object http: description: Specifies http timeout information for the virtual node. properties: idle: description: An object that represents idle timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object perRequest: description: An object that represents per request timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object type: object http2: description: Specifies http2 information for the virtual node. properties: idle: description: An object that represents idle timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object perRequest: description: An object that represents per request timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object type: object tcp: description: Specifies tcp timeout information for the virtual node. properties: idle: description: An object that represents idle timeout duration. properties: unit: description: A unit of time. enum: - s - ms type: string value: description: A number of time units. format: int64 minimum: 0 type: integer required: - unit - value type: object type: object type: object tls: description: A reference to an object that represents the Transport Layer Security (TLS) properties for a listener. properties: certificate: description: A reference to an object that represents a listener's TLS certificate. properties: acm: description: A reference to an object that represents an AWS Certificate Manager (ACM) certificate. properties: certificateARN: description: The Amazon Resource Name (ARN) for the certificate. type: string required: - certificateARN type: object file: description: A reference to an object that represents a local file certificate. properties: certificateChain: description: The certificate chain for the certificate. maxLength: 255 minLength: 1 type: string privateKey: description: The private key for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain - privateKey type: object sds: description: A reference to an object that represents an SDS certificate. properties: secretName: description: The certificate trust chain for a certificate issued via SDS cluster type: string required: - secretName type: object type: object mode: description: ListenerTLS mode enum: - DISABLED - PERMISSIVE - STRICT type: string validation: description: A reference to an object that represents an SDS Trust Domain properties: subjectAlternativeNames: description: Possible alternative names to consider properties: match: description: Match is a required field properties: exact: description: Exact is a required field items: type: string type: array required: - exact type: object required: - match type: object trust: properties: file: description: An object that represents a TLS validation context trust for a local file. properties: certificateChain: description: The certificate trust chain for a certificate stored on the file system of the virtual node that the proxy is running on. maxLength: 255 minLength: 1 type: string required: - certificateChain type: object sds: description: An object that represents a TLS validation context trust for an SDS server properties: secretName: description: The certificate trust chain for a certificate obtained via SDS type: string required: - secretName type: object type: object required: - trust type: object required: - certificate - mode type: object required: - portMapping type: object minItems: 0 type: array logging: description: The inbound and outbound access logging information for the virtual node. properties: accessLog: description: The access log configuration for a virtual node. properties: file: description: The file object to send virtual node access logs to. properties: format: description: Structured access log output format properties: json: description: Output specified fields as a JSON object items: properties: key: description: The name of the field in the JSON object minLength: 1 type: string value: description: The format string minLength: 1 type: string required: - key - value type: object type: array text: description: Custom format string type: string type: object path: description: The file path to write access logs to. maxLength: 255 minLength: 1 type: string required: - path type: object type: object type: object meshRef: description: "A reference to k8s Mesh CR that this VirtualNode belongs to. The admission controller populates it using Meshes's selector, and prevents users from setting this field. \n Populated by the system. Read-only." properties: name: description: Name is the name of Mesh CR type: string uid: description: UID is the UID of Mesh CR type: string required: - name - uid type: object podSelector: description: "PodSelector selects Pods using labels to designate VirtualNode membership. This field follows standard label selector semantics: \tif present but empty, it selects all pods within namespace. \tif absent, it selects no pod." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object serviceDiscovery: description: The service discovery information for the virtual node. Optional if there is no inbound traffic(no listeners). Mandatory if a listener is specified. properties: awsCloudMap: description: Specifies any AWS Cloud Map information for the virtual node. properties: attributes: description: A string map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance items: description: AWSCloudMapInstanceAttribute refers to https://docs.aws.amazon.com/app-mesh/latest/APIReference/API_AwsCloudMapInstanceAttribute.html properties: key: description: The name of an AWS Cloud Map service instance attribute key. maxLength: 255 minLength: 1 type: string value: description: The value of an AWS Cloud Map service instance attribute key. maxLength: 1024 minLength: 1 type: string required: - key - value type: object type: array namespaceName: description: The name of the AWS Cloud Map namespace to use. maxLength: 1024 minLength: 1 type: string serviceName: description: The name of the AWS Cloud Map service to use. maxLength: 1024 minLength: 1 type: string required: - namespaceName - serviceName type: object dns: description: Specifies the DNS information for the virtual node. properties: hostname: description: Specifies the DNS service discovery hostname for the virtual node. type: string responseType: description: Choose between ENDPOINTS (strict DNS) and LOADBALANCER (logical DNS) mode in Envoy sidecar enum: - ENDPOINTS - LOADBALANCER type: string required: - hostname type: object type: object type: object status: description: VirtualNodeStatus defines the observed state of VirtualNode properties: conditions: description: The current VirtualNode status. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. format: date-time type: string message: description: A human readable message indicating details about the transition. type: string reason: description: The reason for the condition's last transition. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: Type of VirtualNode condition. type: string required: - status - type type: object type: array observedGeneration: description: The generation observed by the VirtualNode controller. format: int64 type: integer virtualNodeARN: description: VirtualNodeARN is the AppMesh VirtualNode object's Amazon Resource Name type: string type: object type: object x-kubernetes-preserve-unknown-fields: true served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []