v1alpha2

package
v0.18.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package v1alpha2 contains API Schema definitions for the networking v1alpha2 API group. +kubebuilder:object:generate=true +groupName=networking.cloudflare-operator.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "networking.cloudflare-operator.io", Version: "v1alpha2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AccessApplication 

type AccessApplication struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessApplicationSpec   `json:"spec,omitempty"`
	Status AccessApplicationStatus `json:"status,omitempty"`
}

AccessApplication is the Schema for the accessapplications API. An AccessApplication represents a Cloudflare Access Application, which protects internal resources with Zero Trust policies.

func (*AccessApplication) DeepCopy 

func (in *AccessApplication) DeepCopy() *AccessApplication

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplication.

func (*AccessApplication) DeepCopyInto 

func (in *AccessApplication) DeepCopyInto(out *AccessApplication)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessApplication) DeepCopyObject 

func (in *AccessApplication) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessApplication) GetAccessApplicationName 

func (a *AccessApplication) GetAccessApplicationName() string

GetAccessApplicationName returns the name to use in Cloudflare.

type AccessApplicationList 

type AccessApplicationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessApplication `json:"items"`
}

AccessApplicationList contains a list of AccessApplication

func (*AccessApplicationList) DeepCopy 

func (in *AccessApplicationList) DeepCopy() *AccessApplicationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationList.

func (*AccessApplicationList) DeepCopyInto 

func (in *AccessApplicationList) DeepCopyInto(out *AccessApplicationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessApplicationList) DeepCopyObject 

func (in *AccessApplicationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessApplicationSpec 

type AccessApplicationSpec struct {
	// Name of the Access Application in Cloudflare.
	// If not specified, the Kubernetes resource name will be used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Domain is the primary domain/URL for the application.
	// +kubebuilder:validation:Required
	Domain string `json:"domain"`

	// Type is the application type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=self_hosted;saas;ssh;vnc;app_launcher;warp;biso;bookmark;dash_sso
	// +kubebuilder:default=self_hosted
	Type string `json:"type"`

	// SessionDuration is the amount of time that the token is valid for.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="24h"
	SessionDuration string `json:"sessionDuration,omitempty"`

	// AllowedIdps is the list of identity provider IDs allowed for this application.
	// +kubebuilder:validation:Optional
	AllowedIdps []string `json:"allowedIdps,omitempty"`

	// AllowedIdpRefs references AccessIdentityProvider resources by name.
	// +kubebuilder:validation:Optional
	AllowedIdpRefs []AccessIdentityProviderRef `json:"allowedIdpRefs,omitempty"`

	// AutoRedirectToIdentity enables automatic redirect to the identity provider.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AutoRedirectToIdentity bool `json:"autoRedirectToIdentity,omitempty"`

	// EnableBindingCookie enables the binding cookie.
	// +kubebuilder:validation:Optional
	EnableBindingCookie *bool `json:"enableBindingCookie,omitempty"`

	// HttpOnlyCookieAttribute sets the HttpOnly attribute on the cookie.
	// +kubebuilder:validation:Optional
	HttpOnlyCookieAttribute *bool `json:"httpOnlyCookieAttribute,omitempty"`

	// SameSiteCookieAttribute sets the SameSite attribute on the cookie.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=strict;lax;none
	SameSiteCookieAttribute string `json:"sameSiteCookieAttribute,omitempty"`

	// LogoURL is the URL of the application logo.
	// +kubebuilder:validation:Optional
	LogoURL string `json:"logoUrl,omitempty"`

	// SkipInterstitial skips the interstitial page.
	// +kubebuilder:validation:Optional
	SkipInterstitial *bool `json:"skipInterstitial,omitempty"`

	// AppLauncherVisible shows the application in the App Launcher.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AppLauncherVisible *bool `json:"appLauncherVisible,omitempty"`

	// ServiceAuth401Redirect redirects unauthorized service auth requests.
	// +kubebuilder:validation:Optional
	ServiceAuth401Redirect *bool `json:"serviceAuth401Redirect,omitempty"`

	// CustomDenyMessage is a custom message shown when access is denied.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1024
	CustomDenyMessage string `json:"customDenyMessage,omitempty"`

	// CustomDenyURL is a custom URL to redirect to when access is denied.
	// +kubebuilder:validation:Optional
	CustomDenyURL string `json:"customDenyUrl,omitempty"`

	// AllowAuthenticateViaWarp allows authentication via WARP.
	// +kubebuilder:validation:Optional
	AllowAuthenticateViaWarp *bool `json:"allowAuthenticateViaWarp,omitempty"`

	// Tags are custom tags for the application.
	// +kubebuilder:validation:Optional
	Tags []string `json:"tags,omitempty"`

	// Policies defines the access policies for this application.
	// +kubebuilder:validation:Optional
	Policies []AccessPolicyRef `json:"policies,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessApplicationSpec defines the desired state of AccessApplication

func (*AccessApplicationSpec) DeepCopy 

func (in *AccessApplicationSpec) DeepCopy() *AccessApplicationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationSpec.

func (*AccessApplicationSpec) DeepCopyInto 

func (in *AccessApplicationSpec) DeepCopyInto(out *AccessApplicationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessApplicationStatus 

type AccessApplicationStatus struct {
	// ApplicationID is the Cloudflare ID of the Access Application.
	// +kubebuilder:validation:Optional
	ApplicationID string `json:"applicationId,omitempty"`

	// AUD is the Application Audience (AUD) Tag.
	// +kubebuilder:validation:Optional
	AUD string `json:"aud,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// Domain is the configured domain.
	// +kubebuilder:validation:Optional
	Domain string `json:"domain,omitempty"`

	// State indicates the current state of the application.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// ResolvedPolicies contains the resolved policy information for each policy.
	// This helps with debugging and understanding policy state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=precedence
	ResolvedPolicies []ResolvedPolicyStatus `json:"resolvedPolicies,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessApplicationStatus defines the observed state of AccessApplication

func (*AccessApplicationStatus) DeepCopy 

func (in *AccessApplicationStatus) DeepCopy() *AccessApplicationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationStatus.

func (*AccessApplicationStatus) DeepCopyInto 

func (in *AccessApplicationStatus) DeepCopyInto(out *AccessApplicationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroup 

type AccessGroup struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessGroupSpec   `json:"spec,omitempty"`
	Status AccessGroupStatus `json:"status,omitempty"`
}

AccessGroup is the Schema for the accessgroups API.

func (*AccessGroup) DeepCopy 

func (in *AccessGroup) DeepCopy() *AccessGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroup.

func (*AccessGroup) DeepCopyInto 

func (in *AccessGroup) DeepCopyInto(out *AccessGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessGroup) DeepCopyObject 

func (in *AccessGroup) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessGroup) GetAccessGroupName 

func (a *AccessGroup) GetAccessGroupName() string

GetAccessGroupName returns the name to use in Cloudflare.

type AccessGroupAzureRule 

type AccessGroupAzureRule struct {
	ID                 string `json:"id"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupAzureRule matches Azure AD users.

func (*AccessGroupAzureRule) DeepCopy 

func (in *AccessGroupAzureRule) DeepCopy() *AccessGroupAzureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupAzureRule.

func (*AccessGroupAzureRule) DeepCopyInto 

func (in *AccessGroupAzureRule) DeepCopyInto(out *AccessGroupAzureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupCommonNameRule 

type AccessGroupCommonNameRule struct {
	CommonName string `json:"commonName"`
}

AccessGroupCommonNameRule matches certificate common names.

func (*AccessGroupCommonNameRule) DeepCopy 

func (in *AccessGroupCommonNameRule) DeepCopy() *AccessGroupCommonNameRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCommonNameRule.

func (*AccessGroupCommonNameRule) DeepCopyInto 

func (in *AccessGroupCommonNameRule) DeepCopyInto(out *AccessGroupCommonNameRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupCountryRule 

type AccessGroupCountryRule struct {
	Country []string `json:"country"`
}

AccessGroupCountryRule matches countries.

func (*AccessGroupCountryRule) DeepCopy 

func (in *AccessGroupCountryRule) DeepCopy() *AccessGroupCountryRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCountryRule.

func (*AccessGroupCountryRule) DeepCopyInto 

func (in *AccessGroupCountryRule) DeepCopyInto(out *AccessGroupCountryRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupDevicePostureRule 

type AccessGroupDevicePostureRule struct {
	IntegrationUID string `json:"integrationUid"`
}

AccessGroupDevicePostureRule matches device posture.

func (*AccessGroupDevicePostureRule) DeepCopy 

func (in *AccessGroupDevicePostureRule) DeepCopy() *AccessGroupDevicePostureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupDevicePostureRule.

func (*AccessGroupDevicePostureRule) DeepCopyInto 

func (in *AccessGroupDevicePostureRule) DeepCopyInto(out *AccessGroupDevicePostureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupEmailDomainRule 

type AccessGroupEmailDomainRule struct {
	Domain string `json:"domain"`
}

AccessGroupEmailDomainRule matches emails from a domain.

func (*AccessGroupEmailDomainRule) DeepCopy 

func (in *AccessGroupEmailDomainRule) DeepCopy() *AccessGroupEmailDomainRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailDomainRule.

func (*AccessGroupEmailDomainRule) DeepCopyInto 

func (in *AccessGroupEmailDomainRule) DeepCopyInto(out *AccessGroupEmailDomainRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupEmailRule 

type AccessGroupEmailRule struct {
	Email string `json:"email"`
}

AccessGroupEmailRule matches a specific email.

func (*AccessGroupEmailRule) DeepCopy 

func (in *AccessGroupEmailRule) DeepCopy() *AccessGroupEmailRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailRule.

func (*AccessGroupEmailRule) DeepCopyInto 

func (in *AccessGroupEmailRule) DeepCopyInto(out *AccessGroupEmailRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupExternalEvaluationRule 

type AccessGroupExternalEvaluationRule struct {
	EvaluateURL string `json:"evaluateUrl"`
	KeysURL     string `json:"keysUrl"`
}

AccessGroupExternalEvaluationRule calls external endpoint.

func (*AccessGroupExternalEvaluationRule) DeepCopy 

func (in *AccessGroupExternalEvaluationRule) DeepCopy() *AccessGroupExternalEvaluationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupExternalEvaluationRule.

func (*AccessGroupExternalEvaluationRule) DeepCopyInto 

func (in *AccessGroupExternalEvaluationRule) DeepCopyInto(out *AccessGroupExternalEvaluationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGSuiteRule 

type AccessGroupGSuiteRule struct {
	Email              string `json:"email"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupGSuiteRule matches Google Workspace users.

func (*AccessGroupGSuiteRule) DeepCopy 

func (in *AccessGroupGSuiteRule) DeepCopy() *AccessGroupGSuiteRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGSuiteRule.

func (*AccessGroupGSuiteRule) DeepCopyInto 

func (in *AccessGroupGSuiteRule) DeepCopyInto(out *AccessGroupGSuiteRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGitHubRule 

type AccessGroupGitHubRule struct {
	Name               string   `json:"name"`
	IdentityProviderID string   `json:"identityProviderId"`
	Teams              []string `json:"teams,omitempty"`
}

AccessGroupGitHubRule matches GitHub users.

func (*AccessGroupGitHubRule) DeepCopy 

func (in *AccessGroupGitHubRule) DeepCopy() *AccessGroupGitHubRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGitHubRule.

func (*AccessGroupGitHubRule) DeepCopyInto 

func (in *AccessGroupGitHubRule) DeepCopyInto(out *AccessGroupGitHubRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGroupRule 

type AccessGroupGroupRule struct {
	ID string `json:"id"`
}

AccessGroupGroupRule matches IdP groups.

func (*AccessGroupGroupRule) DeepCopy 

func (in *AccessGroupGroupRule) DeepCopy() *AccessGroupGroupRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGroupRule.

func (*AccessGroupGroupRule) DeepCopyInto 

func (in *AccessGroupGroupRule) DeepCopyInto(out *AccessGroupGroupRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupIPRangesRule 

type AccessGroupIPRangesRule struct {
	IP []string `json:"ip"`
}

AccessGroupIPRangesRule matches IP ranges.

func (*AccessGroupIPRangesRule) DeepCopy 

func (in *AccessGroupIPRangesRule) DeepCopy() *AccessGroupIPRangesRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupIPRangesRule.

func (*AccessGroupIPRangesRule) DeepCopyInto 

func (in *AccessGroupIPRangesRule) DeepCopyInto(out *AccessGroupIPRangesRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupList 

type AccessGroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessGroup `json:"items"`
}

AccessGroupList contains a list of AccessGroup

func (*AccessGroupList) DeepCopy 

func (in *AccessGroupList) DeepCopy() *AccessGroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupList.

func (*AccessGroupList) DeepCopyInto 

func (in *AccessGroupList) DeepCopyInto(out *AccessGroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessGroupList) DeepCopyObject 

func (in *AccessGroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessGroupOIDCRule 

type AccessGroupOIDCRule struct {
	ClaimName          string `json:"claimName"`
	ClaimValue         string `json:"claimValue"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupOIDCRule matches OIDC claims.

func (*AccessGroupOIDCRule) DeepCopy 

func (in *AccessGroupOIDCRule) DeepCopy() *AccessGroupOIDCRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupOIDCRule.

func (*AccessGroupOIDCRule) DeepCopyInto 

func (in *AccessGroupOIDCRule) DeepCopyInto(out *AccessGroupOIDCRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupRule 

type AccessGroupRule struct {
	// Email matches a specific email address.
	// +kubebuilder:validation:Optional
	Email *AccessGroupEmailRule `json:"email,omitempty"`

	// EmailDomain matches all emails from a domain.
	// +kubebuilder:validation:Optional
	EmailDomain *AccessGroupEmailDomainRule `json:"emailDomain,omitempty"`

	// Everyone matches all users.
	// +kubebuilder:validation:Optional
	Everyone bool `json:"everyone,omitempty"`

	// IPRanges matches users from specific IP ranges.
	// +kubebuilder:validation:Optional
	IPRanges *AccessGroupIPRangesRule `json:"ipRanges,omitempty"`

	// Country matches users from specific countries.
	// +kubebuilder:validation:Optional
	Country *AccessGroupCountryRule `json:"country,omitempty"`

	// Group matches users in a specific IdP group.
	// +kubebuilder:validation:Optional
	Group *AccessGroupGroupRule `json:"group,omitempty"`

	// ServiceToken matches requests with a specific service token.
	// +kubebuilder:validation:Optional
	ServiceToken *AccessGroupServiceTokenRule `json:"serviceToken,omitempty"`

	// AnyValidServiceToken matches any valid service token.
	// +kubebuilder:validation:Optional
	AnyValidServiceToken bool `json:"anyValidServiceToken,omitempty"`

	// Certificate matches requests with a valid mTLS certificate.
	// +kubebuilder:validation:Optional
	Certificate bool `json:"certificate,omitempty"`

	// CommonName matches mTLS certificates with a specific common name.
	// +kubebuilder:validation:Optional
	CommonName *AccessGroupCommonNameRule `json:"commonName,omitempty"`

	// DevicePosture matches devices that pass posture checks.
	// +kubebuilder:validation:Optional
	DevicePosture *AccessGroupDevicePostureRule `json:"devicePosture,omitempty"`

	// GSUITE matches users from Google Workspace.
	// +kubebuilder:validation:Optional
	GSuite *AccessGroupGSuiteRule `json:"gsuite,omitempty"`

	// GitHub matches users from GitHub organizations.
	// +kubebuilder:validation:Optional
	GitHub *AccessGroupGitHubRule `json:"github,omitempty"`

	// Azure matches users from Azure AD groups.
	// +kubebuilder:validation:Optional
	Azure *AccessGroupAzureRule `json:"azure,omitempty"`

	// OIDC matches users based on OIDC claims.
	// +kubebuilder:validation:Optional
	OIDC *AccessGroupOIDCRule `json:"oidc,omitempty"`

	// SAML matches users based on SAML attributes.
	// +kubebuilder:validation:Optional
	SAML *AccessGroupSAMLRule `json:"saml,omitempty"`

	// ExternalEvaluation calls an external endpoint for evaluation.
	// +kubebuilder:validation:Optional
	ExternalEvaluation *AccessGroupExternalEvaluationRule `json:"externalEvaluation,omitempty"`
}

AccessGroupRule defines a single rule in an Access Group.

func (*AccessGroupRule) DeepCopy 

func (in *AccessGroupRule) DeepCopy() *AccessGroupRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupRule.

func (*AccessGroupRule) DeepCopyInto 

func (in *AccessGroupRule) DeepCopyInto(out *AccessGroupRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupSAMLRule 

type AccessGroupSAMLRule struct {
	AttributeName      string `json:"attributeName"`
	AttributeValue     string `json:"attributeValue"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupSAMLRule matches SAML attributes.

func (*AccessGroupSAMLRule) DeepCopy 

func (in *AccessGroupSAMLRule) DeepCopy() *AccessGroupSAMLRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSAMLRule.

func (*AccessGroupSAMLRule) DeepCopyInto 

func (in *AccessGroupSAMLRule) DeepCopyInto(out *AccessGroupSAMLRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupServiceTokenRule 

type AccessGroupServiceTokenRule struct {
	TokenID string `json:"tokenId"`
}

AccessGroupServiceTokenRule matches a service token.

func (*AccessGroupServiceTokenRule) DeepCopy 

func (in *AccessGroupServiceTokenRule) DeepCopy() *AccessGroupServiceTokenRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupServiceTokenRule.

func (*AccessGroupServiceTokenRule) DeepCopyInto 

func (in *AccessGroupServiceTokenRule) DeepCopyInto(out *AccessGroupServiceTokenRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupSpec 

type AccessGroupSpec struct {
	// Name of the Access Group in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Include defines rules that users must match to be included.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Include []AccessGroupRule `json:"include"`

	// Exclude defines rules that exclude users even if they match include rules.
	// +kubebuilder:validation:Optional
	Exclude []AccessGroupRule `json:"exclude,omitempty"`

	// Require defines rules that all users must match in addition to include rules.
	// +kubebuilder:validation:Optional
	Require []AccessGroupRule `json:"require,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessGroupSpec defines the desired state of AccessGroup

func (*AccessGroupSpec) DeepCopy 

func (in *AccessGroupSpec) DeepCopy() *AccessGroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSpec.

func (*AccessGroupSpec) DeepCopyInto 

func (in *AccessGroupSpec) DeepCopyInto(out *AccessGroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupStatus 

type AccessGroupStatus struct {
	// GroupID is the Cloudflare ID of the Access Group.
	// +kubebuilder:validation:Optional
	GroupID string `json:"groupId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessGroupStatus defines the observed state of AccessGroup

func (*AccessGroupStatus) DeepCopy 

func (in *AccessGroupStatus) DeepCopy() *AccessGroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupStatus.

func (*AccessGroupStatus) DeepCopyInto 

func (in *AccessGroupStatus) DeepCopyInto(out *AccessGroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProvider 

type AccessIdentityProvider struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessIdentityProviderSpec   `json:"spec,omitempty"`
	Status AccessIdentityProviderStatus `json:"status,omitempty"`
}

AccessIdentityProvider is the Schema for the accessidentityproviders API.

func (*AccessIdentityProvider) DeepCopy 

func (in *AccessIdentityProvider) DeepCopy() *AccessIdentityProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProvider.

func (*AccessIdentityProvider) DeepCopyInto 

func (in *AccessIdentityProvider) DeepCopyInto(out *AccessIdentityProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessIdentityProvider) DeepCopyObject 

func (in *AccessIdentityProvider) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessIdentityProvider) GetProviderName 

func (a *AccessIdentityProvider) GetProviderName() string

GetProviderName returns the name to use in Cloudflare.

type AccessIdentityProviderList 

type AccessIdentityProviderList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessIdentityProvider `json:"items"`
}

AccessIdentityProviderList contains a list of AccessIdentityProvider

func (*AccessIdentityProviderList) DeepCopy 

func (in *AccessIdentityProviderList) DeepCopy() *AccessIdentityProviderList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderList.

func (*AccessIdentityProviderList) DeepCopyInto 

func (in *AccessIdentityProviderList) DeepCopyInto(out *AccessIdentityProviderList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessIdentityProviderList) DeepCopyObject 

func (in *AccessIdentityProviderList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessIdentityProviderRef 

type AccessIdentityProviderRef struct {
	// Name is the name of the AccessIdentityProvider resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

AccessIdentityProviderRef references an AccessIdentityProvider resource.

func (*AccessIdentityProviderRef) DeepCopy 

func (in *AccessIdentityProviderRef) DeepCopy() *AccessIdentityProviderRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderRef.

func (*AccessIdentityProviderRef) DeepCopyInto 

func (in *AccessIdentityProviderRef) DeepCopyInto(out *AccessIdentityProviderRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProviderSpec 

type AccessIdentityProviderSpec struct {
	// Name of the Identity Provider in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Type is the identity provider type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=onetimepin;azureAD;saml;centrify;facebook;github;google-apps;google;linkedin;oidc;okta;onelogin;pingone;yandex
	Type string `json:"type"`

	// Config contains provider-specific configuration.
	// +kubebuilder:validation:Optional
	Config *IdentityProviderConfig `json:"config,omitempty"`

	// ConfigSecretRef references a Secret containing sensitive config values.
	// +kubebuilder:validation:Optional
	ConfigSecretRef *SecretKeySelector `json:"configSecretRef,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessIdentityProviderSpec defines the desired state of AccessIdentityProvider

func (*AccessIdentityProviderSpec) DeepCopy 

func (in *AccessIdentityProviderSpec) DeepCopy() *AccessIdentityProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderSpec.

func (*AccessIdentityProviderSpec) DeepCopyInto 

func (in *AccessIdentityProviderSpec) DeepCopyInto(out *AccessIdentityProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProviderStatus 

type AccessIdentityProviderStatus struct {
	// ProviderID is the Cloudflare ID.
	// +kubebuilder:validation:Optional
	ProviderID string `json:"providerId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessIdentityProviderStatus defines the observed state

func (*AccessIdentityProviderStatus) DeepCopy 

func (in *AccessIdentityProviderStatus) DeepCopy() *AccessIdentityProviderStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderStatus.

func (*AccessIdentityProviderStatus) DeepCopyInto 

func (in *AccessIdentityProviderStatus) DeepCopyInto(out *AccessIdentityProviderStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessPolicyRef 

type AccessPolicyRef struct {
	// Name is the name of an AccessGroup resource (Kubernetes) to use as a policy.
	// If specified, the controller will look up the AccessGroup CR and use its GroupID.
	// Mutually exclusive with groupId and cloudflareGroupName.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name,omitempty"`

	// GroupID is the UUID of an existing Cloudflare Access Group.
	// Use this to directly reference a Cloudflare-managed Access Group
	// without creating a corresponding Kubernetes AccessGroup resource.
	// Mutually exclusive with name and cloudflareGroupName.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern=`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`
	GroupID string `json:"groupId,omitempty"`

	// CloudflareGroupName is the display name of an existing Cloudflare Access Group.
	// The controller will resolve this name to a GroupID via the Cloudflare API.
	// Use this when you want to reference a Cloudflare Access Group by name
	// (e.g., groups created via Terraform or the Cloudflare dashboard).
	// Mutually exclusive with name and groupId.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	CloudflareGroupName string `json:"cloudflareGroupName,omitempty"`

	// Decision is the policy decision (allow, deny, bypass, non_identity).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=allow;deny;bypass;non_identity
	// +kubebuilder:default=allow
	Decision string `json:"decision,omitempty"`

	// Precedence is the order of evaluation. Lower numbers are evaluated first.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	Precedence int `json:"precedence,omitempty"`

	// PolicyName is the name for this policy in Cloudflare.
	// If not specified, a name will be auto-generated based on the AccessApplication name and precedence.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	PolicyName string `json:"policyName,omitempty"`

	// SessionDuration overrides the application's session duration for this policy.
	// +kubebuilder:validation:Optional
	SessionDuration string `json:"sessionDuration,omitempty"`
}

AccessPolicyRef references an access policy or defines an inline policy. Exactly one of name, groupId, or cloudflareGroupName must be specified.

func (*AccessPolicyRef) DeepCopy 

func (in *AccessPolicyRef) DeepCopy() *AccessPolicyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyRef.

func (*AccessPolicyRef) DeepCopyInto 

func (in *AccessPolicyRef) DeepCopyInto(out *AccessPolicyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessServiceToken 

type AccessServiceToken struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessServiceTokenSpec   `json:"spec,omitempty"`
	Status AccessServiceTokenStatus `json:"status,omitempty"`
}

AccessServiceToken is the Schema for the accessservicetokens API.

func (*AccessServiceToken) DeepCopy 

func (in *AccessServiceToken) DeepCopy() *AccessServiceToken

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceToken.

func (*AccessServiceToken) DeepCopyInto 

func (in *AccessServiceToken) DeepCopyInto(out *AccessServiceToken)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessServiceToken) DeepCopyObject 

func (in *AccessServiceToken) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessServiceToken) GetTokenName 

func (a *AccessServiceToken) GetTokenName() string

GetTokenName returns the name to use in Cloudflare.

type AccessServiceTokenList 

type AccessServiceTokenList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessServiceToken `json:"items"`
}

AccessServiceTokenList contains a list of AccessServiceToken

func (*AccessServiceTokenList) DeepCopy 

func (in *AccessServiceTokenList) DeepCopy() *AccessServiceTokenList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenList.

func (*AccessServiceTokenList) DeepCopyInto 

func (in *AccessServiceTokenList) DeepCopyInto(out *AccessServiceTokenList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessServiceTokenList) DeepCopyObject 

func (in *AccessServiceTokenList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessServiceTokenSpec 

type AccessServiceTokenSpec struct {
	// Name of the Service Token in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Duration is the validity duration (e.g., "8760h" for 1 year, "forever").
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="8760h"
	Duration string `json:"duration,omitempty"`

	// SecretRef is where to store the generated token credentials.
	// +kubebuilder:validation:Required
	SecretRef ServiceTokenSecretRef `json:"secretRef"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessServiceTokenSpec defines the desired state of AccessServiceToken

func (*AccessServiceTokenSpec) DeepCopy 

func (in *AccessServiceTokenSpec) DeepCopy() *AccessServiceTokenSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenSpec.

func (*AccessServiceTokenSpec) DeepCopyInto 

func (in *AccessServiceTokenSpec) DeepCopyInto(out *AccessServiceTokenSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessServiceTokenStatus 

type AccessServiceTokenStatus struct {
	// TokenID is the Cloudflare Service Token ID.
	// +kubebuilder:validation:Optional
	TokenID string `json:"tokenId,omitempty"`

	// ClientID is the Service Token Client ID.
	// +kubebuilder:validation:Optional
	ClientID string `json:"clientId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ExpiresAt is when the token expires.
	// +kubebuilder:validation:Optional
	ExpiresAt string `json:"expiresAt,omitempty"`

	// SecretName is the name of the Secret containing credentials.
	// +kubebuilder:validation:Optional
	SecretName string `json:"secretName,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessServiceTokenStatus defines the observed state

func (*AccessServiceTokenStatus) DeepCopy 

func (in *AccessServiceTokenStatus) DeepCopy() *AccessServiceTokenStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenStatus.

func (*AccessServiceTokenStatus) DeepCopyInto 

func (in *AccessServiceTokenStatus) DeepCopyInto(out *AccessServiceTokenStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActivityLogSettings 

type ActivityLogSettings struct {
	Enabled bool `json:"enabled"`
}

ActivityLogSettings for activity logging.

func (*ActivityLogSettings) DeepCopy 

func (in *ActivityLogSettings) DeepCopy() *ActivityLogSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActivityLogSettings.

func (*ActivityLogSettings) DeepCopyInto 

func (in *ActivityLogSettings) DeepCopyInto(out *ActivityLogSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AntiVirusSettings 

type AntiVirusSettings struct {
	Enabled              bool                  `json:"enabled"`
	EnabledDownloadPhase bool                  `json:"enabledDownloadPhase,omitempty"`
	EnabledUploadPhase   bool                  `json:"enabledUploadPhase,omitempty"`
	FailClosed           bool                  `json:"failClosed,omitempty"`
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}

AntiVirusSettings for AV scanning.

func (*AntiVirusSettings) DeepCopy 

func (in *AntiVirusSettings) DeepCopy() *AntiVirusSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntiVirusSettings.

func (*AntiVirusSettings) DeepCopyInto 

func (in *AntiVirusSettings) DeepCopyInto(out *AntiVirusSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuditSSHSettings 

type AuditSSHSettings struct {
	CommandLogging bool `json:"commandLogging"`
}

AuditSSHSettings for SSH auditing.

func (*AuditSSHSettings) DeepCopy 

func (in *AuditSSHSettings) DeepCopy() *AuditSSHSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSSHSettings.

func (*AuditSSHSettings) DeepCopyInto 

func (in *AuditSSHSettings) DeepCopyInto(out *AuditSSHSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AutoPopulateConfig 

type AutoPopulateConfig struct {
	// Enabled enables automatic population from NetworkRoute resources.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Enabled bool `json:"enabled,omitempty"`

	// LabelSelector selects which NetworkRoute resources to include.
	// If empty, all NetworkRoute resources are included.
	// +kubebuilder:validation:Optional
	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`

	// DescriptionPrefix is prepended to auto-generated descriptions.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="Auto-populated from NetworkRoute: "
	DescriptionPrefix string `json:"descriptionPrefix,omitempty"`
}

AutoPopulateConfig configures automatic population of split tunnel entries.

func (*AutoPopulateConfig) DeepCopy 

func (in *AutoPopulateConfig) DeepCopy() *AutoPopulateConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoPopulateConfig.

func (*AutoPopulateConfig) DeepCopyInto 

func (in *AutoPopulateConfig) DeepCopyInto(out *AutoPopulateConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BISOAdminControls 

type BISOAdminControls struct {
	DisablePrinting             *bool `json:"disablePrinting,omitempty"`
	DisableCopyPaste            *bool `json:"disableCopyPaste,omitempty"`
	DisableDownload             *bool `json:"disableDownload,omitempty"`
	DisableUpload               *bool `json:"disableUpload,omitempty"`
	DisableKeyboard             *bool `json:"disableKeyboard,omitempty"`
	DisableClipboardRedirection *bool `json:"disableClipboardRedirection,omitempty"`
}

BISOAdminControls for browser isolation.

func (*BISOAdminControls) DeepCopy 

func (in *BISOAdminControls) DeepCopy() *BISOAdminControls

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BISOAdminControls.

func (*BISOAdminControls) DeepCopyInto 

func (in *BISOAdminControls) DeepCopyInto(out *BISOAdminControls)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BlockPageSettings 

type BlockPageSettings struct {
	Enabled         bool   `json:"enabled"`
	Name            string `json:"name,omitempty"`
	FooterText      string `json:"footerText,omitempty"`
	HeaderText      string `json:"headerText,omitempty"`
	LogoPath        string `json:"logoPath,omitempty"`
	BackgroundColor string `json:"backgroundColor,omitempty"`
	MailtoAddress   string `json:"mailtoAddress,omitempty"`
	MailtoSubject   string `json:"mailtoSubject,omitempty"`
	SuppressFooter  bool   `json:"suppressFooter,omitempty"`
}

BlockPageSettings for block page customization.

func (*BlockPageSettings) DeepCopy 

func (in *BlockPageSettings) DeepCopy() *BlockPageSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockPageSettings.

func (*BlockPageSettings) DeepCopyInto 

func (in *BlockPageSettings) DeepCopyInto(out *BlockPageSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BodyScanningSettings 

type BodyScanningSettings struct {
	InspectionMode string `json:"inspectionMode,omitempty"` // deep, shallow
}

BodyScanningSettings for body scanning.

func (*BodyScanningSettings) DeepCopy 

func (in *BodyScanningSettings) DeepCopy() *BodyScanningSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyScanningSettings.

func (*BodyScanningSettings) DeepCopyInto 

func (in *BodyScanningSettings) DeepCopyInto(out *BodyScanningSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BrowserIsolationSettings 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool `json:"urlBrowserIsolationEnabled,omitempty"`
	NonIdentityEnabled         bool `json:"nonIdentityEnabled,omitempty"`
}

BrowserIsolationSettings for browser isolation.

func (*BrowserIsolationSettings) DeepCopy 

func (in *BrowserIsolationSettings) DeepCopy() *BrowserIsolationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrowserIsolationSettings.

func (*BrowserIsolationSettings) DeepCopyInto 

func (in *BrowserIsolationSettings) DeepCopyInto(out *BrowserIsolationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareAuthType added in v0.17.0 

type CloudflareAuthType string

CloudflareAuthType defines the authentication method for Cloudflare API +kubebuilder:validation:Enum=apiToken;globalAPIKey 

const (
	// AuthTypeAPIToken uses a scoped API Token for authentication
	AuthTypeAPIToken CloudflareAuthType = "apiToken"
	// AuthTypeGlobalAPIKey uses Global API Key + Email for authentication
	AuthTypeGlobalAPIKey CloudflareAuthType = "globalAPIKey"
)

type CloudflareCredentials added in v0.17.0 

type CloudflareCredentials struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   CloudflareCredentialsSpec   `json:"spec,omitempty"`
	Status CloudflareCredentialsStatus `json:"status,omitempty"`
}

CloudflareCredentials is the Schema for global Cloudflare API credentials

func (*CloudflareCredentials) DeepCopy added in v0.17.0 

func (in *CloudflareCredentials) DeepCopy() *CloudflareCredentials

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentials.

func (*CloudflareCredentials) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentials) DeepCopyInto(out *CloudflareCredentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareCredentials) DeepCopyObject added in v0.17.0 

func (in *CloudflareCredentials) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareCredentialsList added in v0.17.0 

type CloudflareCredentialsList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CloudflareCredentials `json:"items"`
}

CloudflareCredentialsList contains a list of CloudflareCredentials

func (*CloudflareCredentialsList) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopy() *CloudflareCredentialsList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsList.

func (*CloudflareCredentialsList) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopyInto(out *CloudflareCredentialsList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareCredentialsList) DeepCopyObject added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareCredentialsRef added in v0.17.0 

type CloudflareCredentialsRef struct {
	// Name of the CloudflareCredentials resource to use
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

CloudflareCredentialsRef references a CloudflareCredentials resource

func (*CloudflareCredentialsRef) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsRef) DeepCopy() *CloudflareCredentialsRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsRef.

func (*CloudflareCredentialsRef) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsRef) DeepCopyInto(out *CloudflareCredentialsRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareCredentialsSpec added in v0.17.0 

type CloudflareCredentialsSpec struct {
	// AccountID is the Cloudflare Account ID
	// +kubebuilder:validation:Required
	AccountID string `json:"accountId"`

	// AccountName is an optional human-readable account name (for reference only)
	// +kubebuilder:validation:Optional
	AccountName string `json:"accountName,omitempty"`

	// AuthType specifies the authentication method
	// +kubebuilder:validation:Required
	// +kubebuilder:default:="apiToken"
	AuthType CloudflareAuthType `json:"authType"`

	// SecretRef references the secret containing the API credentials
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// DefaultDomain is the default domain for resources using these credentials
	// +kubebuilder:validation:Optional
	DefaultDomain string `json:"defaultDomain,omitempty"`

	// IsDefault marks this as the default credentials for resources that don't specify credentials
	// Only one CloudflareCredentials can be marked as default
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	IsDefault bool `json:"isDefault,omitempty"`
}

CloudflareCredentialsSpec defines the desired state of CloudflareCredentials

func (*CloudflareCredentialsSpec) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsSpec) DeepCopy() *CloudflareCredentialsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsSpec.

func (*CloudflareCredentialsSpec) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsSpec) DeepCopyInto(out *CloudflareCredentialsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareCredentialsStatus added in v0.17.0 

type CloudflareCredentialsStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the credentials
	// +optional
	State string `json:"state,omitempty"`

	// Validated indicates whether the credentials have been validated
	// +optional
	Validated bool `json:"validated,omitempty"`

	// LastValidatedTime is the last time credentials were validated
	// +optional
	LastValidatedTime *metav1.Time `json:"lastValidatedTime,omitempty"`

	// AccountName is the account name retrieved from Cloudflare API
	// +optional
	AccountName string `json:"accountName,omitempty"`
}

CloudflareCredentialsStatus defines the observed state of CloudflareCredentials

func (*CloudflareCredentialsStatus) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsStatus) DeepCopy() *CloudflareCredentialsStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsStatus.

func (*CloudflareCredentialsStatus) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsStatus) DeepCopyInto(out *CloudflareCredentialsStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDetails 

type CloudflareDetails struct {
	// +kubebuilder:validation:Optional
	// CredentialsRef references a CloudflareCredentials resource for API authentication.
	// When specified, this takes precedence over inline credential fields.
	// This is the recommended way to configure credentials.
	CredentialsRef *CloudflareCredentialsRef `json:"credentialsRef,omitempty"`

	// +kubebuilder:validation:Optional
	// Cloudflare Domain to which this tunnel belongs to.
	// Required if not using credentialsRef with a defaultDomain.
	Domain string `json:"domain,omitempty"`

	// +kubebuilder:validation:Optional
	// Secret containing Cloudflare API key/token (legacy, use credentialsRef instead)
	Secret string `json:"secret,omitempty"`

	// +kubebuilder:validation:Optional
	// Account Name in Cloudflare. AccountName and AccountId cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
	AccountName string `json:"accountName,omitempty"`

	// +kubebuilder:validation:Optional
	// Account ID in Cloudflare. AccountId and AccountName cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
	AccountId string `json:"accountId,omitempty"`

	// +kubebuilder:validation:Optional
	// Email to use along with API Key for Delete operations for new tunnels only, or as an alternate to API Token
	Email string `json:"email,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_API_KEY
	// Key in the secret to use for Cloudflare API Key, defaults to CLOUDFLARE_API_KEY. Needs Email also to be provided.
	// For Delete operations for new tunnels only, or as an alternate to API Token
	CLOUDFLARE_API_KEY string `json:"CLOUDFLARE_API_KEY,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_API_TOKEN
	// Key in the secret to use for Cloudflare API token, defaults to CLOUDFLARE_API_TOKEN
	CLOUDFLARE_API_TOKEN string `json:"CLOUDFLARE_API_TOKEN,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
	// Key in the secret to use as credentials.json for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
	CLOUDFLARE_TUNNEL_CREDENTIAL_FILE string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_FILE,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
	// Key in the secret to use as tunnel secret for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
	CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET,omitempty"`
}

CloudflareDetails spec contains all the necessary parameters needed to connect to the Cloudflare API. You can either use credentialsRef to reference a global CloudflareCredentials resource, or specify inline credentials using the legacy fields (secret, accountId, etc.)

func (*CloudflareDetails) DeepCopy 

func (in *CloudflareDetails) DeepCopy() *CloudflareDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDetails.

func (*CloudflareDetails) DeepCopyInto 

func (in *CloudflareDetails) DeepCopyInto(out *CloudflareDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterTunnel 

type ClusterTunnel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelSpec   `json:"spec,omitempty"`
	Status TunnelStatus `json:"status,omitempty"`
}

ClusterTunnel is the Schema for the clustertunnels API

func (*ClusterTunnel) DeepCopy 

func (in *ClusterTunnel) DeepCopy() *ClusterTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnel.

func (*ClusterTunnel) DeepCopyInto 

func (in *ClusterTunnel) DeepCopyInto(out *ClusterTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterTunnel) DeepCopyObject 

func (in *ClusterTunnel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterTunnel) Hub 

func (*ClusterTunnel) Hub()

Hub marks this type as a conversion hub.

type ClusterTunnelList 

type ClusterTunnelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterTunnel `json:"items"`
}

ClusterTunnelList contains a list of ClusterTunnel

func (*ClusterTunnelList) DeepCopy 

func (in *ClusterTunnelList) DeepCopy() *ClusterTunnelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnelList.

func (*ClusterTunnelList) DeepCopyInto 

func (in *ClusterTunnelList) DeepCopyInto(out *ClusterTunnelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterTunnelList) DeepCopyObject 

func (in *ClusterTunnelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConfigMapKeyRef 

type ConfigMapKeyRef struct {
	// Name is the ConfigMap name.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the ConfigMap.
	// +kubebuilder:validation:Required
	Key string `json:"key"`

	// Namespace is the ConfigMap namespace.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

ConfigMapKeyRef references a key in a ConfigMap.

func (*ConfigMapKeyRef) DeepCopy 

func (in *ConfigMapKeyRef) DeepCopy() *ConfigMapKeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapKeyRef.

func (*ConfigMapKeyRef) DeepCopyInto 

func (in *ConfigMapKeyRef) DeepCopyInto(out *ConfigMapKeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomCertificateSettings 

type CustomCertificateSettings struct {
	Enabled bool   `json:"enabled"`
	ID      string `json:"id,omitempty"`
}

CustomCertificateSettings for custom CA.

func (*CustomCertificateSettings) DeepCopy 

func (in *CustomCertificateSettings) DeepCopy() *CustomCertificateSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificateSettings.

func (*CustomCertificateSettings) DeepCopyInto 

func (in *CustomCertificateSettings) DeepCopyInto(out *CustomCertificateSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSManagementMode added in v0.18.1 

type DNSManagementMode string

DNSManagementMode defines how DNS records are managed for Ingresses +kubebuilder:validation:Enum=Automatic;Manual;DNSRecord 

const (
	// DNSManagementAutomatic - Controller creates CNAME records directly via Cloudflare API
	DNSManagementAutomatic DNSManagementMode = "Automatic"

	// DNSManagementManual - User manages DNS records externally (compatible with external-dns)
	DNSManagementManual DNSManagementMode = "Manual"

	// DNSManagementDNSRecord - Controller creates DNSRecord CRDs for each hostname
	DNSManagementDNSRecord DNSManagementMode = "DNSRecord"
)

type DNSRecord 

type DNSRecord struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DNSRecordSpec   `json:"spec,omitempty"`
	Status DNSRecordStatus `json:"status,omitempty"`
}

DNSRecord is the Schema for the dnsrecords API.

func (*DNSRecord) DeepCopy 

func (in *DNSRecord) DeepCopy() *DNSRecord

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecord.

func (*DNSRecord) DeepCopyInto 

func (in *DNSRecord) DeepCopyInto(out *DNSRecord)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DNSRecord) DeepCopyObject 

func (in *DNSRecord) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DNSRecordData 

type DNSRecordData struct {
	// For SRV records
	// +kubebuilder:validation:Optional
	Service string `json:"service,omitempty"`

	// +kubebuilder:validation:Optional
	Proto string `json:"proto,omitempty"`

	// +kubebuilder:validation:Optional
	Weight int `json:"weight,omitempty"`

	// +kubebuilder:validation:Optional
	Port int `json:"port,omitempty"`

	// +kubebuilder:validation:Optional
	Target string `json:"target,omitempty"`

	// For CAA records
	// +kubebuilder:validation:Optional
	Flags int `json:"flags,omitempty"`

	// +kubebuilder:validation:Optional
	Tag string `json:"tag,omitempty"`

	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// For CERT/SSHFP/TLSA records
	// +kubebuilder:validation:Optional
	Algorithm int `json:"algorithm,omitempty"`

	// +kubebuilder:validation:Optional
	Certificate string `json:"certificate,omitempty"`

	// +kubebuilder:validation:Optional
	KeyTag int `json:"keyTag,omitempty"`

	// +kubebuilder:validation:Optional
	Usage int `json:"usage,omitempty"`

	// +kubebuilder:validation:Optional
	Selector int `json:"selector,omitempty"`

	// +kubebuilder:validation:Optional
	MatchingType int `json:"matchingType,omitempty"`

	// For LOC records
	// +kubebuilder:validation:Optional
	LatDegrees int `json:"latDegrees,omitempty"`

	// +kubebuilder:validation:Optional
	LatMinutes int `json:"latMinutes,omitempty"`

	// +kubebuilder:validation:Optional
	LatSeconds string `json:"latSeconds,omitempty"`

	// +kubebuilder:validation:Optional
	LatDirection string `json:"latDirection,omitempty"`

	// +kubebuilder:validation:Optional
	LongDegrees int `json:"longDegrees,omitempty"`

	// +kubebuilder:validation:Optional
	LongMinutes int `json:"longMinutes,omitempty"`

	// +kubebuilder:validation:Optional
	LongSeconds string `json:"longSeconds,omitempty"`

	// +kubebuilder:validation:Optional
	LongDirection string `json:"longDirection,omitempty"`

	// +kubebuilder:validation:Optional
	Altitude string `json:"altitude,omitempty"`

	// +kubebuilder:validation:Optional
	Size string `json:"size,omitempty"`

	// +kubebuilder:validation:Optional
	PrecisionHorz string `json:"precisionHorz,omitempty"`

	// +kubebuilder:validation:Optional
	PrecisionVert string `json:"precisionVert,omitempty"`

	// For URI records
	// +kubebuilder:validation:Optional
	ContentURI string `json:"content,omitempty"`
}

DNSRecordData contains type-specific record data.

func (*DNSRecordData) DeepCopy 

func (in *DNSRecordData) DeepCopy() *DNSRecordData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordData.

func (*DNSRecordData) DeepCopyInto 

func (in *DNSRecordData) DeepCopyInto(out *DNSRecordData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSRecordList 

type DNSRecordList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DNSRecord `json:"items"`
}

DNSRecordList contains a list of DNSRecord

func (*DNSRecordList) DeepCopy 

func (in *DNSRecordList) DeepCopy() *DNSRecordList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordList.

func (*DNSRecordList) DeepCopyInto 

func (in *DNSRecordList) DeepCopyInto(out *DNSRecordList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DNSRecordList) DeepCopyObject 

func (in *DNSRecordList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DNSRecordSpec 

type DNSRecordSpec struct {
	// Name is the DNS record name (e.g., "www" or "www.example.com").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name"`

	// Type is the DNS record type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=A;AAAA;CNAME;TXT;MX;NS;SRV;CAA;CERT;DNSKEY;DS;HTTPS;LOC;NAPTR;SMIMEA;SSHFP;SVCB;TLSA;URI
	Type string `json:"type"`

	// Content is the record content/value.
	// +kubebuilder:validation:Required
	Content string `json:"content"`

	// TTL is the Time To Live (1 = automatic).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	TTL int `json:"ttl,omitempty"`

	// Proxied enables Cloudflare proxy for this record.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Proxied bool `json:"proxied,omitempty"`

	// Priority for MX/SRV records.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Priority *int `json:"priority,omitempty"`

	// Comment is an optional comment.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=100
	Comment string `json:"comment,omitempty"`

	// Tags for the record.
	// +kubebuilder:validation:Optional
	Tags []string `json:"tags,omitempty"`

	// Data contains additional record-specific data (for SRV, CAA, etc.).
	// +kubebuilder:validation:Optional
	Data *DNSRecordData `json:"data,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DNSRecordSpec defines the desired state of DNSRecord

func (*DNSRecordSpec) DeepCopy 

func (in *DNSRecordSpec) DeepCopy() *DNSRecordSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordSpec.

func (*DNSRecordSpec) DeepCopyInto 

func (in *DNSRecordSpec) DeepCopyInto(out *DNSRecordSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSRecordStatus 

type DNSRecordStatus struct {
	// RecordID is the Cloudflare DNS Record ID.
	// +kubebuilder:validation:Optional
	RecordID string `json:"recordId,omitempty"`

	// ZoneID is the Cloudflare Zone ID.
	// +kubebuilder:validation:Optional
	ZoneID string `json:"zoneId,omitempty"`

	// FQDN is the fully qualified domain name.
	// +kubebuilder:validation:Optional
	FQDN string `json:"fqdn,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DNSRecordStatus defines the observed state

func (*DNSRecordStatus) DeepCopy 

func (in *DNSRecordStatus) DeepCopy() *DNSRecordStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordStatus.

func (*DNSRecordStatus) DeepCopyInto 

func (in *DNSRecordStatus) DeepCopyInto(out *DNSRecordStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSResolver 

type DNSResolver struct {
	IP                         string `json:"ip,omitempty"`
	Port                       int    `json:"port,omitempty"`
	VNetID                     string `json:"vnetId,omitempty"`
	RouteThroughPrivateNetwork bool   `json:"routeThroughPrivateNetwork,omitempty"`
}

DNSResolver for custom DNS.

func (*DNSResolver) DeepCopy 

func (in *DNSResolver) DeepCopy() *DNSResolver

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSResolver.

func (*DNSResolver) DeepCopyInto 

func (in *DNSResolver) DeepCopyInto(out *DNSResolver)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureInput 

type DevicePostureInput struct {
	// ID is a generic identifier for integrations.
	// +kubebuilder:validation:Optional
	ID string `json:"id,omitempty"`

	// Path is the file path to check.
	// +kubebuilder:validation:Optional
	Path string `json:"path,omitempty"`

	// Exists checks if file exists.
	// +kubebuilder:validation:Optional
	Exists *bool `json:"exists,omitempty"`

	// Sha256 is the expected file hash.
	// +kubebuilder:validation:Optional
	Sha256 string `json:"sha256,omitempty"`

	// Thumbprint is the certificate thumbprint.
	// +kubebuilder:validation:Optional
	Thumbprint string `json:"thumbprint,omitempty"`

	// Running checks if application is running.
	// +kubebuilder:validation:Optional
	Running *bool `json:"running,omitempty"`

	// RequireAll requires all conditions to match.
	// +kubebuilder:validation:Optional
	RequireAll *bool `json:"requireAll,omitempty"`

	// Enabled checks if feature is enabled.
	// +kubebuilder:validation:Optional
	Enabled *bool `json:"enabled,omitempty"`

	// Version is the minimum version.
	// +kubebuilder:validation:Optional
	Version string `json:"version,omitempty"`

	// Operator is the version comparison operator.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	Operator string `json:"operator,omitempty"`

	// Domain is the expected domain for domain-joined checks.
	// +kubebuilder:validation:Optional
	Domain string `json:"domain,omitempty"`

	// ComplianceStatus is the Intune compliance status.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=compliant;noncompliant;unknown;notapplicable;ingraceperiod;error
	ComplianceStatus string `json:"complianceStatus,omitempty"`

	// ConnectionID is the third-party integration connection ID.
	// +kubebuilder:validation:Optional
	ConnectionID string `json:"connectionId,omitempty"`

	// LastSeen is the maximum time since device was last seen.
	// +kubebuilder:validation:Optional
	LastSeen string `json:"lastSeen,omitempty"`

	// ActiveThreats is the maximum active threat count.
	// +kubebuilder:validation:Optional
	ActiveThreats *int `json:"activeThreats,omitempty"`

	// NetworkStatus checks for network connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=connected;disconnected;disconnecting;connecting
	NetworkStatus string `json:"networkStatus,omitempty"`

	// SensorConfig checks sensor configuration.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=active;disabled;not_configured
	SensorConfig string `json:"sensorConfig,omitempty"`

	// VersionOperator for CrowdStrike version checks.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	VersionOperator string `json:"versionOperator,omitempty"`

	// CountOperator for count comparisons.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	CountOperator string `json:"countOperator,omitempty"`

	// IssueCount is the number of issues for SentinelOne.
	// +kubebuilder:validation:Optional
	IssueCount *int `json:"issueCount,omitempty"`

	// OSDistroName is the OS distribution name.
	// +kubebuilder:validation:Optional
	OSDistroName string `json:"osDistroName,omitempty"`

	// OSDistroRevision is the OS distribution revision.
	// +kubebuilder:validation:Optional
	OSDistroRevision string `json:"osDistroRevision,omitempty"`

	// CertificateID for client certificate checks.
	// +kubebuilder:validation:Optional
	CertificateID string `json:"certificateId,omitempty"`

	// CommonName for client certificate checks.
	// +kubebuilder:validation:Optional
	CommonName string `json:"commonName,omitempty"`

	// CheckDisks specifies which disks to check encryption.
	// +kubebuilder:validation:Optional
	CheckDisks []string `json:"checkDisks,omitempty"`
}

DevicePostureInput contains rule-specific input.

func (*DevicePostureInput) DeepCopy 

func (in *DevicePostureInput) DeepCopy() *DevicePostureInput

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureInput.

func (*DevicePostureInput) DeepCopyInto 

func (in *DevicePostureInput) DeepCopyInto(out *DevicePostureInput)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureMatch 

type DevicePostureMatch struct {
	// Platform is the OS platform.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=windows;mac;linux;android;ios;chromeos
	Platform string `json:"platform,omitempty"`
}

DevicePostureMatch defines platform matching.

func (*DevicePostureMatch) DeepCopy 

func (in *DevicePostureMatch) DeepCopy() *DevicePostureMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureMatch.

func (*DevicePostureMatch) DeepCopyInto 

func (in *DevicePostureMatch) DeepCopyInto(out *DevicePostureMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureRule 

type DevicePostureRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DevicePostureRuleSpec   `json:"spec,omitempty"`
	Status DevicePostureRuleStatus `json:"status,omitempty"`
}

DevicePostureRule is the Schema for the deviceposturerules API.

func (*DevicePostureRule) DeepCopy 

func (in *DevicePostureRule) DeepCopy() *DevicePostureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRule.

func (*DevicePostureRule) DeepCopyInto 

func (in *DevicePostureRule) DeepCopyInto(out *DevicePostureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DevicePostureRule) DeepCopyObject 

func (in *DevicePostureRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DevicePostureRule) GetRuleName 

func (d *DevicePostureRule) GetRuleName() string

GetRuleName returns the name to use in Cloudflare.

type DevicePostureRuleList 

type DevicePostureRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DevicePostureRule `json:"items"`
}

DevicePostureRuleList contains a list of DevicePostureRule

func (*DevicePostureRuleList) DeepCopy 

func (in *DevicePostureRuleList) DeepCopy() *DevicePostureRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleList.

func (*DevicePostureRuleList) DeepCopyInto 

func (in *DevicePostureRuleList) DeepCopyInto(out *DevicePostureRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DevicePostureRuleList) DeepCopyObject 

func (in *DevicePostureRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DevicePostureRuleSpec 

type DevicePostureRuleSpec struct {
	// Name of the Device Posture Rule in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Type is the posture rule type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=file;application;serial_number;tanium;gateway;warp;disk_encryption;sentinelone;carbonblack;firewall;os_version;domain_joined;client_certificate;unique_client_id;kolide;tanium_s2s;crowdstrike_s2s;intune;workspace_one
	Type string `json:"type"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Schedule determines how often the rule is evaluated.
	// +kubebuilder:validation:Optional
	Schedule string `json:"schedule,omitempty"`

	// Expiration is when the rule expires.
	// +kubebuilder:validation:Optional
	Expiration string `json:"expiration,omitempty"`

	// Match defines which devices this rule applies to.
	// +kubebuilder:validation:Optional
	Match []DevicePostureMatch `json:"match,omitempty"`

	// Input contains the rule-specific configuration.
	// +kubebuilder:validation:Optional
	Input *DevicePostureInput `json:"input,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DevicePostureRuleSpec defines the desired state of DevicePostureRule

func (*DevicePostureRuleSpec) DeepCopy 

func (in *DevicePostureRuleSpec) DeepCopy() *DevicePostureRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleSpec.

func (*DevicePostureRuleSpec) DeepCopyInto 

func (in *DevicePostureRuleSpec) DeepCopyInto(out *DevicePostureRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureRuleStatus 

type DevicePostureRuleStatus struct {
	// RuleID is the Cloudflare Device Posture Rule ID.
	// +kubebuilder:validation:Optional
	RuleID string `json:"ruleId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DevicePostureRuleStatus defines the observed state

func (*DevicePostureRuleStatus) DeepCopy 

func (in *DevicePostureRuleStatus) DeepCopy() *DevicePostureRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleStatus.

func (*DevicePostureRuleStatus) DeepCopyInto 

func (in *DevicePostureRuleStatus) DeepCopyInto(out *DevicePostureRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DeviceSettingsPolicy 

type DeviceSettingsPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DeviceSettingsPolicySpec   `json:"spec,omitempty"`
	Status DeviceSettingsPolicyStatus `json:"status,omitempty"`
}

DeviceSettingsPolicy is the Schema for the devicesettingspolicies API. A DeviceSettingsPolicy configures WARP client device settings including split tunnel rules and fallback domains for an account.

func (*DeviceSettingsPolicy) DeepCopy 

func (in *DeviceSettingsPolicy) DeepCopy() *DeviceSettingsPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicy.

func (*DeviceSettingsPolicy) DeepCopyInto 

func (in *DeviceSettingsPolicy) DeepCopyInto(out *DeviceSettingsPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DeviceSettingsPolicy) DeepCopyObject 

func (in *DeviceSettingsPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DeviceSettingsPolicyList 

type DeviceSettingsPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DeviceSettingsPolicy `json:"items"`
}

DeviceSettingsPolicyList contains a list of DeviceSettingsPolicy

func (*DeviceSettingsPolicyList) DeepCopy 

func (in *DeviceSettingsPolicyList) DeepCopy() *DeviceSettingsPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyList.

func (*DeviceSettingsPolicyList) DeepCopyInto 

func (in *DeviceSettingsPolicyList) DeepCopyInto(out *DeviceSettingsPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DeviceSettingsPolicyList) DeepCopyObject 

func (in *DeviceSettingsPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DeviceSettingsPolicySpec 

type DeviceSettingsPolicySpec struct {
	// SplitTunnelMode determines how split tunneling is configured.
	// "exclude" means traffic to listed addresses bypasses the tunnel (default WARP behavior).
	// "include" means only traffic to listed addresses goes through the tunnel.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=exclude;include
	// +kubebuilder:default=exclude
	SplitTunnelMode string `json:"splitTunnelMode,omitempty"`

	// SplitTunnelExclude lists addresses/hosts to exclude from the tunnel.
	// Only used when SplitTunnelMode is "exclude".
	// +kubebuilder:validation:Optional
	SplitTunnelExclude []SplitTunnelEntry `json:"splitTunnelExclude,omitempty"`

	// SplitTunnelInclude lists addresses/hosts to include in the tunnel.
	// Only used when SplitTunnelMode is "include".
	// +kubebuilder:validation:Optional
	SplitTunnelInclude []SplitTunnelEntry `json:"splitTunnelInclude,omitempty"`

	// FallbackDomains lists domains that should use the specified DNS servers
	// instead of Gateway DNS.
	// +kubebuilder:validation:Optional
	FallbackDomains []FallbackDomainEntry `json:"fallbackDomains,omitempty"`

	// AutoPopulateFromRoutes automatically populates split tunnel entries
	// from NetworkRoute resources in the cluster.
	// +kubebuilder:validation:Optional
	AutoPopulateFromRoutes *AutoPopulateConfig `json:"autoPopulateFromRoutes,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DeviceSettingsPolicySpec defines the desired state of DeviceSettingsPolicy

func (*DeviceSettingsPolicySpec) DeepCopy 

func (in *DeviceSettingsPolicySpec) DeepCopy() *DeviceSettingsPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicySpec.

func (*DeviceSettingsPolicySpec) DeepCopyInto 

func (in *DeviceSettingsPolicySpec) DeepCopyInto(out *DeviceSettingsPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DeviceSettingsPolicyStatus 

type DeviceSettingsPolicyStatus struct {
	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// SplitTunnelExcludeCount is the number of exclude entries configured.
	// +kubebuilder:validation:Optional
	SplitTunnelExcludeCount int `json:"splitTunnelExcludeCount,omitempty"`

	// SplitTunnelIncludeCount is the number of include entries configured.
	// +kubebuilder:validation:Optional
	SplitTunnelIncludeCount int `json:"splitTunnelIncludeCount,omitempty"`

	// FallbackDomainsCount is the number of fallback domain entries configured.
	// +kubebuilder:validation:Optional
	FallbackDomainsCount int `json:"fallbackDomainsCount,omitempty"`

	// AutoPopulatedRoutesCount is the number of routes auto-populated from NetworkRoutes.
	// +kubebuilder:validation:Optional
	AutoPopulatedRoutesCount int `json:"autoPopulatedRoutesCount,omitempty"`

	// State indicates the current state of the policy.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the DeviceSettingsPolicy's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DeviceSettingsPolicyStatus defines the observed state of DeviceSettingsPolicy

func (*DeviceSettingsPolicyStatus) DeepCopy 

func (in *DeviceSettingsPolicyStatus) DeepCopy() *DeviceSettingsPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyStatus.

func (*DeviceSettingsPolicyStatus) DeepCopyInto 

func (in *DeviceSettingsPolicyStatus) DeepCopyInto(out *DeviceSettingsPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressSettings 

type EgressSettings struct {
	IPv4         string `json:"ipv4,omitempty"`
	IPv6         string `json:"ipv6,omitempty"`
	IPv4Fallback string `json:"ipv4Fallback,omitempty"`
}

EgressSettings for egress action.

func (*EgressSettings) DeepCopy 

func (in *EgressSettings) DeepCopy() *EgressSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSettings.

func (*EgressSettings) DeepCopyInto 

func (in *EgressSettings) DeepCopyInto(out *EgressSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExistingTunnel 

type ExistingTunnel struct {
	// +kubebuilder:validation:Optional
	// Existing Tunnel ID to run on. Tunnel ID and Tunnel Name cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
	Id string `json:"id,omitempty"`

	// +kubebuilder:validation:Optional
	// Existing Tunnel name to run on. Tunnel Name and Tunnel ID cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
	Name string `json:"name,omitempty"`
}

ExistingTunnel spec needs either a Tunnel Id or a Name to find it on Cloudflare.

func (*ExistingTunnel) DeepCopy 

func (in *ExistingTunnel) DeepCopy() *ExistingTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExistingTunnel.

func (*ExistingTunnel) DeepCopyInto 

func (in *ExistingTunnel) DeepCopyInto(out *ExistingTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FIPSSettings 

type FIPSSettings struct {
	TLS bool `json:"tls,omitempty"`
}

FIPSSettings for FIPS compliance.

func (*FIPSSettings) DeepCopy 

func (in *FIPSSettings) DeepCopy() *FIPSSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FIPSSettings.

func (*FIPSSettings) DeepCopyInto 

func (in *FIPSSettings) DeepCopyInto(out *FIPSSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FallbackDomainEntry 

type FallbackDomainEntry struct {
	// Suffix is the domain suffix to match (e.g., "internal.company.com").
	// +kubebuilder:validation:Required
	Suffix string `json:"suffix"`

	// Description is an optional description for this entry.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=200
	Description string `json:"description,omitempty"`

	// DNSServer is a list of DNS server IPs to use for this domain.
	// +kubebuilder:validation:Optional
	DNSServer []string `json:"dnsServer,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration.

func (*FallbackDomainEntry) DeepCopy 

func (in *FallbackDomainEntry) DeepCopy() *FallbackDomainEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FallbackDomainEntry.

func (*FallbackDomainEntry) DeepCopyInto 

func (in *FallbackDomainEntry) DeepCopyInto(out *FallbackDomainEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayConfiguration 

type GatewayConfiguration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayConfigurationSpec   `json:"spec,omitempty"`
	Status GatewayConfigurationStatus `json:"status,omitempty"`
}

GatewayConfiguration is the Schema for the gatewayconfigurations API.

func (*GatewayConfiguration) DeepCopy 

func (in *GatewayConfiguration) DeepCopy() *GatewayConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfiguration.

func (*GatewayConfiguration) DeepCopyInto 

func (in *GatewayConfiguration) DeepCopyInto(out *GatewayConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayConfiguration) DeepCopyObject 

func (in *GatewayConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayConfigurationList 

type GatewayConfigurationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayConfiguration `json:"items"`
}

GatewayConfigurationList contains a list of GatewayConfiguration

func (*GatewayConfigurationList) DeepCopy 

func (in *GatewayConfigurationList) DeepCopy() *GatewayConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationList.

func (*GatewayConfigurationList) DeepCopyInto 

func (in *GatewayConfigurationList) DeepCopyInto(out *GatewayConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayConfigurationList) DeepCopyObject 

func (in *GatewayConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayConfigurationSpec 

type GatewayConfigurationSpec struct {
	// Settings contains the Gateway configuration settings.
	// +kubebuilder:validation:Required
	Settings GatewaySettings `json:"settings"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayConfigurationSpec defines the desired state of GatewayConfiguration

func (*GatewayConfigurationSpec) DeepCopy 

func (in *GatewayConfigurationSpec) DeepCopy() *GatewayConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationSpec.

func (*GatewayConfigurationSpec) DeepCopyInto 

func (in *GatewayConfigurationSpec) DeepCopyInto(out *GatewayConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayConfigurationStatus 

type GatewayConfigurationStatus struct {
	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayConfigurationStatus defines the observed state

func (*GatewayConfigurationStatus) DeepCopy 

func (in *GatewayConfigurationStatus) DeepCopy() *GatewayConfigurationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationStatus.

func (*GatewayConfigurationStatus) DeepCopyInto 

func (in *GatewayConfigurationStatus) DeepCopyInto(out *GatewayConfigurationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayList 

type GatewayList struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayListSpec   `json:"spec,omitempty"`
	Status GatewayListStatus `json:"status,omitempty"`
}

GatewayList is the Schema for the gatewaylists API.

func (*GatewayList) DeepCopy 

func (in *GatewayList) DeepCopy() *GatewayList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList.

func (*GatewayList) DeepCopyInto 

func (in *GatewayList) DeepCopyInto(out *GatewayList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayList) DeepCopyObject 

func (in *GatewayList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GatewayList) GetGatewayListName 

func (g *GatewayList) GetGatewayListName() string

GetGatewayListName returns the name to use in Cloudflare.

type GatewayListItem 

type GatewayListItem struct {
	// Value is the list entry value.
	// +kubebuilder:validation:Required
	Value string `json:"value"`

	// Description is an optional description for this item.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`
}

GatewayListItem represents a single list item.

func (*GatewayListItem) DeepCopy 

func (in *GatewayListItem) DeepCopy() *GatewayListItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListItem.

func (*GatewayListItem) DeepCopyInto 

func (in *GatewayListItem) DeepCopyInto(out *GatewayListItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayListList 

type GatewayListList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayList `json:"items"`
}

GatewayListList contains a list of GatewayList

func (*GatewayListList) DeepCopy 

func (in *GatewayListList) DeepCopy() *GatewayListList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListList.

func (*GatewayListList) DeepCopyInto 

func (in *GatewayListList) DeepCopyInto(out *GatewayListList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayListList) DeepCopyObject 

func (in *GatewayListList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayListSpec 

type GatewayListSpec struct {
	// Name of the Gateway List in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Type is the list type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=SERIAL;URL;DOMAIN;EMAIL;IP
	Type string `json:"type"`

	// Items are the list entries.
	// +kubebuilder:validation:Optional
	Items []GatewayListItem `json:"items,omitempty"`

	// ItemsFromConfigMap references a ConfigMap containing list items.
	// +kubebuilder:validation:Optional
	ItemsFromConfigMap *ConfigMapKeyRef `json:"itemsFromConfigMap,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayListSpec defines the desired state of GatewayList

func (*GatewayListSpec) DeepCopy 

func (in *GatewayListSpec) DeepCopy() *GatewayListSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListSpec.

func (*GatewayListSpec) DeepCopyInto 

func (in *GatewayListSpec) DeepCopyInto(out *GatewayListSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayListStatus 

type GatewayListStatus struct {
	// ListID is the Cloudflare Gateway List ID.
	// +kubebuilder:validation:Optional
	ListID string `json:"listId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ItemCount is the number of items in the list.
	// +kubebuilder:validation:Optional
	ItemCount int `json:"itemCount,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayListStatus defines the observed state

func (*GatewayListStatus) DeepCopy 

func (in *GatewayListStatus) DeepCopy() *GatewayListStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListStatus.

func (*GatewayListStatus) DeepCopyInto 

func (in *GatewayListStatus) DeepCopyInto(out *GatewayListStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRule 

type GatewayRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayRuleSpec   `json:"spec,omitempty"`
	Status GatewayRuleStatus `json:"status,omitempty"`
}

GatewayRule is the Schema for the gatewayrules API.

func (*GatewayRule) DeepCopy 

func (in *GatewayRule) DeepCopy() *GatewayRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRule.

func (*GatewayRule) DeepCopyInto 

func (in *GatewayRule) DeepCopyInto(out *GatewayRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayRule) DeepCopyObject 

func (in *GatewayRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GatewayRule) GetGatewayRuleName 

func (g *GatewayRule) GetGatewayRuleName() string

GetGatewayRuleName returns the name to use in Cloudflare.

type GatewayRuleList 

type GatewayRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayRule `json:"items"`
}

GatewayRuleList contains a list of GatewayRule

func (*GatewayRuleList) DeepCopy 

func (in *GatewayRuleList) DeepCopy() *GatewayRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleList.

func (*GatewayRuleList) DeepCopyInto 

func (in *GatewayRuleList) DeepCopyInto(out *GatewayRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayRuleList) DeepCopyObject 

func (in *GatewayRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayRuleSettings 

type GatewayRuleSettings struct {
	// BlockPageEnabled enables custom block page.
	// +kubebuilder:validation:Optional
	BlockPageEnabled *bool `json:"blockPageEnabled,omitempty"`

	// BlockReason is shown on the block page.
	// +kubebuilder:validation:Optional
	BlockReason string `json:"blockReason,omitempty"`

	// OverrideIPs for DNS override action.
	// +kubebuilder:validation:Optional
	OverrideIPs []string `json:"overrideIps,omitempty"`

	// OverrideHost for DNS override action.
	// +kubebuilder:validation:Optional
	OverrideHost string `json:"overrideHost,omitempty"`

	// L4Override for L4 override action.
	// +kubebuilder:validation:Optional
	L4Override *L4OverrideSettings `json:"l4Override,omitempty"`

	// BISOAdminControls for browser isolation.
	// +kubebuilder:validation:Optional
	BISOAdminControls *BISOAdminControls `json:"bisoAdminControls,omitempty"`

	// CheckSession enables session check.
	// +kubebuilder:validation:Optional
	CheckSession *SessionSettings `json:"checkSession,omitempty"`

	// AddHeaders adds headers to requests.
	// +kubebuilder:validation:Optional
	AddHeaders map[string]string `json:"addHeaders,omitempty"`

	// InsecureDisableDNSSECValidation disables DNSSEC validation.
	// +kubebuilder:validation:Optional
	InsecureDisableDNSSECValidation *bool `json:"insecureDisableDnssecValidation,omitempty"`

	// EgressSettings for egress action.
	// +kubebuilder:validation:Optional
	Egress *EgressSettings `json:"egress,omitempty"`

	// PayloadLog configures logging.
	// +kubebuilder:validation:Optional
	PayloadLog *PayloadLogSettings `json:"payloadLog,omitempty"`

	// UntrustedCertificateAction for TLS inspection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pass_through;block;error
	UntrustedCertificateAction string `json:"untrustedCertificateAction,omitempty"`

	// AuditSSH enables SSH command logging.
	// +kubebuilder:validation:Optional
	AuditSSH *AuditSSHSettings `json:"auditSsh,omitempty"`

	// ResolveDNSInternally for private DNS resolution.
	// +kubebuilder:validation:Optional
	ResolveDNSInternally *bool `json:"resolveDnsInternally,omitempty"`

	// DNSResolverIPv4 custom resolver.
	// +kubebuilder:validation:Optional
	DNSResolverIPv4 *DNSResolver `json:"dnsResolverIpv4,omitempty"`

	// DNSResolverIPv6 custom resolver.
	// +kubebuilder:validation:Optional
	DNSResolverIPv6 *DNSResolver `json:"dnsResolverIpv6,omitempty"`

	// NotificationSettings for alerts.
	// +kubebuilder:validation:Optional
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}

GatewayRuleSettings contains action-specific settings.

func (*GatewayRuleSettings) DeepCopy 

func (in *GatewayRuleSettings) DeepCopy() *GatewayRuleSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSettings.

func (*GatewayRuleSettings) DeepCopyInto 

func (in *GatewayRuleSettings) DeepCopyInto(out *GatewayRuleSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRuleSpec 

type GatewayRuleSpec struct {
	// Name of the Gateway Rule in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Precedence determines the order of rule evaluation (lower = earlier).
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=0
	Precedence int `json:"precedence"`

	// Enabled controls whether the rule is active.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Action is what happens when the rule matches.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=allow;block;log;isolate;l4_override;egress;resolve;quarantine
	Action string `json:"action"`

	// Filters specifies which types of traffic this rule applies to.
	// +kubebuilder:validation:Optional
	Filters []string `json:"filters,omitempty"`

	// Traffic is the wirefilter expression for traffic matching.
	// +kubebuilder:validation:Optional
	Traffic string `json:"traffic,omitempty"`

	// Identity is the wirefilter expression for identity matching.
	// +kubebuilder:validation:Optional
	Identity string `json:"identity,omitempty"`

	// DevicePosture is the wirefilter expression for device posture matching.
	// +kubebuilder:validation:Optional
	DevicePosture string `json:"devicePosture,omitempty"`

	// RuleSettings contains action-specific settings.
	// +kubebuilder:validation:Optional
	RuleSettings *GatewayRuleSettings `json:"ruleSettings,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayRuleSpec defines the desired state of GatewayRule

func (*GatewayRuleSpec) DeepCopy 

func (in *GatewayRuleSpec) DeepCopy() *GatewayRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSpec.

func (*GatewayRuleSpec) DeepCopyInto 

func (in *GatewayRuleSpec) DeepCopyInto(out *GatewayRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRuleStatus 

type GatewayRuleStatus struct {
	// RuleID is the Cloudflare Gateway Rule ID.
	// +kubebuilder:validation:Optional
	RuleID string `json:"ruleId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayRuleStatus defines the observed state

func (*GatewayRuleStatus) DeepCopy 

func (in *GatewayRuleStatus) DeepCopy() *GatewayRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleStatus.

func (*GatewayRuleStatus) DeepCopyInto 

func (in *GatewayRuleStatus) DeepCopyInto(out *GatewayRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewaySettings 

type GatewaySettings struct {
	// TLSDecrypt enables TLS decryption.
	// +kubebuilder:validation:Optional
	TLSDecrypt *TLSDecryptSettings `json:"tlsDecrypt,omitempty"`

	// ActivityLog configures activity logging.
	// +kubebuilder:validation:Optional
	ActivityLog *ActivityLogSettings `json:"activityLog,omitempty"`

	// AntiVirus configures AV scanning.
	// +kubebuilder:validation:Optional
	AntiVirus *AntiVirusSettings `json:"antiVirus,omitempty"`

	// BlockPage configures the block page.
	// +kubebuilder:validation:Optional
	BlockPage *BlockPageSettings `json:"blockPage,omitempty"`

	// BodyScanning configures body scanning.
	// +kubebuilder:validation:Optional
	BodyScanning *BodyScanningSettings `json:"bodyScanning,omitempty"`

	// BrowserIsolation configures browser isolation.
	// +kubebuilder:validation:Optional
	BrowserIsolation *BrowserIsolationSettings `json:"browserIsolation,omitempty"`

	// FIPS enables FIPS mode.
	// +kubebuilder:validation:Optional
	FIPS *FIPSSettings `json:"fips,omitempty"`

	// ProtocolDetection enables protocol detection.
	// +kubebuilder:validation:Optional
	ProtocolDetection *ProtocolDetectionSettings `json:"protocolDetection,omitempty"`

	// CustomCertificate configures custom root CA.
	// +kubebuilder:validation:Optional
	CustomCertificate *CustomCertificateSettings `json:"customCertificate,omitempty"`

	// NonIdentityBrowserIsolation configures non-identity isolation.
	// +kubebuilder:validation:Optional
	NonIdentityBrowserIsolation *NonIdentityBrowserIsolationSettings `json:"nonIdentityBrowserIsolation,omitempty"`
}

GatewaySettings contains Gateway configuration.

func (*GatewaySettings) DeepCopy 

func (in *GatewaySettings) DeepCopy() *GatewaySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySettings.

func (*GatewaySettings) DeepCopyInto 

func (in *GatewaySettings) DeepCopyInto(out *GatewaySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IdentityProviderConfig 

type IdentityProviderConfig struct {
	// ClientID is the OAuth client ID.
	// +kubebuilder:validation:Optional
	ClientID string `json:"clientId,omitempty"`

	// ClientSecret is the OAuth client secret (use ConfigSecretRef for sensitive values).
	// +kubebuilder:validation:Optional
	ClientSecret string `json:"clientSecret,omitempty"`

	// AppsDomain is the Google Workspace domain.
	// +kubebuilder:validation:Optional
	AppsDomain string `json:"appsDomain,omitempty"`

	// AuthURL is the authorization URL (OIDC/OAuth).
	// +kubebuilder:validation:Optional
	AuthURL string `json:"authUrl,omitempty"`

	// TokenURL is the token endpoint URL.
	// +kubebuilder:validation:Optional
	TokenURL string `json:"tokenUrl,omitempty"`

	// CertsURL is the JWKS endpoint URL.
	// +kubebuilder:validation:Optional
	CertsURL string `json:"certsUrl,omitempty"`

	// Scopes are the OAuth scopes to request.
	// +kubebuilder:validation:Optional
	Scopes []string `json:"scopes,omitempty"`

	// IdPPublicCerts are the IdP's public certificates for SAML.
	// +kubebuilder:validation:Optional
	IdPPublicCerts []string `json:"idpPublicCerts,omitempty"`

	// IssuerURL is the OIDC issuer URL.
	// +kubebuilder:validation:Optional
	IssuerURL string `json:"issuerUrl,omitempty"`

	// SSOTargetURL is the SAML SSO URL.
	// +kubebuilder:validation:Optional
	SSOTargetURL string `json:"ssoTargetUrl,omitempty"`

	// SignRequest enables SAML request signing.
	// +kubebuilder:validation:Optional
	SignRequest *bool `json:"signRequest,omitempty"`

	// EmailClaimName is the claim containing the user's email.
	// +kubebuilder:validation:Optional
	EmailClaimName string `json:"emailClaimName,omitempty"`

	// DirectoryID is the Azure AD directory ID.
	// +kubebuilder:validation:Optional
	DirectoryID string `json:"directoryId,omitempty"`

	// SupportGroups enables group sync.
	// +kubebuilder:validation:Optional
	SupportGroups *bool `json:"supportGroups,omitempty"`

	// PKCEEnabled enables PKCE.
	// +kubebuilder:validation:Optional
	PKCEEnabled *bool `json:"pkceEnabled,omitempty"`

	// ConditionalAccessEnabled enables Azure AD conditional access.
	// +kubebuilder:validation:Optional
	ConditionalAccessEnabled *bool `json:"conditionalAccessEnabled,omitempty"`

	// Claims are custom OIDC claims to include.
	// +kubebuilder:validation:Optional
	Claims []string `json:"claims,omitempty"`

	// EmailAttributeName is the SAML attribute containing email.
	// +kubebuilder:validation:Optional
	EmailAttributeName string `json:"emailAttributeName,omitempty"`

	// HeaderAttributes are SAML attributes to pass as headers.
	// +kubebuilder:validation:Optional
	HeaderAttributes []SAMLHeaderAttribute `json:"headerAttributes,omitempty"`

	// APIToken is the API token (GitHub, etc).
	// +kubebuilder:validation:Optional
	APIToken string `json:"apiToken,omitempty"`

	// OktaAccount is the Okta organization URL.
	// +kubebuilder:validation:Optional
	OktaAccount string `json:"oktaAccount,omitempty"`

	// OneloginAccount is the OneLogin subdomain.
	// +kubebuilder:validation:Optional
	OneloginAccount string `json:"oneloginAccount,omitempty"`

	// PingEnvID is the PingOne environment ID.
	// +kubebuilder:validation:Optional
	PingEnvID string `json:"pingEnvId,omitempty"`

	// CentrifyAccount is the Centrify account.
	// +kubebuilder:validation:Optional
	CentrifyAccount string `json:"centrifyAccount,omitempty"`

	// CentrifyAppID is the Centrify app ID.
	// +kubebuilder:validation:Optional
	CentrifyAppID string `json:"centrifyAppId,omitempty"`

	// RedirectURL is the callback URL.
	// +kubebuilder:validation:Optional
	RedirectURL string `json:"redirectUrl,omitempty"`
}

IdentityProviderConfig contains provider configuration.

func (*IdentityProviderConfig) DeepCopy 

func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig.

func (*IdentityProviderConfig) DeepCopyInto 

func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type L4OverrideSettings 

type L4OverrideSettings struct {
	IP   string `json:"ip"`
	Port int    `json:"port"`
}

L4OverrideSettings for L4 override.

func (*L4OverrideSettings) DeepCopy 

func (in *L4OverrideSettings) DeepCopy() *L4OverrideSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4OverrideSettings.

func (*L4OverrideSettings) DeepCopyInto 

func (in *L4OverrideSettings) DeepCopyInto(out *L4OverrideSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRoute 

type NetworkRoute struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   NetworkRouteSpec   `json:"spec,omitempty"`
	Status NetworkRouteStatus `json:"status,omitempty"`
}

NetworkRoute is the Schema for the networkroutes API. A NetworkRoute defines a CIDR range to be routed through a Cloudflare Tunnel, enabling private network access via WARP clients.

func (*NetworkRoute) DeepCopy 

func (in *NetworkRoute) DeepCopy() *NetworkRoute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRoute.

func (*NetworkRoute) DeepCopyInto 

func (in *NetworkRoute) DeepCopyInto(out *NetworkRoute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkRoute) DeepCopyObject 

func (in *NetworkRoute) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkRouteList 

type NetworkRouteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []NetworkRoute `json:"items"`
}

NetworkRouteList contains a list of NetworkRoute

func (*NetworkRouteList) DeepCopy 

func (in *NetworkRouteList) DeepCopy() *NetworkRouteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteList.

func (*NetworkRouteList) DeepCopyInto 

func (in *NetworkRouteList) DeepCopyInto(out *NetworkRouteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkRouteList) DeepCopyObject 

func (in *NetworkRouteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkRouteSpec 

type NetworkRouteSpec struct {
	// Network is the CIDR notation for the IP range to route (e.g., "10.0.0.0/8").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
	Network string `json:"network"`

	// TunnelRef references the Tunnel or ClusterTunnel that will handle this route.
	// +kubebuilder:validation:Required
	TunnelRef TunnelRef `json:"tunnelRef"`

	// VirtualNetworkRef references the VirtualNetwork for this route.
	// If not specified, the default Virtual Network will be used.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Comment is an optional description for the route.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

NetworkRouteSpec defines the desired state of NetworkRoute

func (*NetworkRouteSpec) DeepCopy 

func (in *NetworkRouteSpec) DeepCopy() *NetworkRouteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteSpec.

func (*NetworkRouteSpec) DeepCopyInto 

func (in *NetworkRouteSpec) DeepCopyInto(out *NetworkRouteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRouteStatus 

type NetworkRouteStatus struct {
	// Network is the CIDR from the route in Cloudflare.
	// +kubebuilder:validation:Optional
	Network string `json:"network,omitempty"`

	// TunnelID is the Cloudflare Tunnel ID this route points to.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the name of the Tunnel in Cloudflare.
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// VirtualNetworkID is the Cloudflare Virtual Network ID.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state of the route.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the NetworkRoute's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

NetworkRouteStatus defines the observed state of NetworkRoute

func (*NetworkRouteStatus) DeepCopy 

func (in *NetworkRouteStatus) DeepCopy() *NetworkRouteStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteStatus.

func (*NetworkRouteStatus) DeepCopyInto 

func (in *NetworkRouteStatus) DeepCopyInto(out *NetworkRouteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NewTunnel 

type NewTunnel struct {
	// +kubebuilder:validation:Required
	// Tunnel name to create on Cloudflare.
	Name string `json:"name,omitempty"`
}

NewTunnel spec needs a name to create a Tunnel on Cloudflare.

func (*NewTunnel) DeepCopy 

func (in *NewTunnel) DeepCopy() *NewTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NewTunnel.

func (*NewTunnel) DeepCopyInto 

func (in *NewTunnel) DeepCopyInto(out *NewTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NonIdentityBrowserIsolationSettings 

type NonIdentityBrowserIsolationSettings struct {
	Enabled bool `json:"enabled"`
}

NonIdentityBrowserIsolationSettings for non-identity isolation.

func (*NonIdentityBrowserIsolationSettings) DeepCopy 

func (in *NonIdentityBrowserIsolationSettings) DeepCopy() *NonIdentityBrowserIsolationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonIdentityBrowserIsolationSettings.

func (*NonIdentityBrowserIsolationSettings) DeepCopyInto 

func (in *NonIdentityBrowserIsolationSettings) DeepCopyInto(out *NonIdentityBrowserIsolationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NotificationSettings 

type NotificationSettings struct {
	Enabled    bool   `json:"enabled"`
	Message    string `json:"message,omitempty"`
	SupportURL string `json:"supportUrl,omitempty"`
}

NotificationSettings for alerts.

func (*NotificationSettings) DeepCopy 

func (in *NotificationSettings) DeepCopy() *NotificationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotificationSettings.

func (*NotificationSettings) DeepCopyInto 

func (in *NotificationSettings) DeepCopyInto(out *NotificationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OriginRequestSpec added in v0.18.1 

type OriginRequestSpec struct {
	// NoTLSVerify disables TLS verification for HTTPS origins
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	NoTLSVerify bool `json:"noTlsVerify,omitempty"`

	// HTTP2Origin enables HTTP/2 to origin (origin must be HTTPS)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	HTTP2Origin bool `json:"http2Origin,omitempty"`

	// ConnectTimeout for establishing connection to origin (e.g., "30s")
	// +kubebuilder:validation:Optional
	ConnectTimeout string `json:"connectTimeout,omitempty"`

	// TLSTimeout for TLS handshake with origin (e.g., "10s")
	// +kubebuilder:validation:Optional
	TLSTimeout string `json:"tlsTimeout,omitempty"`

	// KeepAliveTimeout for idle connections to origin (e.g., "90s")
	// +kubebuilder:validation:Optional
	KeepAliveTimeout string `json:"keepAliveTimeout,omitempty"`

	// KeepAliveConnections is the maximum number of idle connections to keep open
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	KeepAliveConnections *int `json:"keepAliveConnections,omitempty"`

	// CAPool is the name of a Secret containing CA certificate (tls.crt) for backend verification
	// +kubebuilder:validation:Optional
	CAPool string `json:"caPool,omitempty"`

	// OriginServerName overrides the hostname used for TLS verification
	// +kubebuilder:validation:Optional
	OriginServerName string `json:"originServerName,omitempty"`

	// HTTPHostHeader overrides the Host header sent to origin
	// +kubebuilder:validation:Optional
	HTTPHostHeader string `json:"httpHostHeader,omitempty"`

	// ProxyAddress for bastion/SOCKS mode
	// +kubebuilder:validation:Optional
	ProxyAddress string `json:"proxyAddress,omitempty"`

	// ProxyPort for bastion/SOCKS mode
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	ProxyPort *uint16 `json:"proxyPort,omitempty"`

	// ProxyType specifies the proxy type: "" (none) or "socks"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="";socks
	ProxyType string `json:"proxyType,omitempty"`

	// DisableChunkedEncoding disables chunked transfer encoding for HTTP requests
	// +kubebuilder:validation:Optional
	DisableChunkedEncoding *bool `json:"disableChunkedEncoding,omitempty"`

	// BastionMode enables bastion mode for the tunnel
	// +kubebuilder:validation:Optional
	BastionMode *bool `json:"bastionMode,omitempty"`
}

OriginRequestSpec defines origin request configuration for backend connections

func (*OriginRequestSpec) DeepCopy added in v0.18.1 

func (in *OriginRequestSpec) DeepCopy() *OriginRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginRequestSpec.

func (*OriginRequestSpec) DeepCopyInto added in v0.18.1 

func (in *OriginRequestSpec) DeepCopyInto(out *OriginRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PayloadLogSettings 

type PayloadLogSettings struct {
	Enabled bool `json:"enabled"`
}

PayloadLogSettings for logging.

func (*PayloadLogSettings) DeepCopy 

func (in *PayloadLogSettings) DeepCopy() *PayloadLogSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PayloadLogSettings.

func (*PayloadLogSettings) DeepCopyInto 

func (in *PayloadLogSettings) DeepCopyInto(out *PayloadLogSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrivateService 

type PrivateService struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PrivateServiceSpec   `json:"spec,omitempty"`
	Status PrivateServiceStatus `json:"status,omitempty"`
}

PrivateService is the Schema for the privateservices API. A PrivateService exposes a Kubernetes Service privately through a Cloudflare Tunnel, making it accessible only to authenticated WARP clients.

func (*PrivateService) DeepCopy 

func (in *PrivateService) DeepCopy() *PrivateService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateService.

func (*PrivateService) DeepCopyInto 

func (in *PrivateService) DeepCopyInto(out *PrivateService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PrivateService) DeepCopyObject 

func (in *PrivateService) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PrivateServiceList 

type PrivateServiceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PrivateService `json:"items"`
}

PrivateServiceList contains a list of PrivateService

func (*PrivateServiceList) DeepCopy 

func (in *PrivateServiceList) DeepCopy() *PrivateServiceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceList.

func (*PrivateServiceList) DeepCopyInto 

func (in *PrivateServiceList) DeepCopyInto(out *PrivateServiceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PrivateServiceList) DeepCopyObject 

func (in *PrivateServiceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PrivateServiceSpec 

type PrivateServiceSpec struct {
	// ServiceRef references the Kubernetes Service to expose privately.
	// The Service must be in the same namespace as the PrivateService.
	// +kubebuilder:validation:Required
	ServiceRef ServiceRef `json:"serviceRef"`

	// TunnelRef references the Tunnel or ClusterTunnel that will handle this private service.
	// +kubebuilder:validation:Required
	TunnelRef TunnelRef `json:"tunnelRef"`

	// VirtualNetworkRef references the VirtualNetwork for this private service.
	// If not specified, the default Virtual Network will be used.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Protocol specifies the protocol to use for the private service.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=tcp;udp
	// +kubebuilder:default=tcp
	Protocol string `json:"protocol,omitempty"`

	// Comment is an optional description for the private service.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

PrivateServiceSpec defines the desired state of PrivateService

func (*PrivateServiceSpec) DeepCopy 

func (in *PrivateServiceSpec) DeepCopy() *PrivateServiceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceSpec.

func (*PrivateServiceSpec) DeepCopyInto 

func (in *PrivateServiceSpec) DeepCopyInto(out *PrivateServiceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrivateServiceStatus 

type PrivateServiceStatus struct {
	// Network is the CIDR that was created for this private service.
	// +kubebuilder:validation:Optional
	Network string `json:"network,omitempty"`

	// ServiceIP is the ClusterIP of the referenced Service.
	// +kubebuilder:validation:Optional
	ServiceIP string `json:"serviceIP,omitempty"`

	// TunnelID is the Cloudflare Tunnel ID this service routes through.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the name of the Tunnel in Cloudflare.
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// VirtualNetworkID is the Cloudflare Virtual Network ID.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state of the private service.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the PrivateService's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

PrivateServiceStatus defines the observed state of PrivateService

func (*PrivateServiceStatus) DeepCopy 

func (in *PrivateServiceStatus) DeepCopy() *PrivateServiceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceStatus.

func (*PrivateServiceStatus) DeepCopyInto 

func (in *PrivateServiceStatus) DeepCopyInto(out *PrivateServiceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProtocolDetectionSettings 

type ProtocolDetectionSettings struct {
	Enabled bool `json:"enabled"`
}

ProtocolDetectionSettings for protocol detection.

func (*ProtocolDetectionSettings) DeepCopy 

func (in *ProtocolDetectionSettings) DeepCopy() *ProtocolDetectionSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProtocolDetectionSettings.

func (*ProtocolDetectionSettings) DeepCopyInto 

func (in *ProtocolDetectionSettings) DeepCopyInto(out *ProtocolDetectionSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResolvedPolicyStatus added in v0.18.0 

type ResolvedPolicyStatus struct {
	// Precedence is the policy precedence (order of evaluation).
	Precedence int `json:"precedence"`

	// PolicyID is the Cloudflare policy ID.
	// +kubebuilder:validation:Optional
	PolicyID string `json:"policyId,omitempty"`

	// GroupID is the resolved Cloudflare Access Group ID.
	// +kubebuilder:validation:Optional
	GroupID string `json:"groupId,omitempty"`

	// GroupName is the name of the Access Group (for display purposes).
	// +kubebuilder:validation:Optional
	GroupName string `json:"groupName,omitempty"`

	// Source indicates how the group was resolved.
	// Possible values: k8s, groupId, cloudflareGroupName
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=k8s;groupId;cloudflareGroupName
	Source string `json:"source,omitempty"`

	// Decision is the policy decision (allow, deny, bypass, non_identity).
	// +kubebuilder:validation:Optional
	Decision string `json:"decision,omitempty"`
}

ResolvedPolicyStatus contains resolved policy information for debugging and status tracking.

func (*ResolvedPolicyStatus) DeepCopy added in v0.18.0 

func (in *ResolvedPolicyStatus) DeepCopy() *ResolvedPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolvedPolicyStatus.

func (*ResolvedPolicyStatus) DeepCopyInto added in v0.18.0 

func (in *ResolvedPolicyStatus) DeepCopyInto(out *ResolvedPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceRequirements 

type ResourceRequirements struct {
	// Limits describes max allowed resources.
	// +kubebuilder:validation:Optional
	Limits map[string]string `json:"limits,omitempty"`

	// Requests describes minimum required resources.
	// +kubebuilder:validation:Optional
	Requests map[string]string `json:"requests,omitempty"`
}

ResourceRequirements describes compute resources.

func (*ResourceRequirements) DeepCopy 

func (in *ResourceRequirements) DeepCopy() *ResourceRequirements

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.

func (*ResourceRequirements) DeepCopyInto 

func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SAMLHeaderAttribute 

type SAMLHeaderAttribute struct {
	// AttributeName is the SAML attribute name.
	AttributeName string `json:"attributeName"`

	// HeaderName is the HTTP header name.
	HeaderName string `json:"headerName"`

	// Required indicates if this attribute is required.
	// +kubebuilder:validation:Optional
	Required bool `json:"required,omitempty"`
}

SAMLHeaderAttribute defines a SAML attribute to header mapping.

func (*SAMLHeaderAttribute) DeepCopy 

func (in *SAMLHeaderAttribute) DeepCopy() *SAMLHeaderAttribute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLHeaderAttribute.

func (*SAMLHeaderAttribute) DeepCopyInto 

func (in *SAMLHeaderAttribute) DeepCopyInto(out *SAMLHeaderAttribute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretKeySelector 

type SecretKeySelector struct {
	// Name is the name of the Secret.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the Secret.
	// +kubebuilder:validation:Required
	Key string `json:"key"`

	// Namespace is the namespace of the Secret.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

SecretKeySelector selects a key from a Secret.

func (*SecretKeySelector) DeepCopy 

func (in *SecretKeySelector) DeepCopy() *SecretKeySelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.

func (*SecretKeySelector) DeepCopyInto 

func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretReference added in v0.17.0 

type SecretReference struct {
	// Name of the secret
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace of the secret. Defaults to "cloudflare-operator-system"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="cloudflare-operator-system"
	Namespace string `json:"namespace,omitempty"`

	// Key in the secret for API Token (used when authType is apiToken)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_API_TOKEN"
	APITokenKey string `json:"apiTokenKey,omitempty"`

	// Key in the secret for Global API Key (used when authType is globalAPIKey)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_API_KEY"
	APIKeyKey string `json:"apiKeyKey,omitempty"`

	// Key in the secret for Email (used when authType is globalAPIKey)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_EMAIL"
	EmailKey string `json:"emailKey,omitempty"`
}

SecretReference contains information about the secret location

func (*SecretReference) DeepCopy added in v0.17.0 

func (in *SecretReference) DeepCopy() *SecretReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.

func (*SecretReference) DeepCopyInto added in v0.17.0 

func (in *SecretReference) DeepCopyInto(out *SecretReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceRef 

type ServiceRef struct {
	// Name is the name of the Service.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Port is the port of the Service to expose.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	Port int32 `json:"port"`
}

ServiceRef references a Kubernetes Service.

func (*ServiceRef) DeepCopy 

func (in *ServiceRef) DeepCopy() *ServiceRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRef.

func (*ServiceRef) DeepCopyInto 

func (in *ServiceRef) DeepCopyInto(out *ServiceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceTokenSecretRef 

type ServiceTokenSecretRef struct {
	// Name is the name of the Secret to create/update.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace for the Secret.
	// +kubebuilder:validation:Required
	Namespace string `json:"namespace"`

	// ClientIDKey is the key for the Client ID.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="CF_ACCESS_CLIENT_ID"
	ClientIDKey string `json:"clientIdKey,omitempty"`

	// ClientSecretKey is the key for the Client Secret.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="CF_ACCESS_CLIENT_SECRET"
	ClientSecretKey string `json:"clientSecretKey,omitempty"`
}

ServiceTokenSecretRef defines where to store token credentials.

func (*ServiceTokenSecretRef) DeepCopy 

func (in *ServiceTokenSecretRef) DeepCopy() *ServiceTokenSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceTokenSecretRef.

func (*ServiceTokenSecretRef) DeepCopyInto 

func (in *ServiceTokenSecretRef) DeepCopyInto(out *ServiceTokenSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SessionSettings 

type SessionSettings struct {
	Enforce  bool   `json:"enforce"`
	Duration string `json:"duration"`
}

SessionSettings for session checks.

func (*SessionSettings) DeepCopy 

func (in *SessionSettings) DeepCopy() *SessionSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionSettings.

func (*SessionSettings) DeepCopyInto 

func (in *SessionSettings) DeepCopyInto(out *SessionSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SplitTunnelEntry 

type SplitTunnelEntry struct {
	// Address is a CIDR notation for IP addresses to match.
	// Either Address or Host must be specified.
	// +kubebuilder:validation:Optional
	Address string `json:"address,omitempty"`

	// Host is a domain name to match.
	// Either Address or Host must be specified.
	// +kubebuilder:validation:Optional
	Host string `json:"host,omitempty"`

	// Description is an optional description for this entry.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=200
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a single split tunnel entry.

func (*SplitTunnelEntry) DeepCopy 

func (in *SplitTunnelEntry) DeepCopy() *SplitTunnelEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SplitTunnelEntry.

func (*SplitTunnelEntry) DeepCopyInto 

func (in *SplitTunnelEntry) DeepCopyInto(out *SplitTunnelEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSDecryptSettings 

type TLSDecryptSettings struct {
	Enabled bool `json:"enabled"`
}

TLSDecryptSettings for TLS decryption.

func (*TLSDecryptSettings) DeepCopy 

func (in *TLSDecryptSettings) DeepCopy() *TLSDecryptSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSDecryptSettings.

func (*TLSDecryptSettings) DeepCopyInto 

func (in *TLSDecryptSettings) DeepCopyInto(out *TLSDecryptSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Toleration 

type Toleration struct {
	// Key is the taint key.
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// Operator represents the relationship.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=Exists;Equal
	Operator string `json:"operator,omitempty"`

	// Value is the taint value.
	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// Effect indicates the taint effect.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=NoSchedule;PreferNoSchedule;NoExecute
	Effect string `json:"effect,omitempty"`

	// TolerationSeconds for NoExecute effect.
	// +kubebuilder:validation:Optional
	TolerationSeconds *int64 `json:"tolerationSeconds,omitempty"`
}

Toleration for pod scheduling.

func (*Toleration) DeepCopy 

func (in *Toleration) DeepCopy() *Toleration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Toleration.

func (*Toleration) DeepCopyInto 

func (in *Toleration) DeepCopyInto(out *Toleration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tunnel 

type Tunnel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelSpec   `json:"spec,omitempty"`
	Status TunnelStatus `json:"status,omitempty"`
}

Tunnel is the Schema for the tunnels API

func (*Tunnel) DeepCopy 

func (in *Tunnel) DeepCopy() *Tunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tunnel.

func (*Tunnel) DeepCopyInto 

func (in *Tunnel) DeepCopyInto(out *Tunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Tunnel) DeepCopyObject 

func (in *Tunnel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Tunnel) Hub 

func (*Tunnel) Hub()

Hub marks this type as a conversion hub.

type TunnelGatewayClassConfig added in v0.18.1 

type TunnelGatewayClassConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelGatewayClassConfigSpec   `json:"spec,omitempty"`
	Status TunnelGatewayClassConfigStatus `json:"status,omitempty"`
}

TunnelGatewayClassConfig provides GatewayClass parameters for Cloudflare Tunnel Gateway Controller. This resource links a GatewayClass to a specific Tunnel or ClusterTunnel and configures how the Gateway Controller handles DNS records and origin connections.

Example usage: 

apiVersion: networking.cloudflare-operator.io/v1alpha2
kind: TunnelGatewayClassConfig
metadata:
  name: cloudflare-tunnel
spec:
  tunnelRef:
    kind: ClusterTunnel
    name: production-tunnel
  dnsManagement: Automatic
  dnsProxied: true

func (*TunnelGatewayClassConfig) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopy() *TunnelGatewayClassConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfig.

func (*TunnelGatewayClassConfig) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopyInto(out *TunnelGatewayClassConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelGatewayClassConfig) DeepCopyObject added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*TunnelGatewayClassConfig) GetTunnelNamespace added in v0.18.1 

func (c *TunnelGatewayClassConfig) GetTunnelNamespace() string

GetTunnelNamespace returns the namespace where the Tunnel resource is located. For ClusterTunnel, this returns empty string (cluster-scoped). For Tunnel, this returns the namespace from TunnelRef or falls back to config's namespace.

func (*TunnelGatewayClassConfig) IsDNSProxied added in v0.18.1 

func (c *TunnelGatewayClassConfig) IsDNSProxied() bool

IsDNSProxied returns whether DNS records should be proxied through Cloudflare.

type TunnelGatewayClassConfigList added in v0.18.1 

type TunnelGatewayClassConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TunnelGatewayClassConfig `json:"items"`
}

TunnelGatewayClassConfigList contains a list of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigList) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopy() *TunnelGatewayClassConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigList.

func (*TunnelGatewayClassConfigList) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopyInto(out *TunnelGatewayClassConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelGatewayClassConfigList) DeepCopyObject added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelGatewayClassConfigSpec added in v0.18.1 

type TunnelGatewayClassConfigSpec struct {
	// TunnelRef references the Tunnel or ClusterTunnel to use for this GatewayClass
	// +kubebuilder:validation:Required
	TunnelRef TunnelReference `json:"tunnelRef"`

	// DefaultOriginRequest provides default origin request settings for all Routes
	// using this GatewayClass. Can be overridden per-Route via annotations.
	// +kubebuilder:validation:Optional
	DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`

	// DNSManagement controls how DNS records are managed for Route hostnames.
	// - Automatic: Controller creates CNAME records directly via Cloudflare API
	// - Manual: User manages DNS records externally (compatible with external-dns)
	// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=Automatic
	DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`

	// DNSProxied controls whether DNS records are proxied through Cloudflare.
	// Only applies when DNSManagement is Automatic or DNSRecord.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DNSProxied *bool `json:"dnsProxied,omitempty"`

	// WatchNamespaces limits which namespaces the controller watches for Routes.
	// If empty, watches all namespaces.
	// +kubebuilder:validation:Optional
	WatchNamespaces []string `json:"watchNamespaces,omitempty"`

	// FallbackTarget is the default target for unmatched requests.
	// Defaults to "http_status:404" if not specified.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="http_status:404"
	FallbackTarget string `json:"fallbackTarget,omitempty"`
}

TunnelGatewayClassConfigSpec defines the desired state of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigSpec) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigSpec) DeepCopy() *TunnelGatewayClassConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigSpec.

func (*TunnelGatewayClassConfigSpec) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigSpec) DeepCopyInto(out *TunnelGatewayClassConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelGatewayClassConfigStatus added in v0.18.1 

type TunnelGatewayClassConfigStatus struct {
	// TunnelID is the resolved Cloudflare Tunnel ID
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the resolved Cloudflare Tunnel name
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// GatewayCount is the number of Gateways using this configuration
	// +kubebuilder:validation:Optional
	GatewayCount int `json:"gatewayCount,omitempty"`

	// RouteCount is the total number of Routes across all Gateways
	// +kubebuilder:validation:Optional
	RouteCount int `json:"routeCount,omitempty"`

	// State represents the current state of the configuration
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pending;active;error
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

TunnelGatewayClassConfigStatus defines the observed state of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigStatus) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigStatus) DeepCopy() *TunnelGatewayClassConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigStatus.

func (*TunnelGatewayClassConfigStatus) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigStatus) DeepCopyInto(out *TunnelGatewayClassConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelIngressClassConfig added in v0.18.1 

type TunnelIngressClassConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelIngressClassConfigSpec   `json:"spec,omitempty"`
	Status TunnelIngressClassConfigStatus `json:"status,omitempty"`
}

TunnelIngressClassConfig provides IngressClass parameters for Cloudflare Tunnel Ingress Controller. This resource links an IngressClass to a specific Tunnel or ClusterTunnel and configures how the Ingress Controller handles DNS records and origin connections.

func (*TunnelIngressClassConfig) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopy() *TunnelIngressClassConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfig.

func (*TunnelIngressClassConfig) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopyInto(out *TunnelIngressClassConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelIngressClassConfig) DeepCopyObject added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*TunnelIngressClassConfig) GetTunnelNamespace added in v0.18.1 

func (c *TunnelIngressClassConfig) GetTunnelNamespace() string

GetTunnelNamespace returns the namespace of the referenced tunnel. For ClusterTunnel, returns empty string. For Tunnel, returns the specified namespace or the config's namespace.

func (*TunnelIngressClassConfig) IsDNSProxied added in v0.18.1 

func (c *TunnelIngressClassConfig) IsDNSProxied() bool

IsDNSProxied returns whether DNS records should be proxied through Cloudflare.

type TunnelIngressClassConfigList added in v0.18.1 

type TunnelIngressClassConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TunnelIngressClassConfig `json:"items"`
}

TunnelIngressClassConfigList contains a list of TunnelIngressClassConfig

func (*TunnelIngressClassConfigList) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopy() *TunnelIngressClassConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigList.

func (*TunnelIngressClassConfigList) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopyInto(out *TunnelIngressClassConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelIngressClassConfigList) DeepCopyObject added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelIngressClassConfigSpec added in v0.18.1 

type TunnelIngressClassConfigSpec struct {
	// TunnelRef references the Tunnel or ClusterTunnel to use for this IngressClass
	// +kubebuilder:validation:Required
	TunnelRef TunnelReference `json:"tunnelRef"`

	// DefaultOriginRequest provides default origin request settings for all Ingresses
	// using this IngressClass. Can be overridden per-Ingress via annotations.
	// +kubebuilder:validation:Optional
	DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`

	// DNSManagement controls how DNS records are managed for Ingress hostnames.
	// - Automatic: Controller creates CNAME records directly via Cloudflare API
	// - Manual: User manages DNS records externally (compatible with external-dns)
	// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=Automatic
	DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`

	// DNSProxied controls whether DNS records are proxied through Cloudflare.
	// Only applies when DNSManagement is Automatic or DNSRecord.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DNSProxied *bool `json:"dnsProxied,omitempty"`

	// WatchNamespaces limits which namespaces the controller watches for Ingresses.
	// If empty, watches all namespaces.
	// +kubebuilder:validation:Optional
	WatchNamespaces []string `json:"watchNamespaces,omitempty"`
}

TunnelIngressClassConfigSpec defines the desired state of TunnelIngressClassConfig

func (*TunnelIngressClassConfigSpec) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigSpec) DeepCopy() *TunnelIngressClassConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigSpec.

func (*TunnelIngressClassConfigSpec) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigSpec) DeepCopyInto(out *TunnelIngressClassConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelIngressClassConfigStatus added in v0.18.1 

type TunnelIngressClassConfigStatus struct {
	// TunnelID is the resolved Cloudflare Tunnel ID
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the resolved Cloudflare Tunnel name
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// IngressCount is the number of Ingresses using this configuration
	// +kubebuilder:validation:Optional
	IngressCount int `json:"ingressCount,omitempty"`

	// State represents the current state of the configuration
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pending;active;error
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

TunnelIngressClassConfigStatus defines the observed state of TunnelIngressClassConfig

func (*TunnelIngressClassConfigStatus) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigStatus) DeepCopy() *TunnelIngressClassConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigStatus.

func (*TunnelIngressClassConfigStatus) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigStatus) DeepCopyInto(out *TunnelIngressClassConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelList 

type TunnelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Tunnel `json:"items"`
}

TunnelList contains a list of Tunnel

func (*TunnelList) DeepCopy 

func (in *TunnelList) DeepCopy() *TunnelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelList.

func (*TunnelList) DeepCopyInto 

func (in *TunnelList) DeepCopyInto(out *TunnelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelList) DeepCopyObject 

func (in *TunnelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelRef 

type TunnelRef struct {
	// Kind is the type of tunnel resource (Tunnel or ClusterTunnel).
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
	// +kubebuilder:default=ClusterTunnel
	Kind string `json:"kind"`

	// Name is the name of the Tunnel or ClusterTunnel resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace of the Tunnel resource.
	// Only applicable when Kind is Tunnel. Ignored for ClusterTunnel.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

TunnelRef references a Tunnel or ClusterTunnel resource.

func (*TunnelRef) DeepCopy 

func (in *TunnelRef) DeepCopy() *TunnelRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRef.

func (*TunnelRef) DeepCopyInto 

func (in *TunnelRef) DeepCopyInto(out *TunnelRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelReference added in v0.18.1 

type TunnelReference struct {
	// Kind is the tunnel resource kind: Tunnel or ClusterTunnel
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
	Kind string `json:"kind"`

	// Name is the name of the Tunnel/ClusterTunnel resource
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace of the Tunnel (only for Kind=Tunnel).
	// If not specified for Kind=Tunnel, defaults to the TunnelIngressClassConfig's namespace.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

TunnelReference references a Tunnel or ClusterTunnel resource

func (*TunnelReference) DeepCopy added in v0.18.1 

func (in *TunnelReference) DeepCopy() *TunnelReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelReference.

func (*TunnelReference) DeepCopyInto added in v0.18.1 

func (in *TunnelReference) DeepCopyInto(out *TunnelReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelSpec 

type TunnelSpec struct {
	// Deployment patch for the cloudflared deployment.
	// Follows https://kubernetes.io/docs/reference/kubectl/generated/kubectl_patch/
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="{}"
	DeployPatch string `json:"deployPatch,omitempty"`

	// +kubebuilder:default:=false
	// +kubebuilder:validation:Optional
	// NoTlsVerify disables origin TLS certificate checks when the endpoint is HTTPS.
	NoTlsVerify bool `json:"noTlsVerify,omitempty"`

	// +kubebuilder:validation:Optional
	// OriginCaPool speficies the secret with tls.crt (and other certs as needed to be referred in the service annotation) of the Root CA to be trusted when sending traffic to HTTPS endpoints
	OriginCaPool string `json:"originCaPool,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"auto","quic","http2"}
	// +kubebuilder:default:="auto"
	// Protocol specifies the protocol to use for the tunnel. Defaults to auto. Options are "auto", "quic" and "http2"
	Protocol string `json:"protocol,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="http_status:404"
	// FallbackTarget speficies the target for requests that do not match an ingress. Defaults to http_status:404
	FallbackTarget string `json:"fallbackTarget,omitempty"`

	// +kubebuilder:validation:Required
	// Cloudflare Credentials
	Cloudflare CloudflareDetails `json:"cloudflare,omitempty"`

	// +kubebuilder:validation:Optional
	// Existing tunnel object.
	// ExistingTunnel and NewTunnel cannot be both empty and are mutually exclusive.
	ExistingTunnel *ExistingTunnel `json:"existingTunnel,omitempty"`

	// +kubebuilder:validation:Optional
	// New tunnel object.
	// NewTunnel and ExistingTunnel cannot be both empty and are mutually exclusive.
	NewTunnel *NewTunnel `json:"newTunnel,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	// EnableWarpRouting enables WARP routing for this tunnel, allowing private network
	// access via WARP clients. When enabled, the tunnel can route traffic to private
	// IP ranges defined in NetworkRoute resources.
	EnableWarpRouting bool `json:"enableWarpRouting,omitempty"`
}

TunnelSpec defines the desired state of Tunnel

func (*TunnelSpec) DeepCopy 

func (in *TunnelSpec) DeepCopy() *TunnelSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelSpec.

func (*TunnelSpec) DeepCopyInto 

func (in *TunnelSpec) DeepCopyInto(out *TunnelSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelStatus 

type TunnelStatus struct {
	// TunnelId is the Cloudflare tunnel ID
	TunnelId string `json:"tunnelId"`

	// TunnelName is the Cloudflare tunnel name
	TunnelName string `json:"tunnelName"`

	// AccountId is the Cloudflare account ID
	AccountId string `json:"accountId"`

	// ZoneId is the Cloudflare zone ID (optional, for DNS features)
	ZoneId string `json:"zoneId"`

	// State represents the current state of the tunnel
	// +kubebuilder:validation:Enum=pending;creating;active;error;deleting
	State string `json:"state,omitempty"`

	// ObservedGeneration is the generation observed by the controller
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Conditions represent the latest available observations of the tunnel's state
	// +optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

TunnelStatus defines the observed state of Tunnel

func (*TunnelStatus) DeepCopy 

func (in *TunnelStatus) DeepCopy() *TunnelStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelStatus.

func (*TunnelStatus) DeepCopyInto 

func (in *TunnelStatus) DeepCopyInto(out *TunnelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetwork 

type VirtualNetwork struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VirtualNetworkSpec   `json:"spec,omitempty"`
	Status VirtualNetworkStatus `json:"status,omitempty"`
}

VirtualNetwork is the Schema for the virtualnetworks API. A VirtualNetwork represents a Cloudflare Zero Trust Virtual Network, which provides isolated private network address spaces for routing traffic through Cloudflare Tunnels.

func (*VirtualNetwork) DeepCopy 

func (in *VirtualNetwork) DeepCopy() *VirtualNetwork

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetwork.

func (*VirtualNetwork) DeepCopyInto 

func (in *VirtualNetwork) DeepCopyInto(out *VirtualNetwork)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VirtualNetwork) DeepCopyObject 

func (in *VirtualNetwork) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VirtualNetwork) GetVirtualNetworkName 

func (v *VirtualNetwork) GetVirtualNetworkName() string

GetVirtualNetworkName returns the name to use in Cloudflare. Uses spec.name if specified, otherwise falls back to metadata.name.

type VirtualNetworkList 

type VirtualNetworkList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VirtualNetwork `json:"items"`
}

VirtualNetworkList contains a list of VirtualNetwork

func (*VirtualNetworkList) DeepCopy 

func (in *VirtualNetworkList) DeepCopy() *VirtualNetworkList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkList.

func (*VirtualNetworkList) DeepCopyInto 

func (in *VirtualNetworkList) DeepCopyInto(out *VirtualNetworkList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VirtualNetworkList) DeepCopyObject 

func (in *VirtualNetworkList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VirtualNetworkRef 

type VirtualNetworkRef struct {
	// Name is the name of the VirtualNetwork resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

VirtualNetworkRef references a VirtualNetwork resource.

func (*VirtualNetworkRef) DeepCopy 

func (in *VirtualNetworkRef) DeepCopy() *VirtualNetworkRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkRef.

func (*VirtualNetworkRef) DeepCopyInto 

func (in *VirtualNetworkRef) DeepCopyInto(out *VirtualNetworkRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetworkSpec 

type VirtualNetworkSpec struct {
	// Name of the Virtual Network in Cloudflare.
	// If not specified, the Kubernetes resource name will be used.
	// +kubebuilder:validation:Optional
	Name string `json:"name,omitempty"`

	// Comment is an optional description for the Virtual Network.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// IsDefaultNetwork marks this Virtual Network as the default for the account.
	// Only one Virtual Network can be the default.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	IsDefaultNetwork bool `json:"isDefaultNetwork,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

VirtualNetworkSpec defines the desired state of VirtualNetwork

func (*VirtualNetworkSpec) DeepCopy 

func (in *VirtualNetworkSpec) DeepCopy() *VirtualNetworkSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkSpec.

func (*VirtualNetworkSpec) DeepCopyInto 

func (in *VirtualNetworkSpec) DeepCopyInto(out *VirtualNetworkSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetworkStatus 

type VirtualNetworkStatus struct {
	// VirtualNetworkId is the Cloudflare ID of the Virtual Network.
	// +kubebuilder:validation:Optional
	VirtualNetworkId string `json:"virtualNetworkId,omitempty"`

	// AccountId is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountId string `json:"accountId,omitempty"`

	// State indicates the current state of the Virtual Network (active, deleted, etc.).
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// IsDefault indicates whether this is the default Virtual Network for the account.
	// +kubebuilder:validation:Optional
	IsDefault bool `json:"isDefault,omitempty"`

	// Conditions represent the latest available observations of the VirtualNetwork's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

VirtualNetworkStatus defines the observed state of VirtualNetwork

func (*VirtualNetworkStatus) DeepCopy 

func (in *VirtualNetworkStatus) DeepCopy() *VirtualNetworkStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkStatus.

func (*VirtualNetworkStatus) DeepCopyInto 

func (in *VirtualNetworkStatus) DeepCopyInto(out *VirtualNetworkStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnector 

type WARPConnector struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   WARPConnectorSpec   `json:"spec,omitempty"`
	Status WARPConnectorStatus `json:"status,omitempty"`
}

WARPConnector is the Schema for the warpconnectors API.

func (*WARPConnector) DeepCopy 

func (in *WARPConnector) DeepCopy() *WARPConnector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnector.

func (*WARPConnector) DeepCopyInto 

func (in *WARPConnector) DeepCopyInto(out *WARPConnector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WARPConnector) DeepCopyObject 

func (in *WARPConnector) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*WARPConnector) GetConnectorName 

func (w *WARPConnector) GetConnectorName() string

GetConnectorName returns the name to use in Cloudflare.

type WARPConnectorList 

type WARPConnectorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []WARPConnector `json:"items"`
}

WARPConnectorList contains a list of WARPConnector

func (*WARPConnectorList) DeepCopy 

func (in *WARPConnectorList) DeepCopy() *WARPConnectorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorList.

func (*WARPConnectorList) DeepCopyInto 

func (in *WARPConnectorList) DeepCopyInto(out *WARPConnectorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WARPConnectorList) DeepCopyObject 

func (in *WARPConnectorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WARPConnectorRoute 

type WARPConnectorRoute struct {
	// Network is the CIDR of the network to route.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
	Network string `json:"network"`

	// Comment is an optional description.
	// +kubebuilder:validation:Optional
	Comment string `json:"comment,omitempty"`
}

WARPConnectorRoute defines a route to advertise.

func (*WARPConnectorRoute) DeepCopy 

func (in *WARPConnectorRoute) DeepCopy() *WARPConnectorRoute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorRoute.

func (*WARPConnectorRoute) DeepCopyInto 

func (in *WARPConnectorRoute) DeepCopyInto(out *WARPConnectorRoute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnectorSpec 

type WARPConnectorSpec struct {
	// Name of the WARP Connector in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Replicas is the number of connector instances.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	Replicas int32 `json:"replicas,omitempty"`

	// Image is the WARP connector container image.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="cloudflare/cloudflared:latest"
	Image string `json:"image,omitempty"`

	// VirtualNetworkRef references the VirtualNetwork for this connector.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Routes are the private network routes to advertise.
	// +kubebuilder:validation:Optional
	Routes []WARPConnectorRoute `json:"routes,omitempty"`

	// Resources defines compute resources.
	// +kubebuilder:validation:Optional
	Resources *ResourceRequirements `json:"resources,omitempty"`

	// NodeSelector for pod scheduling.
	// +kubebuilder:validation:Optional
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// Tolerations for pod scheduling.
	// +kubebuilder:validation:Optional
	Tolerations []Toleration `json:"tolerations,omitempty"`

	// ServiceAccount to use for the connector pods.
	// +kubebuilder:validation:Optional
	ServiceAccountName string `json:"serviceAccountName,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

WARPConnectorSpec defines the desired state of WARPConnector

func (*WARPConnectorSpec) DeepCopy 

func (in *WARPConnectorSpec) DeepCopy() *WARPConnectorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorSpec.

func (*WARPConnectorSpec) DeepCopyInto 

func (in *WARPConnectorSpec) DeepCopyInto(out *WARPConnectorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnectorStatus 

type WARPConnectorStatus struct {
	// ConnectorID is the Cloudflare WARP Connector ID.
	// +kubebuilder:validation:Optional
	ConnectorID string `json:"connectorId,omitempty"`

	// TunnelID is the underlying tunnel ID.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// VirtualNetworkID is the Cloudflare VirtualNetwork ID used for routes.
	// This is saved to enable proper route deletion during cleanup.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ReadyReplicas is the number of ready connector pods.
	// +kubebuilder:validation:Optional
	ReadyReplicas int32 `json:"readyReplicas,omitempty"`

	// RoutesConfigured is the number of routes configured.
	// +kubebuilder:validation:Optional
	RoutesConfigured int `json:"routesConfigured,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

WARPConnectorStatus defines the observed state

func (*WARPConnectorStatus) DeepCopy 

func (in *WARPConnectorStatus) DeepCopy() *WARPConnectorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorStatus.

func (*WARPConnectorStatus) DeepCopyInto 

func (in *WARPConnectorStatus) DeepCopyInto(out *WARPConnectorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.