v1alpha2

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package v1alpha2 contains API Schema definitions for the networking v1alpha2 API group. +kubebuilder:object:generate=true +groupName=networking.cloudflare-operator.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "networking.cloudflare-operator.io", Version: "v1alpha2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AccessApplication 

type AccessApplication struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessApplicationSpec   `json:"spec,omitempty"`
	Status AccessApplicationStatus `json:"status,omitempty"`
}

AccessApplication is the Schema for the accessapplications API. An AccessApplication represents a Cloudflare Access Application, which protects internal resources with Zero Trust policies.

func (*AccessApplication) DeepCopy 

func (in *AccessApplication) DeepCopy() *AccessApplication

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplication.

func (*AccessApplication) DeepCopyInto 

func (in *AccessApplication) DeepCopyInto(out *AccessApplication)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessApplication) DeepCopyObject 

func (in *AccessApplication) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessApplication) GetAccessApplicationName 

func (a *AccessApplication) GetAccessApplicationName() string

GetAccessApplicationName returns the name to use in Cloudflare.

type AccessApplicationList 

type AccessApplicationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessApplication `json:"items"`
}

AccessApplicationList contains a list of AccessApplication

func (*AccessApplicationList) DeepCopy 

func (in *AccessApplicationList) DeepCopy() *AccessApplicationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationList.

func (*AccessApplicationList) DeepCopyInto 

func (in *AccessApplicationList) DeepCopyInto(out *AccessApplicationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessApplicationList) DeepCopyObject 

func (in *AccessApplicationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessApplicationSpec 

type AccessApplicationSpec struct {
	// Name of the Access Application in Cloudflare.
	// If not specified, the Kubernetes resource name will be used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Domain is the primary domain/URL for the application.
	// +kubebuilder:validation:Required
	Domain string `json:"domain"`

	// Type is the application type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=self_hosted;saas;ssh;vnc;app_launcher;warp;biso;bookmark;dash_sso
	// +kubebuilder:default=self_hosted
	Type string `json:"type"`

	// SessionDuration is the amount of time that the token is valid for.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="24h"
	SessionDuration string `json:"sessionDuration,omitempty"`

	// AllowedIdps is the list of identity provider IDs allowed for this application.
	// +kubebuilder:validation:Optional
	AllowedIdps []string `json:"allowedIdps,omitempty"`

	// AllowedIdpRefs references AccessIdentityProvider resources by name.
	// +kubebuilder:validation:Optional
	AllowedIdpRefs []AccessIdentityProviderRef `json:"allowedIdpRefs,omitempty"`

	// AutoRedirectToIdentity enables automatic redirect to the identity provider.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AutoRedirectToIdentity bool `json:"autoRedirectToIdentity,omitempty"`

	// EnableBindingCookie enables the binding cookie.
	// +kubebuilder:validation:Optional
	EnableBindingCookie *bool `json:"enableBindingCookie,omitempty"`

	// HttpOnlyCookieAttribute sets the HttpOnly attribute on the cookie.
	// +kubebuilder:validation:Optional
	HttpOnlyCookieAttribute *bool `json:"httpOnlyCookieAttribute,omitempty"`

	// SameSiteCookieAttribute sets the SameSite attribute on the cookie.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=strict;lax;none
	SameSiteCookieAttribute string `json:"sameSiteCookieAttribute,omitempty"`

	// LogoURL is the URL of the application logo.
	// +kubebuilder:validation:Optional
	LogoURL string `json:"logoUrl,omitempty"`

	// SkipInterstitial skips the interstitial page.
	// +kubebuilder:validation:Optional
	SkipInterstitial *bool `json:"skipInterstitial,omitempty"`

	// AppLauncherVisible shows the application in the App Launcher.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AppLauncherVisible *bool `json:"appLauncherVisible,omitempty"`

	// ServiceAuth401Redirect redirects unauthorized service auth requests.
	// +kubebuilder:validation:Optional
	ServiceAuth401Redirect *bool `json:"serviceAuth401Redirect,omitempty"`

	// CustomDenyMessage is a custom message shown when access is denied.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1024
	CustomDenyMessage string `json:"customDenyMessage,omitempty"`

	// CustomDenyURL is a custom URL to redirect to when access is denied.
	// +kubebuilder:validation:Optional
	CustomDenyURL string `json:"customDenyUrl,omitempty"`

	// AllowAuthenticateViaWarp allows authentication via WARP.
	// +kubebuilder:validation:Optional
	AllowAuthenticateViaWarp *bool `json:"allowAuthenticateViaWarp,omitempty"`

	// Tags are custom tags for the application.
	// +kubebuilder:validation:Optional
	Tags []string `json:"tags,omitempty"`

	// Policies defines the access policies for this application.
	// +kubebuilder:validation:Optional
	Policies []AccessPolicyRef `json:"policies,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessApplicationSpec defines the desired state of AccessApplication

func (*AccessApplicationSpec) DeepCopy 

func (in *AccessApplicationSpec) DeepCopy() *AccessApplicationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationSpec.

func (*AccessApplicationSpec) DeepCopyInto 

func (in *AccessApplicationSpec) DeepCopyInto(out *AccessApplicationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessApplicationStatus 

type AccessApplicationStatus struct {
	// ApplicationID is the Cloudflare ID of the Access Application.
	// +kubebuilder:validation:Optional
	ApplicationID string `json:"applicationId,omitempty"`

	// AUD is the Application Audience (AUD) Tag.
	// +kubebuilder:validation:Optional
	AUD string `json:"aud,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// Domain is the configured domain.
	// +kubebuilder:validation:Optional
	Domain string `json:"domain,omitempty"`

	// State indicates the current state of the application.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// ResolvedPolicies contains the resolved policy information for each policy.
	// This helps with debugging and understanding policy state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=precedence
	ResolvedPolicies []ResolvedPolicyStatus `json:"resolvedPolicies,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessApplicationStatus defines the observed state of AccessApplication

func (*AccessApplicationStatus) DeepCopy 

func (in *AccessApplicationStatus) DeepCopy() *AccessApplicationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationStatus.

func (*AccessApplicationStatus) DeepCopyInto 

func (in *AccessApplicationStatus) DeepCopyInto(out *AccessApplicationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroup 

type AccessGroup struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessGroupSpec   `json:"spec,omitempty"`
	Status AccessGroupStatus `json:"status,omitempty"`
}

AccessGroup is the Schema for the accessgroups API.

func (*AccessGroup) DeepCopy 

func (in *AccessGroup) DeepCopy() *AccessGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroup.

func (*AccessGroup) DeepCopyInto 

func (in *AccessGroup) DeepCopyInto(out *AccessGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessGroup) DeepCopyObject 

func (in *AccessGroup) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessGroup) GetAccessGroupName 

func (a *AccessGroup) GetAccessGroupName() string

GetAccessGroupName returns the name to use in Cloudflare.

type AccessGroupAzureRule 

type AccessGroupAzureRule struct {
	ID                 string `json:"id"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupAzureRule matches Azure AD users.

func (*AccessGroupAzureRule) DeepCopy 

func (in *AccessGroupAzureRule) DeepCopy() *AccessGroupAzureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupAzureRule.

func (*AccessGroupAzureRule) DeepCopyInto 

func (in *AccessGroupAzureRule) DeepCopyInto(out *AccessGroupAzureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupCommonNameRule 

type AccessGroupCommonNameRule struct {
	CommonName string `json:"commonName"`
}

AccessGroupCommonNameRule matches certificate common names.

func (*AccessGroupCommonNameRule) DeepCopy 

func (in *AccessGroupCommonNameRule) DeepCopy() *AccessGroupCommonNameRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCommonNameRule.

func (*AccessGroupCommonNameRule) DeepCopyInto 

func (in *AccessGroupCommonNameRule) DeepCopyInto(out *AccessGroupCommonNameRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupCountryRule 

type AccessGroupCountryRule struct {
	Country []string `json:"country"`
}

AccessGroupCountryRule matches countries.

func (*AccessGroupCountryRule) DeepCopy 

func (in *AccessGroupCountryRule) DeepCopy() *AccessGroupCountryRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCountryRule.

func (*AccessGroupCountryRule) DeepCopyInto 

func (in *AccessGroupCountryRule) DeepCopyInto(out *AccessGroupCountryRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupDevicePostureRule 

type AccessGroupDevicePostureRule struct {
	IntegrationUID string `json:"integrationUid"`
}

AccessGroupDevicePostureRule matches device posture.

func (*AccessGroupDevicePostureRule) DeepCopy 

func (in *AccessGroupDevicePostureRule) DeepCopy() *AccessGroupDevicePostureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupDevicePostureRule.

func (*AccessGroupDevicePostureRule) DeepCopyInto 

func (in *AccessGroupDevicePostureRule) DeepCopyInto(out *AccessGroupDevicePostureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupEmailDomainRule 

type AccessGroupEmailDomainRule struct {
	Domain string `json:"domain"`
}

AccessGroupEmailDomainRule matches emails from a domain.

func (*AccessGroupEmailDomainRule) DeepCopy 

func (in *AccessGroupEmailDomainRule) DeepCopy() *AccessGroupEmailDomainRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailDomainRule.

func (*AccessGroupEmailDomainRule) DeepCopyInto 

func (in *AccessGroupEmailDomainRule) DeepCopyInto(out *AccessGroupEmailDomainRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupEmailRule 

type AccessGroupEmailRule struct {
	Email string `json:"email"`
}

AccessGroupEmailRule matches a specific email.

func (*AccessGroupEmailRule) DeepCopy 

func (in *AccessGroupEmailRule) DeepCopy() *AccessGroupEmailRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailRule.

func (*AccessGroupEmailRule) DeepCopyInto 

func (in *AccessGroupEmailRule) DeepCopyInto(out *AccessGroupEmailRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupExternalEvaluationRule 

type AccessGroupExternalEvaluationRule struct {
	EvaluateURL string `json:"evaluateUrl"`
	KeysURL     string `json:"keysUrl"`
}

AccessGroupExternalEvaluationRule calls external endpoint.

func (*AccessGroupExternalEvaluationRule) DeepCopy 

func (in *AccessGroupExternalEvaluationRule) DeepCopy() *AccessGroupExternalEvaluationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupExternalEvaluationRule.

func (*AccessGroupExternalEvaluationRule) DeepCopyInto 

func (in *AccessGroupExternalEvaluationRule) DeepCopyInto(out *AccessGroupExternalEvaluationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGSuiteRule 

type AccessGroupGSuiteRule struct {
	Email              string `json:"email"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupGSuiteRule matches Google Workspace users.

func (*AccessGroupGSuiteRule) DeepCopy 

func (in *AccessGroupGSuiteRule) DeepCopy() *AccessGroupGSuiteRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGSuiteRule.

func (*AccessGroupGSuiteRule) DeepCopyInto 

func (in *AccessGroupGSuiteRule) DeepCopyInto(out *AccessGroupGSuiteRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGitHubRule 

type AccessGroupGitHubRule struct {
	Name               string   `json:"name"`
	IdentityProviderID string   `json:"identityProviderId"`
	Teams              []string `json:"teams,omitempty"`
}

AccessGroupGitHubRule matches GitHub users.

func (*AccessGroupGitHubRule) DeepCopy 

func (in *AccessGroupGitHubRule) DeepCopy() *AccessGroupGitHubRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGitHubRule.

func (*AccessGroupGitHubRule) DeepCopyInto 

func (in *AccessGroupGitHubRule) DeepCopyInto(out *AccessGroupGitHubRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupGroupRule 

type AccessGroupGroupRule struct {
	ID string `json:"id"`
}

AccessGroupGroupRule matches IdP groups.

func (*AccessGroupGroupRule) DeepCopy 

func (in *AccessGroupGroupRule) DeepCopy() *AccessGroupGroupRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGroupRule.

func (*AccessGroupGroupRule) DeepCopyInto 

func (in *AccessGroupGroupRule) DeepCopyInto(out *AccessGroupGroupRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupIPRangesRule 

type AccessGroupIPRangesRule struct {
	IP []string `json:"ip"`
}

AccessGroupIPRangesRule matches IP ranges.

func (*AccessGroupIPRangesRule) DeepCopy 

func (in *AccessGroupIPRangesRule) DeepCopy() *AccessGroupIPRangesRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupIPRangesRule.

func (*AccessGroupIPRangesRule) DeepCopyInto 

func (in *AccessGroupIPRangesRule) DeepCopyInto(out *AccessGroupIPRangesRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupList 

type AccessGroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessGroup `json:"items"`
}

AccessGroupList contains a list of AccessGroup

func (*AccessGroupList) DeepCopy 

func (in *AccessGroupList) DeepCopy() *AccessGroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupList.

func (*AccessGroupList) DeepCopyInto 

func (in *AccessGroupList) DeepCopyInto(out *AccessGroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessGroupList) DeepCopyObject 

func (in *AccessGroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessGroupOIDCRule 

type AccessGroupOIDCRule struct {
	ClaimName          string `json:"claimName"`
	ClaimValue         string `json:"claimValue"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupOIDCRule matches OIDC claims.

func (*AccessGroupOIDCRule) DeepCopy 

func (in *AccessGroupOIDCRule) DeepCopy() *AccessGroupOIDCRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupOIDCRule.

func (*AccessGroupOIDCRule) DeepCopyInto 

func (in *AccessGroupOIDCRule) DeepCopyInto(out *AccessGroupOIDCRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupRule 

type AccessGroupRule struct {
	// Email matches a specific email address.
	// +kubebuilder:validation:Optional
	Email *AccessGroupEmailRule `json:"email,omitempty"`

	// EmailDomain matches all emails from a domain.
	// +kubebuilder:validation:Optional
	EmailDomain *AccessGroupEmailDomainRule `json:"emailDomain,omitempty"`

	// Everyone matches all users.
	// +kubebuilder:validation:Optional
	Everyone bool `json:"everyone,omitempty"`

	// IPRanges matches users from specific IP ranges.
	// +kubebuilder:validation:Optional
	IPRanges *AccessGroupIPRangesRule `json:"ipRanges,omitempty"`

	// Country matches users from specific countries.
	// +kubebuilder:validation:Optional
	Country *AccessGroupCountryRule `json:"country,omitempty"`

	// Group matches users in a specific IdP group.
	// +kubebuilder:validation:Optional
	Group *AccessGroupGroupRule `json:"group,omitempty"`

	// ServiceToken matches requests with a specific service token.
	// +kubebuilder:validation:Optional
	ServiceToken *AccessGroupServiceTokenRule `json:"serviceToken,omitempty"`

	// AnyValidServiceToken matches any valid service token.
	// +kubebuilder:validation:Optional
	AnyValidServiceToken bool `json:"anyValidServiceToken,omitempty"`

	// Certificate matches requests with a valid mTLS certificate.
	// +kubebuilder:validation:Optional
	Certificate bool `json:"certificate,omitempty"`

	// CommonName matches mTLS certificates with a specific common name.
	// +kubebuilder:validation:Optional
	CommonName *AccessGroupCommonNameRule `json:"commonName,omitempty"`

	// DevicePosture matches devices that pass posture checks.
	// +kubebuilder:validation:Optional
	DevicePosture *AccessGroupDevicePostureRule `json:"devicePosture,omitempty"`

	// GSUITE matches users from Google Workspace.
	// +kubebuilder:validation:Optional
	GSuite *AccessGroupGSuiteRule `json:"gsuite,omitempty"`

	// GitHub matches users from GitHub organizations.
	// +kubebuilder:validation:Optional
	GitHub *AccessGroupGitHubRule `json:"github,omitempty"`

	// Azure matches users from Azure AD groups.
	// +kubebuilder:validation:Optional
	Azure *AccessGroupAzureRule `json:"azure,omitempty"`

	// OIDC matches users based on OIDC claims.
	// +kubebuilder:validation:Optional
	OIDC *AccessGroupOIDCRule `json:"oidc,omitempty"`

	// SAML matches users based on SAML attributes.
	// +kubebuilder:validation:Optional
	SAML *AccessGroupSAMLRule `json:"saml,omitempty"`

	// ExternalEvaluation calls an external endpoint for evaluation.
	// +kubebuilder:validation:Optional
	ExternalEvaluation *AccessGroupExternalEvaluationRule `json:"externalEvaluation,omitempty"`
}

AccessGroupRule defines a single rule in an Access Group.

func (*AccessGroupRule) DeepCopy 

func (in *AccessGroupRule) DeepCopy() *AccessGroupRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupRule.

func (*AccessGroupRule) DeepCopyInto 

func (in *AccessGroupRule) DeepCopyInto(out *AccessGroupRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupSAMLRule 

type AccessGroupSAMLRule struct {
	AttributeName      string `json:"attributeName"`
	AttributeValue     string `json:"attributeValue"`
	IdentityProviderID string `json:"identityProviderId"`
}

AccessGroupSAMLRule matches SAML attributes.

func (*AccessGroupSAMLRule) DeepCopy 

func (in *AccessGroupSAMLRule) DeepCopy() *AccessGroupSAMLRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSAMLRule.

func (*AccessGroupSAMLRule) DeepCopyInto 

func (in *AccessGroupSAMLRule) DeepCopyInto(out *AccessGroupSAMLRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupServiceTokenRule 

type AccessGroupServiceTokenRule struct {
	TokenID string `json:"tokenId"`
}

AccessGroupServiceTokenRule matches a service token.

func (*AccessGroupServiceTokenRule) DeepCopy 

func (in *AccessGroupServiceTokenRule) DeepCopy() *AccessGroupServiceTokenRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupServiceTokenRule.

func (*AccessGroupServiceTokenRule) DeepCopyInto 

func (in *AccessGroupServiceTokenRule) DeepCopyInto(out *AccessGroupServiceTokenRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupSpec 

type AccessGroupSpec struct {
	// Name of the Access Group in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Include defines rules that users must match to be included.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Include []AccessGroupRule `json:"include"`

	// Exclude defines rules that exclude users even if they match include rules.
	// +kubebuilder:validation:Optional
	Exclude []AccessGroupRule `json:"exclude,omitempty"`

	// Require defines rules that all users must match in addition to include rules.
	// +kubebuilder:validation:Optional
	Require []AccessGroupRule `json:"require,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessGroupSpec defines the desired state of AccessGroup

func (*AccessGroupSpec) DeepCopy 

func (in *AccessGroupSpec) DeepCopy() *AccessGroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSpec.

func (*AccessGroupSpec) DeepCopyInto 

func (in *AccessGroupSpec) DeepCopyInto(out *AccessGroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessGroupStatus 

type AccessGroupStatus struct {
	// GroupID is the Cloudflare ID of the Access Group.
	// +kubebuilder:validation:Optional
	GroupID string `json:"groupId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessGroupStatus defines the observed state of AccessGroup

func (*AccessGroupStatus) DeepCopy 

func (in *AccessGroupStatus) DeepCopy() *AccessGroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupStatus.

func (*AccessGroupStatus) DeepCopyInto 

func (in *AccessGroupStatus) DeepCopyInto(out *AccessGroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProvider 

type AccessIdentityProvider struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessIdentityProviderSpec   `json:"spec,omitempty"`
	Status AccessIdentityProviderStatus `json:"status,omitempty"`
}

AccessIdentityProvider is the Schema for the accessidentityproviders API.

func (*AccessIdentityProvider) DeepCopy 

func (in *AccessIdentityProvider) DeepCopy() *AccessIdentityProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProvider.

func (*AccessIdentityProvider) DeepCopyInto 

func (in *AccessIdentityProvider) DeepCopyInto(out *AccessIdentityProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessIdentityProvider) DeepCopyObject 

func (in *AccessIdentityProvider) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessIdentityProvider) GetProviderName 

func (a *AccessIdentityProvider) GetProviderName() string

GetProviderName returns the name to use in Cloudflare.

type AccessIdentityProviderList 

type AccessIdentityProviderList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessIdentityProvider `json:"items"`
}

AccessIdentityProviderList contains a list of AccessIdentityProvider

func (*AccessIdentityProviderList) DeepCopy 

func (in *AccessIdentityProviderList) DeepCopy() *AccessIdentityProviderList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderList.

func (*AccessIdentityProviderList) DeepCopyInto 

func (in *AccessIdentityProviderList) DeepCopyInto(out *AccessIdentityProviderList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessIdentityProviderList) DeepCopyObject 

func (in *AccessIdentityProviderList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessIdentityProviderRef 

type AccessIdentityProviderRef struct {
	// Name is the name of the AccessIdentityProvider resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

AccessIdentityProviderRef references an AccessIdentityProvider resource.

func (*AccessIdentityProviderRef) DeepCopy 

func (in *AccessIdentityProviderRef) DeepCopy() *AccessIdentityProviderRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderRef.

func (*AccessIdentityProviderRef) DeepCopyInto 

func (in *AccessIdentityProviderRef) DeepCopyInto(out *AccessIdentityProviderRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProviderSpec 

type AccessIdentityProviderSpec struct {
	// Name of the Identity Provider in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Type is the identity provider type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=onetimepin;azureAD;saml;centrify;facebook;github;google-apps;google;linkedin;oidc;okta;onelogin;pingone;yandex
	Type string `json:"type"`

	// Config contains provider-specific configuration.
	// +kubebuilder:validation:Optional
	Config *IdentityProviderConfig `json:"config,omitempty"`

	// ConfigSecretRef references a Secret containing sensitive config values.
	// +kubebuilder:validation:Optional
	ConfigSecretRef *SecretKeySelector `json:"configSecretRef,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessIdentityProviderSpec defines the desired state of AccessIdentityProvider

func (*AccessIdentityProviderSpec) DeepCopy 

func (in *AccessIdentityProviderSpec) DeepCopy() *AccessIdentityProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderSpec.

func (*AccessIdentityProviderSpec) DeepCopyInto 

func (in *AccessIdentityProviderSpec) DeepCopyInto(out *AccessIdentityProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessIdentityProviderStatus 

type AccessIdentityProviderStatus struct {
	// ProviderID is the Cloudflare ID.
	// +kubebuilder:validation:Optional
	ProviderID string `json:"providerId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessIdentityProviderStatus defines the observed state

func (*AccessIdentityProviderStatus) DeepCopy 

func (in *AccessIdentityProviderStatus) DeepCopy() *AccessIdentityProviderStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderStatus.

func (*AccessIdentityProviderStatus) DeepCopyInto 

func (in *AccessIdentityProviderStatus) DeepCopyInto(out *AccessIdentityProviderStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessPolicyRef 

type AccessPolicyRef struct {
	// Name is the name of an AccessGroup resource (Kubernetes) to use as a policy.
	// If specified, the controller will look up the AccessGroup CR and use its GroupID.
	// Mutually exclusive with groupId and cloudflareGroupName.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name,omitempty"`

	// GroupID is the UUID of an existing Cloudflare Access Group.
	// Use this to directly reference a Cloudflare-managed Access Group
	// without creating a corresponding Kubernetes AccessGroup resource.
	// Mutually exclusive with name and cloudflareGroupName.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern=`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`
	GroupID string `json:"groupId,omitempty"`

	// CloudflareGroupName is the display name of an existing Cloudflare Access Group.
	// The controller will resolve this name to a GroupID via the Cloudflare API.
	// Use this when you want to reference a Cloudflare Access Group by name
	// (e.g., groups created via Terraform or the Cloudflare dashboard).
	// Mutually exclusive with name and groupId.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	CloudflareGroupName string `json:"cloudflareGroupName,omitempty"`

	// Decision is the policy decision (allow, deny, bypass, non_identity).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=allow;deny;bypass;non_identity
	// +kubebuilder:default=allow
	Decision string `json:"decision,omitempty"`

	// Precedence is the order of evaluation. Lower numbers are evaluated first.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	Precedence int `json:"precedence,omitempty"`

	// PolicyName is the name for this policy in Cloudflare.
	// If not specified, a name will be auto-generated based on the AccessApplication name and precedence.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	PolicyName string `json:"policyName,omitempty"`

	// SessionDuration overrides the application's session duration for this policy.
	// +kubebuilder:validation:Optional
	SessionDuration string `json:"sessionDuration,omitempty"`
}

AccessPolicyRef references an access policy or defines an inline policy. Exactly one of name, groupId, or cloudflareGroupName must be specified.

func (*AccessPolicyRef) DeepCopy 

func (in *AccessPolicyRef) DeepCopy() *AccessPolicyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyRef.

func (*AccessPolicyRef) DeepCopyInto 

func (in *AccessPolicyRef) DeepCopyInto(out *AccessPolicyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessServiceToken 

type AccessServiceToken struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessServiceTokenSpec   `json:"spec,omitempty"`
	Status AccessServiceTokenStatus `json:"status,omitempty"`
}

AccessServiceToken is the Schema for the accessservicetokens API.

func (*AccessServiceToken) DeepCopy 

func (in *AccessServiceToken) DeepCopy() *AccessServiceToken

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceToken.

func (*AccessServiceToken) DeepCopyInto 

func (in *AccessServiceToken) DeepCopyInto(out *AccessServiceToken)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessServiceToken) DeepCopyObject 

func (in *AccessServiceToken) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessServiceToken) GetTokenName 

func (a *AccessServiceToken) GetTokenName() string

GetTokenName returns the name to use in Cloudflare.

type AccessServiceTokenList 

type AccessServiceTokenList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessServiceToken `json:"items"`
}

AccessServiceTokenList contains a list of AccessServiceToken

func (*AccessServiceTokenList) DeepCopy 

func (in *AccessServiceTokenList) DeepCopy() *AccessServiceTokenList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenList.

func (*AccessServiceTokenList) DeepCopyInto 

func (in *AccessServiceTokenList) DeepCopyInto(out *AccessServiceTokenList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessServiceTokenList) DeepCopyObject 

func (in *AccessServiceTokenList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessServiceTokenSpec 

type AccessServiceTokenSpec struct {
	// Name of the Service Token in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Duration is the validity duration (e.g., "8760h" for 1 year, "forever").
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="8760h"
	Duration string `json:"duration,omitempty"`

	// SecretRef is where to store the generated token credentials.
	// +kubebuilder:validation:Required
	SecretRef ServiceTokenSecretRef `json:"secretRef"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

AccessServiceTokenSpec defines the desired state of AccessServiceToken

func (*AccessServiceTokenSpec) DeepCopy 

func (in *AccessServiceTokenSpec) DeepCopy() *AccessServiceTokenSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenSpec.

func (*AccessServiceTokenSpec) DeepCopyInto 

func (in *AccessServiceTokenSpec) DeepCopyInto(out *AccessServiceTokenSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessServiceTokenStatus 

type AccessServiceTokenStatus struct {
	// TokenID is the Cloudflare Service Token ID.
	// +kubebuilder:validation:Optional
	TokenID string `json:"tokenId,omitempty"`

	// ClientID is the Service Token Client ID.
	// +kubebuilder:validation:Optional
	ClientID string `json:"clientId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ExpiresAt is when the token expires.
	// +kubebuilder:validation:Optional
	ExpiresAt string `json:"expiresAt,omitempty"`

	// SecretName is the name of the Secret containing credentials.
	// +kubebuilder:validation:Optional
	SecretName string `json:"secretName,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

AccessServiceTokenStatus defines the observed state

func (*AccessServiceTokenStatus) DeepCopy 

func (in *AccessServiceTokenStatus) DeepCopy() *AccessServiceTokenStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenStatus.

func (*AccessServiceTokenStatus) DeepCopyInto 

func (in *AccessServiceTokenStatus) DeepCopyInto(out *AccessServiceTokenStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActivityLogSettings 

type ActivityLogSettings struct {
	Enabled bool `json:"enabled"`
}

ActivityLogSettings for activity logging.

func (*ActivityLogSettings) DeepCopy 

func (in *ActivityLogSettings) DeepCopy() *ActivityLogSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActivityLogSettings.

func (*ActivityLogSettings) DeepCopyInto 

func (in *ActivityLogSettings) DeepCopyInto(out *ActivityLogSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AntiVirusSettings 

type AntiVirusSettings struct {
	Enabled              bool                  `json:"enabled"`
	EnabledDownloadPhase bool                  `json:"enabledDownloadPhase,omitempty"`
	EnabledUploadPhase   bool                  `json:"enabledUploadPhase,omitempty"`
	FailClosed           bool                  `json:"failClosed,omitempty"`
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}

AntiVirusSettings for AV scanning.

func (*AntiVirusSettings) DeepCopy 

func (in *AntiVirusSettings) DeepCopy() *AntiVirusSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntiVirusSettings.

func (*AntiVirusSettings) DeepCopyInto 

func (in *AntiVirusSettings) DeepCopyInto(out *AntiVirusSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuditSSHSettings 

type AuditSSHSettings struct {
	CommandLogging bool `json:"commandLogging"`
}

AuditSSHSettings for SSH auditing.

func (*AuditSSHSettings) DeepCopy 

func (in *AuditSSHSettings) DeepCopy() *AuditSSHSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSSHSettings.

func (*AuditSSHSettings) DeepCopyInto 

func (in *AuditSSHSettings) DeepCopyInto(out *AuditSSHSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthenticatedOriginPullConfig added in v0.20.0 

type AuthenticatedOriginPullConfig struct {
	// Enabled enables authenticated origin pulls (mTLS)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Enabled bool `json:"enabled,omitempty"`

	// CertificateSecretRef references a Secret containing custom client certificate
	// If not specified, Cloudflare's default certificate will be used
	// +kubebuilder:validation:Optional
	CertificateSecretRef *SecretReference `json:"certificateSecretRef,omitempty"`
}

AuthenticatedOriginPullConfig configures client certificate authentication

func (*AuthenticatedOriginPullConfig) DeepCopy added in v0.20.0 

func (in *AuthenticatedOriginPullConfig) DeepCopy() *AuthenticatedOriginPullConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatedOriginPullConfig.

func (*AuthenticatedOriginPullConfig) DeepCopyInto added in v0.20.0 

func (in *AuthenticatedOriginPullConfig) DeepCopyInto(out *AuthenticatedOriginPullConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AutoPopulateConfig 

type AutoPopulateConfig struct {
	// Enabled enables automatic population from NetworkRoute resources.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Enabled bool `json:"enabled,omitempty"`

	// LabelSelector selects which NetworkRoute resources to include.
	// If empty, all NetworkRoute resources are included.
	// +kubebuilder:validation:Optional
	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`

	// DescriptionPrefix is prepended to auto-generated descriptions.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="Auto-populated from NetworkRoute: "
	DescriptionPrefix string `json:"descriptionPrefix,omitempty"`
}

AutoPopulateConfig configures automatic population of split tunnel entries.

func (*AutoPopulateConfig) DeepCopy 

func (in *AutoPopulateConfig) DeepCopy() *AutoPopulateConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoPopulateConfig.

func (*AutoPopulateConfig) DeepCopyInto 

func (in *AutoPopulateConfig) DeepCopyInto(out *AutoPopulateConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BISOAdminControls 

type BISOAdminControls struct {
	DisablePrinting             *bool `json:"disablePrinting,omitempty"`
	DisableCopyPaste            *bool `json:"disableCopyPaste,omitempty"`
	DisableDownload             *bool `json:"disableDownload,omitempty"`
	DisableUpload               *bool `json:"disableUpload,omitempty"`
	DisableKeyboard             *bool `json:"disableKeyboard,omitempty"`
	DisableClipboardRedirection *bool `json:"disableClipboardRedirection,omitempty"`
}

BISOAdminControls for browser isolation.

func (*BISOAdminControls) DeepCopy 

func (in *BISOAdminControls) DeepCopy() *BISOAdminControls

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BISOAdminControls.

func (*BISOAdminControls) DeepCopyInto 

func (in *BISOAdminControls) DeepCopyInto(out *BISOAdminControls)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BlockPageSettings 

type BlockPageSettings struct {
	Enabled         bool   `json:"enabled"`
	Name            string `json:"name,omitempty"`
	FooterText      string `json:"footerText,omitempty"`
	HeaderText      string `json:"headerText,omitempty"`
	LogoPath        string `json:"logoPath,omitempty"`
	BackgroundColor string `json:"backgroundColor,omitempty"`
	MailtoAddress   string `json:"mailtoAddress,omitempty"`
	MailtoSubject   string `json:"mailtoSubject,omitempty"`
	SuppressFooter  bool   `json:"suppressFooter,omitempty"`
}

BlockPageSettings for block page customization.

func (*BlockPageSettings) DeepCopy 

func (in *BlockPageSettings) DeepCopy() *BlockPageSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockPageSettings.

func (*BlockPageSettings) DeepCopyInto 

func (in *BlockPageSettings) DeepCopyInto(out *BlockPageSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BodyScanningSettings 

type BodyScanningSettings struct {
	InspectionMode string `json:"inspectionMode,omitempty"` // deep, shallow
}

BodyScanningSettings for body scanning.

func (*BodyScanningSettings) DeepCopy 

func (in *BodyScanningSettings) DeepCopy() *BodyScanningSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyScanningSettings.

func (*BodyScanningSettings) DeepCopyInto 

func (in *BodyScanningSettings) DeepCopyInto(out *BodyScanningSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BrowserIsolationSettings 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool `json:"urlBrowserIsolationEnabled,omitempty"`
	NonIdentityEnabled         bool `json:"nonIdentityEnabled,omitempty"`
}

BrowserIsolationSettings for browser isolation.

func (*BrowserIsolationSettings) DeepCopy 

func (in *BrowserIsolationSettings) DeepCopy() *BrowserIsolationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrowserIsolationSettings.

func (*BrowserIsolationSettings) DeepCopyInto 

func (in *BrowserIsolationSettings) DeepCopyInto(out *BrowserIsolationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CacheConfig added in v0.20.0 

type CacheConfig struct {
	// BrowserTTL sets the browser cache TTL in seconds
	// Minimum: 0 (respect origin), Maximum: 31536000 (1 year)
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=31536000
	BrowserTTL *int `json:"browserTTL,omitempty"`

	// DevelopmentMode temporarily bypasses cache for development
	// Automatically disables after 3 hours
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DevelopmentMode bool `json:"developmentMode,omitempty"`

	// CacheLevel sets the cache level
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=aggressive
	CacheLevel CacheLevel `json:"cacheLevel,omitempty"`

	// TieredCache configures tiered caching
	// +kubebuilder:validation:Optional
	TieredCache *TieredCacheConfig `json:"tieredCache,omitempty"`

	// CacheReserve configures persistent cache storage
	// +kubebuilder:validation:Optional
	CacheReserve *CacheReserveConfig `json:"cacheReserve,omitempty"`

	// AlwaysOnline serves stale content when origin is unavailable
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AlwaysOnline *bool `json:"alwaysOnline,omitempty"`

	// CacheByDeviceType caches content separately for mobile/desktop
	// Requires Enterprise plan
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	CacheByDeviceType bool `json:"cacheByDeviceType,omitempty"`

	// SortQueryStringForCache treats query strings with same parameters
	// but different order as the same for caching purposes
	// Requires Enterprise plan
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	SortQueryStringForCache bool `json:"sortQueryStringForCache,omitempty"`
}

CacheConfig defines caching settings for a domain

func (*CacheConfig) DeepCopy added in v0.20.0 

func (in *CacheConfig) DeepCopy() *CacheConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheConfig.

func (*CacheConfig) DeepCopyInto added in v0.20.0 

func (in *CacheConfig) DeepCopyInto(out *CacheConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CacheLevel added in v0.20.0 

type CacheLevel string

CacheLevel represents cache level settings +kubebuilder:validation:Enum=bypass;basic;simplified;aggressive 

const (
	CacheLevelBypass     CacheLevel = "bypass"
	CacheLevelBasic      CacheLevel = "basic"
	CacheLevelSimplified CacheLevel = "simplified"
	CacheLevelAggressive CacheLevel = "aggressive"
)

type CacheReserveConfig added in v0.20.0 

type CacheReserveConfig struct {
	// Enabled enables Cache Reserve
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Enabled bool `json:"enabled,omitempty"`
}

CacheReserveConfig configures Cache Reserve (persistent cache)

func (*CacheReserveConfig) DeepCopy added in v0.20.0 

func (in *CacheReserveConfig) DeepCopy() *CacheReserveConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheReserveConfig.

func (*CacheReserveConfig) DeepCopyInto added in v0.20.0 

func (in *CacheReserveConfig) DeepCopyInto(out *CacheReserveConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateRequestType added in v0.20.0 

type CertificateRequestType string

CertificateRequestType represents the type of certificate to request +kubebuilder:validation:Enum=origin-rsa;origin-ecc 

const (
	// CertificateRequestTypeOriginRSA requests an RSA certificate
	CertificateRequestTypeOriginRSA CertificateRequestType = "origin-rsa"
	// CertificateRequestTypeOriginECC requests an ECC certificate
	CertificateRequestTypeOriginECC CertificateRequestType = "origin-ecc"
)

type CertificateValidity added in v0.20.0 

type CertificateValidity int

CertificateValidity represents the validity period of the certificate in days +kubebuilder:validation:Enum=7;30;90;365;730;1095;5475 

const (
	// CertificateValidity7Days is 7 days validity
	CertificateValidity7Days CertificateValidity = 7
	// CertificateValidity30Days is 30 days validity
	CertificateValidity30Days CertificateValidity = 30
	// CertificateValidity90Days is 90 days validity
	CertificateValidity90Days CertificateValidity = 90
	// CertificateValidity1Year is 365 days validity
	CertificateValidity1Year CertificateValidity = 365
	// CertificateValidity2Years is 730 days validity
	CertificateValidity2Years CertificateValidity = 730
	// CertificateValidity3Years is 1095 days validity
	CertificateValidity3Years CertificateValidity = 1095
	// CertificateValidity15Years is 5475 days validity (maximum)
	CertificateValidity15Years CertificateValidity = 5475
)

type CloudflareAuthType added in v0.17.0 

type CloudflareAuthType string

CloudflareAuthType defines the authentication method for Cloudflare API +kubebuilder:validation:Enum=apiToken;globalAPIKey 

const (
	// AuthTypeAPIToken uses a scoped API Token for authentication
	AuthTypeAPIToken CloudflareAuthType = "apiToken"
	// AuthTypeGlobalAPIKey uses Global API Key + Email for authentication
	AuthTypeGlobalAPIKey CloudflareAuthType = "globalAPIKey"
)

type CloudflareCredentials added in v0.17.0 

type CloudflareCredentials struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   CloudflareCredentialsSpec   `json:"spec,omitempty"`
	Status CloudflareCredentialsStatus `json:"status,omitempty"`
}

CloudflareCredentials is the Schema for global Cloudflare API credentials

func (*CloudflareCredentials) DeepCopy added in v0.17.0 

func (in *CloudflareCredentials) DeepCopy() *CloudflareCredentials

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentials.

func (*CloudflareCredentials) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentials) DeepCopyInto(out *CloudflareCredentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareCredentials) DeepCopyObject added in v0.17.0 

func (in *CloudflareCredentials) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareCredentialsList added in v0.17.0 

type CloudflareCredentialsList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CloudflareCredentials `json:"items"`
}

CloudflareCredentialsList contains a list of CloudflareCredentials

func (*CloudflareCredentialsList) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopy() *CloudflareCredentialsList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsList.

func (*CloudflareCredentialsList) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopyInto(out *CloudflareCredentialsList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareCredentialsList) DeepCopyObject added in v0.17.0 

func (in *CloudflareCredentialsList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareCredentialsRef added in v0.17.0 

type CloudflareCredentialsRef struct {
	// Name of the CloudflareCredentials resource to use
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

CloudflareCredentialsRef references a CloudflareCredentials resource

func (*CloudflareCredentialsRef) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsRef) DeepCopy() *CloudflareCredentialsRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsRef.

func (*CloudflareCredentialsRef) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsRef) DeepCopyInto(out *CloudflareCredentialsRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareCredentialsSpec added in v0.17.0 

type CloudflareCredentialsSpec struct {
	// AccountID is the Cloudflare Account ID
	// +kubebuilder:validation:Required
	AccountID string `json:"accountId"`

	// AccountName is an optional human-readable account name (for reference only)
	// +kubebuilder:validation:Optional
	AccountName string `json:"accountName,omitempty"`

	// AuthType specifies the authentication method
	// +kubebuilder:validation:Required
	// +kubebuilder:default:="apiToken"
	AuthType CloudflareAuthType `json:"authType"`

	// SecretRef references the secret containing the API credentials
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// DefaultDomain is the default domain for resources using these credentials
	// +kubebuilder:validation:Optional
	DefaultDomain string `json:"defaultDomain,omitempty"`

	// IsDefault marks this as the default credentials for resources that don't specify credentials
	// Only one CloudflareCredentials can be marked as default
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	IsDefault bool `json:"isDefault,omitempty"`
}

CloudflareCredentialsSpec defines the desired state of CloudflareCredentials

func (*CloudflareCredentialsSpec) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsSpec) DeepCopy() *CloudflareCredentialsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsSpec.

func (*CloudflareCredentialsSpec) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsSpec) DeepCopyInto(out *CloudflareCredentialsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareCredentialsStatus added in v0.17.0 

type CloudflareCredentialsStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the credentials
	// +optional
	State string `json:"state,omitempty"`

	// Validated indicates whether the credentials have been validated
	// +optional
	Validated bool `json:"validated,omitempty"`

	// LastValidatedTime is the last time credentials were validated
	// +optional
	LastValidatedTime *metav1.Time `json:"lastValidatedTime,omitempty"`

	// AccountName is the account name retrieved from Cloudflare API
	// +optional
	AccountName string `json:"accountName,omitempty"`
}

CloudflareCredentialsStatus defines the observed state of CloudflareCredentials

func (*CloudflareCredentialsStatus) DeepCopy added in v0.17.0 

func (in *CloudflareCredentialsStatus) DeepCopy() *CloudflareCredentialsStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsStatus.

func (*CloudflareCredentialsStatus) DeepCopyInto added in v0.17.0 

func (in *CloudflareCredentialsStatus) DeepCopyInto(out *CloudflareCredentialsStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDetails 

type CloudflareDetails struct {
	// +kubebuilder:validation:Optional
	// CredentialsRef references a CloudflareCredentials resource for API authentication.
	// When specified, this takes precedence over inline credential fields.
	// This is the recommended way to configure credentials.
	CredentialsRef *CloudflareCredentialsRef `json:"credentialsRef,omitempty"`

	// +kubebuilder:validation:Optional
	// Cloudflare Domain to which this tunnel belongs to.
	// Required if not using credentialsRef with a defaultDomain.
	Domain string `json:"domain,omitempty"`

	// +kubebuilder:validation:Optional
	// ZoneId is the Cloudflare Zone ID for DNS operations.
	// If not specified, it will be looked up via CloudflareDomain or the domain field.
	// Specifying this directly is useful for multi-zone scenarios.
	ZoneId string `json:"zoneId,omitempty"`

	// +kubebuilder:validation:Optional
	// Secret containing Cloudflare API key/token (legacy, use credentialsRef instead)
	Secret string `json:"secret,omitempty"`

	// +kubebuilder:validation:Optional
	// Account Name in Cloudflare. AccountName and AccountId cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
	AccountName string `json:"accountName,omitempty"`

	// +kubebuilder:validation:Optional
	// Account ID in Cloudflare. AccountId and AccountName cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
	AccountId string `json:"accountId,omitempty"`

	// +kubebuilder:validation:Optional
	// Email to use along with API Key for Delete operations for new tunnels only, or as an alternate to API Token
	Email string `json:"email,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_API_KEY
	// Key in the secret to use for Cloudflare API Key, defaults to CLOUDFLARE_API_KEY. Needs Email also to be provided.
	// For Delete operations for new tunnels only, or as an alternate to API Token
	CLOUDFLARE_API_KEY string `json:"CLOUDFLARE_API_KEY,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_API_TOKEN
	// Key in the secret to use for Cloudflare API token, defaults to CLOUDFLARE_API_TOKEN
	CLOUDFLARE_API_TOKEN string `json:"CLOUDFLARE_API_TOKEN,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
	// Key in the secret to use as credentials.json for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
	CLOUDFLARE_TUNNEL_CREDENTIAL_FILE string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_FILE,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
	// Key in the secret to use as tunnel secret for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
	CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET,omitempty"`
}

CloudflareDetails spec contains all the necessary parameters needed to connect to the Cloudflare API. You can either use credentialsRef to reference a global CloudflareCredentials resource, or specify inline credentials using the legacy fields (secret, accountId, etc.)

func (*CloudflareDetails) DeepCopy 

func (in *CloudflareDetails) DeepCopy() *CloudflareDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDetails.

func (*CloudflareDetails) DeepCopyInto 

func (in *CloudflareDetails) DeepCopyInto(out *CloudflareDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDomain added in v0.19.0 

type CloudflareDomain struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   CloudflareDomainSpec   `json:"spec,omitempty"`
	Status CloudflareDomainStatus `json:"status,omitempty"`
}

CloudflareDomain represents a domain managed in Cloudflare. It provides zone information (Zone ID) for DNS operations across all CRDs. The controller verifies the domain exists in Cloudflare and caches the Zone ID.

DomainResolver uses CloudflareDomain resources to match hostnames to zones: - Exact match: hostname equals domain - Suffix match: hostname ends with ".domain" (longest suffix wins)

Example: For hostname "api.staging.example.com": - CloudflareDomain "example.com" matches (suffix) - CloudflareDomain "staging.example.com" matches better (longer suffix)

func (*CloudflareDomain) DeepCopy added in v0.19.0 

func (in *CloudflareDomain) DeepCopy() *CloudflareDomain

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomain.

func (*CloudflareDomain) DeepCopyInto added in v0.19.0 

func (in *CloudflareDomain) DeepCopyInto(out *CloudflareDomain)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareDomain) DeepCopyObject added in v0.19.0 

func (in *CloudflareDomain) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareDomainList added in v0.19.0 

type CloudflareDomainList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CloudflareDomain `json:"items"`
}

CloudflareDomainList contains a list of CloudflareDomain

func (*CloudflareDomainList) DeepCopy added in v0.19.0 

func (in *CloudflareDomainList) DeepCopy() *CloudflareDomainList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainList.

func (*CloudflareDomainList) DeepCopyInto added in v0.19.0 

func (in *CloudflareDomainList) DeepCopyInto(out *CloudflareDomainList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareDomainList) DeepCopyObject added in v0.19.0 

func (in *CloudflareDomainList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareDomainSpec added in v0.19.0 

type CloudflareDomainSpec struct {
	// Domain is the domain name (e.g., "example.com")
	// This should be the apex domain registered in Cloudflare
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$`
	Domain string `json:"domain"`

	// CredentialsRef references a CloudflareCredentials resource for API access.
	// If not specified, the default CloudflareCredentials will be used.
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`

	// IsDefault marks this domain as the default for resources that don't specify a domain.
	// Only one CloudflareDomain can be marked as default.
	// When multiple hostnames need zone lookup, the longest suffix match is used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	IsDefault bool `json:"isDefault,omitempty"`

	// ZoneID allows manual specification of the Cloudflare Zone ID.
	// If provided, the controller will skip zone lookup and use this value directly.
	// This is useful for advanced scenarios or when automatic lookup fails.
	// +kubebuilder:validation:Optional
	ZoneID string `json:"zoneId,omitempty"`

	// SSL configures SSL/TLS settings for this domain
	// +kubebuilder:validation:Optional
	SSL *SSLConfig `json:"ssl,omitempty"`

	// Cache configures caching settings for this domain
	// +kubebuilder:validation:Optional
	Cache *CacheConfig `json:"cache,omitempty"`

	// Security configures security settings for this domain
	// +kubebuilder:validation:Optional
	Security *SecurityConfig `json:"security,omitempty"`

	// Performance configures performance settings for this domain
	// +kubebuilder:validation:Optional
	Performance *PerformanceConfig `json:"performance,omitempty"`
}

CloudflareDomainSpec defines the desired state of CloudflareDomain

func (*CloudflareDomainSpec) DeepCopy added in v0.19.0 

func (in *CloudflareDomainSpec) DeepCopy() *CloudflareDomainSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainSpec.

func (*CloudflareDomainSpec) DeepCopyInto added in v0.19.0 

func (in *CloudflareDomainSpec) DeepCopyInto(out *CloudflareDomainSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDomainState added in v0.19.0 

type CloudflareDomainState string

CloudflareDomainState represents the state of the CloudflareDomain +kubebuilder:validation:Enum=Pending;Verifying;Ready;Error 

const (
	// CloudflareDomainStatePending means the domain is waiting to be verified
	CloudflareDomainStatePending CloudflareDomainState = "Pending"
	// CloudflareDomainStateVerifying means the domain is being verified with Cloudflare API
	CloudflareDomainStateVerifying CloudflareDomainState = "Verifying"
	// CloudflareDomainStateReady means the domain has been verified and is ready to use
	CloudflareDomainStateReady CloudflareDomainState = "Ready"
	// CloudflareDomainStateError means there was an error verifying the domain
	CloudflareDomainStateError CloudflareDomainState = "Error"
)

type CloudflareDomainStatus added in v0.19.0 

type CloudflareDomainStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the domain
	// +optional
	State CloudflareDomainState `json:"state,omitempty"`

	// ZoneID is the Cloudflare Zone ID for this domain
	// +optional
	ZoneID string `json:"zoneId,omitempty"`

	// ZoneName is the zone name as returned by Cloudflare API
	// +optional
	ZoneName string `json:"zoneName,omitempty"`

	// AccountID is the Cloudflare Account ID associated with this zone
	// +optional
	AccountID string `json:"accountId,omitempty"`

	// NameServers are the Cloudflare name servers for this zone
	// +optional
	NameServers []string `json:"nameServers,omitempty"`

	// ZoneStatus is the status of the zone in Cloudflare (active, pending, etc.)
	// +optional
	ZoneStatus string `json:"zoneStatus,omitempty"`

	// LastVerifiedTime is the last time the zone was verified with Cloudflare API
	// +optional
	LastVerifiedTime *metav1.Time `json:"lastVerifiedTime,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`

	// ConfigSyncStatus represents the sync status of zone settings
	// +optional
	ConfigSyncStatus *ConfigSyncStatus `json:"configSyncStatus,omitempty"`
}

CloudflareDomainStatus defines the observed state of CloudflareDomain

func (*CloudflareDomainStatus) DeepCopy added in v0.19.0 

func (in *CloudflareDomainStatus) DeepCopy() *CloudflareDomainStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainStatus.

func (*CloudflareDomainStatus) DeepCopyInto added in v0.19.0 

func (in *CloudflareDomainStatus) DeepCopyInto(out *CloudflareDomainStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterTunnel 

type ClusterTunnel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelSpec   `json:"spec,omitempty"`
	Status TunnelStatus `json:"status,omitempty"`
}

ClusterTunnel is the Schema for the clustertunnels API

func (*ClusterTunnel) DeepCopy 

func (in *ClusterTunnel) DeepCopy() *ClusterTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnel.

func (*ClusterTunnel) DeepCopyInto 

func (in *ClusterTunnel) DeepCopyInto(out *ClusterTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterTunnel) DeepCopyObject 

func (in *ClusterTunnel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterTunnel) Hub 

func (*ClusterTunnel) Hub()

Hub marks this type as a conversion hub.

type ClusterTunnelList 

type ClusterTunnelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterTunnel `json:"items"`
}

ClusterTunnelList contains a list of ClusterTunnel

func (*ClusterTunnelList) DeepCopy 

func (in *ClusterTunnelList) DeepCopy() *ClusterTunnelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnelList.

func (*ClusterTunnelList) DeepCopyInto 

func (in *ClusterTunnelList) DeepCopyInto(out *ClusterTunnelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterTunnelList) DeepCopyObject 

func (in *ClusterTunnelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConfigMapKeyRef 

type ConfigMapKeyRef struct {
	// Name is the ConfigMap name.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the ConfigMap.
	// +kubebuilder:validation:Required
	Key string `json:"key"`

	// Namespace is the ConfigMap namespace.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

ConfigMapKeyRef references a key in a ConfigMap.

func (*ConfigMapKeyRef) DeepCopy 

func (in *ConfigMapKeyRef) DeepCopy() *ConfigMapKeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapKeyRef.

func (*ConfigMapKeyRef) DeepCopyInto 

func (in *ConfigMapKeyRef) DeepCopyInto(out *ConfigMapKeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConfigSyncState added in v0.20.0 

type ConfigSyncState string

ConfigSyncState represents the sync state of a configuration section +kubebuilder:validation:Enum=Synced;Syncing;Error;Unknown 

const (
	ConfigSyncStateSynced  ConfigSyncState = "Synced"
	ConfigSyncStateSyncing ConfigSyncState = "Syncing"
	ConfigSyncStateError   ConfigSyncState = "Error"
	ConfigSyncStateUnknown ConfigSyncState = "Unknown"
)

type ConfigSyncStatus added in v0.20.0 

type ConfigSyncStatus struct {
	// SSL sync status
	// +kubebuilder:validation:Optional
	SSL ConfigSyncState `json:"ssl,omitempty"`

	// Cache sync status
	// +kubebuilder:validation:Optional
	Cache ConfigSyncState `json:"cache,omitempty"`

	// Security sync status
	// +kubebuilder:validation:Optional
	Security ConfigSyncState `json:"security,omitempty"`

	// Performance sync status
	// +kubebuilder:validation:Optional
	Performance ConfigSyncState `json:"performance,omitempty"`

	// LastSyncTime is the last time any configuration was synced
	// +kubebuilder:validation:Optional
	LastSyncTime *string `json:"lastSyncTime,omitempty"`

	// ErrorMessage contains error details if any sync failed
	// +kubebuilder:validation:Optional
	ErrorMessage string `json:"errorMessage,omitempty"`
}

ConfigSyncStatus represents the sync status of all configuration sections

func (*ConfigSyncStatus) DeepCopy added in v0.20.0 

func (in *ConfigSyncStatus) DeepCopy() *ConfigSyncStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSyncStatus.

func (*ConfigSyncStatus) DeepCopyInto added in v0.20.0 

func (in *ConfigSyncStatus) DeepCopyInto(out *ConfigSyncStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CredentialsReference added in v0.19.0 

type CredentialsReference struct {
	// Name of the CloudflareCredentials resource
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

CredentialsReference references a CloudflareCredentials resource

func (*CredentialsReference) DeepCopy added in v0.19.0 

func (in *CredentialsReference) DeepCopy() *CredentialsReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsReference.

func (*CredentialsReference) DeepCopyInto added in v0.19.0 

func (in *CredentialsReference) DeepCopyInto(out *CredentialsReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomCertificateSettings 

type CustomCertificateSettings struct {
	Enabled bool   `json:"enabled"`
	ID      string `json:"id,omitempty"`
}

CustomCertificateSettings for custom CA.

func (*CustomCertificateSettings) DeepCopy 

func (in *CustomCertificateSettings) DeepCopy() *CustomCertificateSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificateSettings.

func (*CustomCertificateSettings) DeepCopyInto 

func (in *CustomCertificateSettings) DeepCopyInto(out *CustomCertificateSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSManagementMode added in v0.18.1 

type DNSManagementMode string

DNSManagementMode defines how DNS records are managed for Ingresses +kubebuilder:validation:Enum=Automatic;Manual;DNSRecord 

const (
	// DNSManagementAutomatic - Controller creates CNAME records directly via Cloudflare API
	DNSManagementAutomatic DNSManagementMode = "Automatic"

	// DNSManagementManual - User manages DNS records externally (compatible with external-dns)
	DNSManagementManual DNSManagementMode = "Manual"

	// DNSManagementDNSRecord - Controller creates DNSRecord CRDs for each hostname
	DNSManagementDNSRecord DNSManagementMode = "DNSRecord"
)

type DNSRecord 

type DNSRecord struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DNSRecordSpec   `json:"spec,omitempty"`
	Status DNSRecordStatus `json:"status,omitempty"`
}

DNSRecord is the Schema for the dnsrecords API.

func (*DNSRecord) DeepCopy 

func (in *DNSRecord) DeepCopy() *DNSRecord

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecord.

func (*DNSRecord) DeepCopyInto 

func (in *DNSRecord) DeepCopyInto(out *DNSRecord)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DNSRecord) DeepCopyObject 

func (in *DNSRecord) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DNSRecordData 

type DNSRecordData struct {
	// For SRV records
	// +kubebuilder:validation:Optional
	Service string `json:"service,omitempty"`

	// +kubebuilder:validation:Optional
	Proto string `json:"proto,omitempty"`

	// +kubebuilder:validation:Optional
	Weight int `json:"weight,omitempty"`

	// +kubebuilder:validation:Optional
	Port int `json:"port,omitempty"`

	// +kubebuilder:validation:Optional
	Target string `json:"target,omitempty"`

	// For CAA records
	// +kubebuilder:validation:Optional
	Flags int `json:"flags,omitempty"`

	// +kubebuilder:validation:Optional
	Tag string `json:"tag,omitempty"`

	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// For CERT/SSHFP/TLSA records
	// +kubebuilder:validation:Optional
	Algorithm int `json:"algorithm,omitempty"`

	// +kubebuilder:validation:Optional
	Certificate string `json:"certificate,omitempty"`

	// +kubebuilder:validation:Optional
	KeyTag int `json:"keyTag,omitempty"`

	// +kubebuilder:validation:Optional
	Usage int `json:"usage,omitempty"`

	// +kubebuilder:validation:Optional
	Selector int `json:"selector,omitempty"`

	// +kubebuilder:validation:Optional
	MatchingType int `json:"matchingType,omitempty"`

	// For LOC records
	// +kubebuilder:validation:Optional
	LatDegrees int `json:"latDegrees,omitempty"`

	// +kubebuilder:validation:Optional
	LatMinutes int `json:"latMinutes,omitempty"`

	// +kubebuilder:validation:Optional
	LatSeconds string `json:"latSeconds,omitempty"`

	// +kubebuilder:validation:Optional
	LatDirection string `json:"latDirection,omitempty"`

	// +kubebuilder:validation:Optional
	LongDegrees int `json:"longDegrees,omitempty"`

	// +kubebuilder:validation:Optional
	LongMinutes int `json:"longMinutes,omitempty"`

	// +kubebuilder:validation:Optional
	LongSeconds string `json:"longSeconds,omitempty"`

	// +kubebuilder:validation:Optional
	LongDirection string `json:"longDirection,omitempty"`

	// +kubebuilder:validation:Optional
	Altitude string `json:"altitude,omitempty"`

	// +kubebuilder:validation:Optional
	Size string `json:"size,omitempty"`

	// +kubebuilder:validation:Optional
	PrecisionHorz string `json:"precisionHorz,omitempty"`

	// +kubebuilder:validation:Optional
	PrecisionVert string `json:"precisionVert,omitempty"`

	// For URI records
	// +kubebuilder:validation:Optional
	ContentURI string `json:"content,omitempty"`
}

DNSRecordData contains type-specific record data.

func (*DNSRecordData) DeepCopy 

func (in *DNSRecordData) DeepCopy() *DNSRecordData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordData.

func (*DNSRecordData) DeepCopyInto 

func (in *DNSRecordData) DeepCopyInto(out *DNSRecordData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSRecordList 

type DNSRecordList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DNSRecord `json:"items"`
}

DNSRecordList contains a list of DNSRecord

func (*DNSRecordList) DeepCopy 

func (in *DNSRecordList) DeepCopy() *DNSRecordList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordList.

func (*DNSRecordList) DeepCopyInto 

func (in *DNSRecordList) DeepCopyInto(out *DNSRecordList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DNSRecordList) DeepCopyObject 

func (in *DNSRecordList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DNSRecordSpec 

type DNSRecordSpec struct {
	// Name is the DNS record name (e.g., "www" or "www.example.com").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name"`

	// Type is the DNS record type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=A;AAAA;CNAME;TXT;MX;NS;SRV;CAA;CERT;DNSKEY;DS;HTTPS;LOC;NAPTR;SMIMEA;SSHFP;SVCB;TLSA;URI
	Type string `json:"type"`

	// Content is the record content/value.
	// +kubebuilder:validation:Required
	Content string `json:"content"`

	// TTL is the Time To Live (1 = automatic).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	TTL int `json:"ttl,omitempty"`

	// Proxied enables Cloudflare proxy for this record.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Proxied bool `json:"proxied,omitempty"`

	// Priority for MX/SRV records.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Priority *int `json:"priority,omitempty"`

	// Comment is an optional comment.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=100
	Comment string `json:"comment,omitempty"`

	// Tags for the record.
	// +kubebuilder:validation:Optional
	Tags []string `json:"tags,omitempty"`

	// Data contains additional record-specific data (for SRV, CAA, etc.).
	// +kubebuilder:validation:Optional
	Data *DNSRecordData `json:"data,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DNSRecordSpec defines the desired state of DNSRecord

func (*DNSRecordSpec) DeepCopy 

func (in *DNSRecordSpec) DeepCopy() *DNSRecordSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordSpec.

func (*DNSRecordSpec) DeepCopyInto 

func (in *DNSRecordSpec) DeepCopyInto(out *DNSRecordSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSRecordStatus 

type DNSRecordStatus struct {
	// RecordID is the Cloudflare DNS Record ID.
	// +kubebuilder:validation:Optional
	RecordID string `json:"recordId,omitempty"`

	// ZoneID is the Cloudflare Zone ID.
	// +kubebuilder:validation:Optional
	ZoneID string `json:"zoneId,omitempty"`

	// FQDN is the fully qualified domain name.
	// +kubebuilder:validation:Optional
	FQDN string `json:"fqdn,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DNSRecordStatus defines the observed state

func (*DNSRecordStatus) DeepCopy 

func (in *DNSRecordStatus) DeepCopy() *DNSRecordStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordStatus.

func (*DNSRecordStatus) DeepCopyInto 

func (in *DNSRecordStatus) DeepCopyInto(out *DNSRecordStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSResolver 

type DNSResolver struct {
	IP                         string `json:"ip,omitempty"`
	Port                       int    `json:"port,omitempty"`
	VNetID                     string `json:"vnetId,omitempty"`
	RouteThroughPrivateNetwork bool   `json:"routeThroughPrivateNetwork,omitempty"`
}

DNSResolver for custom DNS.

func (*DNSResolver) DeepCopy 

func (in *DNSResolver) DeepCopy() *DNSResolver

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSResolver.

func (*DNSResolver) DeepCopyInto 

func (in *DNSResolver) DeepCopyInto(out *DNSResolver)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureInput 

type DevicePostureInput struct {
	// ID is a generic identifier for integrations.
	// +kubebuilder:validation:Optional
	ID string `json:"id,omitempty"`

	// Path is the file path to check.
	// +kubebuilder:validation:Optional
	Path string `json:"path,omitempty"`

	// Exists checks if file exists.
	// +kubebuilder:validation:Optional
	Exists *bool `json:"exists,omitempty"`

	// Sha256 is the expected file hash.
	// +kubebuilder:validation:Optional
	Sha256 string `json:"sha256,omitempty"`

	// Thumbprint is the certificate thumbprint.
	// +kubebuilder:validation:Optional
	Thumbprint string `json:"thumbprint,omitempty"`

	// Running checks if application is running.
	// +kubebuilder:validation:Optional
	Running *bool `json:"running,omitempty"`

	// RequireAll requires all conditions to match.
	// +kubebuilder:validation:Optional
	RequireAll *bool `json:"requireAll,omitempty"`

	// Enabled checks if feature is enabled.
	// +kubebuilder:validation:Optional
	Enabled *bool `json:"enabled,omitempty"`

	// Version is the minimum version.
	// +kubebuilder:validation:Optional
	Version string `json:"version,omitempty"`

	// Operator is the version comparison operator.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	Operator string `json:"operator,omitempty"`

	// Domain is the expected domain for domain-joined checks.
	// +kubebuilder:validation:Optional
	Domain string `json:"domain,omitempty"`

	// ComplianceStatus is the Intune compliance status.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=compliant;noncompliant;unknown;notapplicable;ingraceperiod;error
	ComplianceStatus string `json:"complianceStatus,omitempty"`

	// ConnectionID is the third-party integration connection ID.
	// +kubebuilder:validation:Optional
	ConnectionID string `json:"connectionId,omitempty"`

	// LastSeen is the maximum time since device was last seen.
	// +kubebuilder:validation:Optional
	LastSeen string `json:"lastSeen,omitempty"`

	// ActiveThreats is the maximum active threat count.
	// +kubebuilder:validation:Optional
	ActiveThreats *int `json:"activeThreats,omitempty"`

	// NetworkStatus checks for network connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=connected;disconnected;disconnecting;connecting
	NetworkStatus string `json:"networkStatus,omitempty"`

	// SensorConfig checks sensor configuration.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=active;disabled;not_configured
	SensorConfig string `json:"sensorConfig,omitempty"`

	// VersionOperator for CrowdStrike version checks.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	VersionOperator string `json:"versionOperator,omitempty"`

	// CountOperator for count comparisons.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=<;<=;>;>=;==
	CountOperator string `json:"countOperator,omitempty"`

	// IssueCount is the number of issues for SentinelOne.
	// +kubebuilder:validation:Optional
	IssueCount *int `json:"issueCount,omitempty"`

	// OSDistroName is the OS distribution name.
	// +kubebuilder:validation:Optional
	OSDistroName string `json:"osDistroName,omitempty"`

	// OSDistroRevision is the OS distribution revision.
	// +kubebuilder:validation:Optional
	OSDistroRevision string `json:"osDistroRevision,omitempty"`

	// CertificateID for client certificate checks.
	// +kubebuilder:validation:Optional
	CertificateID string `json:"certificateId,omitempty"`

	// CommonName for client certificate checks.
	// +kubebuilder:validation:Optional
	CommonName string `json:"commonName,omitempty"`

	// CheckDisks specifies which disks to check encryption.
	// +kubebuilder:validation:Optional
	CheckDisks []string `json:"checkDisks,omitempty"`
}

DevicePostureInput contains rule-specific input.

func (*DevicePostureInput) DeepCopy 

func (in *DevicePostureInput) DeepCopy() *DevicePostureInput

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureInput.

func (*DevicePostureInput) DeepCopyInto 

func (in *DevicePostureInput) DeepCopyInto(out *DevicePostureInput)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureMatch 

type DevicePostureMatch struct {
	// Platform is the OS platform.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=windows;mac;linux;android;ios;chromeos
	Platform string `json:"platform,omitempty"`
}

DevicePostureMatch defines platform matching.

func (*DevicePostureMatch) DeepCopy 

func (in *DevicePostureMatch) DeepCopy() *DevicePostureMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureMatch.

func (*DevicePostureMatch) DeepCopyInto 

func (in *DevicePostureMatch) DeepCopyInto(out *DevicePostureMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureRule 

type DevicePostureRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DevicePostureRuleSpec   `json:"spec,omitempty"`
	Status DevicePostureRuleStatus `json:"status,omitempty"`
}

DevicePostureRule is the Schema for the deviceposturerules API.

func (*DevicePostureRule) DeepCopy 

func (in *DevicePostureRule) DeepCopy() *DevicePostureRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRule.

func (*DevicePostureRule) DeepCopyInto 

func (in *DevicePostureRule) DeepCopyInto(out *DevicePostureRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DevicePostureRule) DeepCopyObject 

func (in *DevicePostureRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DevicePostureRule) GetRuleName 

func (d *DevicePostureRule) GetRuleName() string

GetRuleName returns the name to use in Cloudflare.

type DevicePostureRuleList 

type DevicePostureRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DevicePostureRule `json:"items"`
}

DevicePostureRuleList contains a list of DevicePostureRule

func (*DevicePostureRuleList) DeepCopy 

func (in *DevicePostureRuleList) DeepCopy() *DevicePostureRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleList.

func (*DevicePostureRuleList) DeepCopyInto 

func (in *DevicePostureRuleList) DeepCopyInto(out *DevicePostureRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DevicePostureRuleList) DeepCopyObject 

func (in *DevicePostureRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DevicePostureRuleSpec 

type DevicePostureRuleSpec struct {
	// Name of the Device Posture Rule in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Type is the posture rule type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=file;application;serial_number;tanium;gateway;warp;disk_encryption;sentinelone;carbonblack;firewall;os_version;domain_joined;client_certificate;unique_client_id;kolide;tanium_s2s;crowdstrike_s2s;intune;workspace_one
	Type string `json:"type"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Schedule determines how often the rule is evaluated.
	// +kubebuilder:validation:Optional
	Schedule string `json:"schedule,omitempty"`

	// Expiration is when the rule expires.
	// +kubebuilder:validation:Optional
	Expiration string `json:"expiration,omitempty"`

	// Match defines which devices this rule applies to.
	// +kubebuilder:validation:Optional
	Match []DevicePostureMatch `json:"match,omitempty"`

	// Input contains the rule-specific configuration.
	// +kubebuilder:validation:Optional
	Input *DevicePostureInput `json:"input,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DevicePostureRuleSpec defines the desired state of DevicePostureRule

func (*DevicePostureRuleSpec) DeepCopy 

func (in *DevicePostureRuleSpec) DeepCopy() *DevicePostureRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleSpec.

func (*DevicePostureRuleSpec) DeepCopyInto 

func (in *DevicePostureRuleSpec) DeepCopyInto(out *DevicePostureRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DevicePostureRuleStatus 

type DevicePostureRuleStatus struct {
	// RuleID is the Cloudflare Device Posture Rule ID.
	// +kubebuilder:validation:Optional
	RuleID string `json:"ruleId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DevicePostureRuleStatus defines the observed state

func (*DevicePostureRuleStatus) DeepCopy 

func (in *DevicePostureRuleStatus) DeepCopy() *DevicePostureRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleStatus.

func (*DevicePostureRuleStatus) DeepCopyInto 

func (in *DevicePostureRuleStatus) DeepCopyInto(out *DevicePostureRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DeviceSettingsPolicy 

type DeviceSettingsPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DeviceSettingsPolicySpec   `json:"spec,omitempty"`
	Status DeviceSettingsPolicyStatus `json:"status,omitempty"`
}

DeviceSettingsPolicy is the Schema for the devicesettingspolicies API. A DeviceSettingsPolicy configures WARP client device settings including split tunnel rules and fallback domains for an account.

func (*DeviceSettingsPolicy) DeepCopy 

func (in *DeviceSettingsPolicy) DeepCopy() *DeviceSettingsPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicy.

func (*DeviceSettingsPolicy) DeepCopyInto 

func (in *DeviceSettingsPolicy) DeepCopyInto(out *DeviceSettingsPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DeviceSettingsPolicy) DeepCopyObject 

func (in *DeviceSettingsPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DeviceSettingsPolicyList 

type DeviceSettingsPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DeviceSettingsPolicy `json:"items"`
}

DeviceSettingsPolicyList contains a list of DeviceSettingsPolicy

func (*DeviceSettingsPolicyList) DeepCopy 

func (in *DeviceSettingsPolicyList) DeepCopy() *DeviceSettingsPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyList.

func (*DeviceSettingsPolicyList) DeepCopyInto 

func (in *DeviceSettingsPolicyList) DeepCopyInto(out *DeviceSettingsPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DeviceSettingsPolicyList) DeepCopyObject 

func (in *DeviceSettingsPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DeviceSettingsPolicySpec 

type DeviceSettingsPolicySpec struct {
	// SplitTunnelMode determines how split tunneling is configured.
	// "exclude" means traffic to listed addresses bypasses the tunnel (default WARP behavior).
	// "include" means only traffic to listed addresses goes through the tunnel.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=exclude;include
	// +kubebuilder:default=exclude
	SplitTunnelMode string `json:"splitTunnelMode,omitempty"`

	// SplitTunnelExclude lists addresses/hosts to exclude from the tunnel.
	// Only used when SplitTunnelMode is "exclude".
	// +kubebuilder:validation:Optional
	SplitTunnelExclude []SplitTunnelEntry `json:"splitTunnelExclude,omitempty"`

	// SplitTunnelInclude lists addresses/hosts to include in the tunnel.
	// Only used when SplitTunnelMode is "include".
	// +kubebuilder:validation:Optional
	SplitTunnelInclude []SplitTunnelEntry `json:"splitTunnelInclude,omitempty"`

	// FallbackDomains lists domains that should use the specified DNS servers
	// instead of Gateway DNS.
	// +kubebuilder:validation:Optional
	FallbackDomains []FallbackDomainEntry `json:"fallbackDomains,omitempty"`

	// AutoPopulateFromRoutes automatically populates split tunnel entries
	// from NetworkRoute resources in the cluster.
	// +kubebuilder:validation:Optional
	AutoPopulateFromRoutes *AutoPopulateConfig `json:"autoPopulateFromRoutes,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

DeviceSettingsPolicySpec defines the desired state of DeviceSettingsPolicy

func (*DeviceSettingsPolicySpec) DeepCopy 

func (in *DeviceSettingsPolicySpec) DeepCopy() *DeviceSettingsPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicySpec.

func (*DeviceSettingsPolicySpec) DeepCopyInto 

func (in *DeviceSettingsPolicySpec) DeepCopyInto(out *DeviceSettingsPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DeviceSettingsPolicyStatus 

type DeviceSettingsPolicyStatus struct {
	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// SplitTunnelExcludeCount is the number of exclude entries configured.
	// +kubebuilder:validation:Optional
	SplitTunnelExcludeCount int `json:"splitTunnelExcludeCount,omitempty"`

	// SplitTunnelIncludeCount is the number of include entries configured.
	// +kubebuilder:validation:Optional
	SplitTunnelIncludeCount int `json:"splitTunnelIncludeCount,omitempty"`

	// FallbackDomainsCount is the number of fallback domain entries configured.
	// +kubebuilder:validation:Optional
	FallbackDomainsCount int `json:"fallbackDomainsCount,omitempty"`

	// AutoPopulatedRoutesCount is the number of routes auto-populated from NetworkRoutes.
	// +kubebuilder:validation:Optional
	AutoPopulatedRoutesCount int `json:"autoPopulatedRoutesCount,omitempty"`

	// State indicates the current state of the policy.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the DeviceSettingsPolicy's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

DeviceSettingsPolicyStatus defines the observed state of DeviceSettingsPolicy

func (*DeviceSettingsPolicyStatus) DeepCopy 

func (in *DeviceSettingsPolicyStatus) DeepCopy() *DeviceSettingsPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyStatus.

func (*DeviceSettingsPolicyStatus) DeepCopyInto 

func (in *DeviceSettingsPolicyStatus) DeepCopyInto(out *DeviceSettingsPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainConfiguration added in v0.20.0 

type DomainConfiguration struct {
	// AutoRenew enables automatic domain renewal
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AutoRenew bool `json:"autoRenew,omitempty"`

	// Privacy enables WHOIS privacy protection
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Privacy bool `json:"privacy,omitempty"`

	// Locked prevents unauthorized transfers
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Locked bool `json:"locked,omitempty"`

	// NameServers specifies custom nameservers (optional)
	// If not specified, Cloudflare nameservers will be used
	// +kubebuilder:validation:Optional
	NameServers []string `json:"nameServers,omitempty"`
}

DomainConfiguration contains domain configuration settings

func (*DomainConfiguration) DeepCopy added in v0.20.0 

func (in *DomainConfiguration) DeepCopy() *DomainConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainConfiguration.

func (*DomainConfiguration) DeepCopyInto added in v0.20.0 

func (in *DomainConfiguration) DeepCopyInto(out *DomainConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainRegistration added in v0.20.0 

type DomainRegistration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DomainRegistrationSpec   `json:"spec,omitempty"`
	Status DomainRegistrationStatus `json:"status,omitempty"`
}

DomainRegistration manages Cloudflare Registrar domain settings. This CRD allows you to configure settings for domains registered with Cloudflare Registrar, including auto-renewal, WHOIS privacy, and transfer lock settings.

Note: This CRD manages existing domains registered with Cloudflare. Domain registration itself must be done through the Cloudflare dashboard or API directly due to payment and verification requirements.

Enterprise Feature: Some advanced features like registry lock require an Enterprise plan.

func (*DomainRegistration) DeepCopy added in v0.20.0 

func (in *DomainRegistration) DeepCopy() *DomainRegistration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistration.

func (*DomainRegistration) DeepCopyInto added in v0.20.0 

func (in *DomainRegistration) DeepCopyInto(out *DomainRegistration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DomainRegistration) DeepCopyObject added in v0.20.0 

func (in *DomainRegistration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DomainRegistrationList added in v0.20.0 

type DomainRegistrationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DomainRegistration `json:"items"`
}

DomainRegistrationList contains a list of DomainRegistration

func (*DomainRegistrationList) DeepCopy added in v0.20.0 

func (in *DomainRegistrationList) DeepCopy() *DomainRegistrationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationList.

func (*DomainRegistrationList) DeepCopyInto added in v0.20.0 

func (in *DomainRegistrationList) DeepCopyInto(out *DomainRegistrationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DomainRegistrationList) DeepCopyObject added in v0.20.0 

func (in *DomainRegistrationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DomainRegistrationSpec added in v0.20.0 

type DomainRegistrationSpec struct {
	// DomainName is the domain name to manage
	// This domain must already be registered with Cloudflare Registrar
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.[a-zA-Z]{2,}$`
	DomainName string `json:"domainName"`

	// Configuration contains domain settings
	// +kubebuilder:validation:Optional
	Configuration *DomainConfiguration `json:"configuration,omitempty"`

	// RegistrantContact contains the registrant contact information
	// If not specified, existing contact information will be preserved
	// +kubebuilder:validation:Optional
	RegistrantContact *RegistrantContact `json:"registrantContact,omitempty"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

DomainRegistrationSpec defines the desired state of DomainRegistration

func (*DomainRegistrationSpec) DeepCopy added in v0.20.0 

func (in *DomainRegistrationSpec) DeepCopy() *DomainRegistrationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationSpec.

func (*DomainRegistrationSpec) DeepCopyInto added in v0.20.0 

func (in *DomainRegistrationSpec) DeepCopyInto(out *DomainRegistrationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainRegistrationState added in v0.20.0 

type DomainRegistrationState string

DomainRegistrationState represents the state of the domain registration +kubebuilder:validation:Enum=Pending;Syncing;Active;TransferPending;Expired;Error 

const (
	// DomainRegistrationStatePending means the domain is waiting to be synced
	DomainRegistrationStatePending DomainRegistrationState = "Pending"
	// DomainRegistrationStateSyncing means the domain settings are being synced
	DomainRegistrationStateSyncing DomainRegistrationState = "Syncing"
	// DomainRegistrationStateActive means the domain is registered and active
	DomainRegistrationStateActive DomainRegistrationState = "Active"
	// DomainRegistrationStateTransferPending means a transfer is in progress
	DomainRegistrationStateTransferPending DomainRegistrationState = "TransferPending"
	// DomainRegistrationStateExpired means the domain has expired
	DomainRegistrationStateExpired DomainRegistrationState = "Expired"
	// DomainRegistrationStateError means there was an error with the domain
	DomainRegistrationStateError DomainRegistrationState = "Error"
)

type DomainRegistrationStatus added in v0.20.0 

type DomainRegistrationStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the domain
	// +optional
	State DomainRegistrationState `json:"state,omitempty"`

	// DomainID is the Cloudflare domain ID
	// +optional
	DomainID string `json:"domainId,omitempty"`

	// CurrentRegistrar is the current registrar name
	// +optional
	CurrentRegistrar string `json:"currentRegistrar,omitempty"`

	// RegistryStatuses contains the registry status codes
	// +optional
	RegistryStatuses string `json:"registryStatuses,omitempty"`

	// ExpiresAt is when the domain registration expires
	// +optional
	ExpiresAt *metav1.Time `json:"expiresAt,omitempty"`

	// CreatedAt is when the domain was registered
	// +optional
	CreatedAt *metav1.Time `json:"createdAt,omitempty"`

	// AutoRenew indicates if auto-renewal is enabled
	// +optional
	AutoRenew bool `json:"autoRenew,omitempty"`

	// Privacy indicates if WHOIS privacy is enabled
	// +optional
	Privacy bool `json:"privacy,omitempty"`

	// Locked indicates if the domain is locked
	// +optional
	Locked bool `json:"locked,omitempty"`

	// TransferInStatus contains transfer status if applicable
	// +optional
	TransferInStatus string `json:"transferInStatus,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

DomainRegistrationStatus defines the observed state of DomainRegistration

func (*DomainRegistrationStatus) DeepCopy added in v0.20.0 

func (in *DomainRegistrationStatus) DeepCopy() *DomainRegistrationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationStatus.

func (*DomainRegistrationStatus) DeepCopyInto added in v0.20.0 

func (in *DomainRegistrationStatus) DeepCopyInto(out *DomainRegistrationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressSettings 

type EgressSettings struct {
	IPv4         string `json:"ipv4,omitempty"`
	IPv6         string `json:"ipv6,omitempty"`
	IPv4Fallback string `json:"ipv4Fallback,omitempty"`
}

EgressSettings for egress action.

func (*EgressSettings) DeepCopy 

func (in *EgressSettings) DeepCopy() *EgressSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSettings.

func (*EgressSettings) DeepCopyInto 

func (in *EgressSettings) DeepCopyInto(out *EgressSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExistingTunnel 

type ExistingTunnel struct {
	// +kubebuilder:validation:Optional
	// Existing Tunnel ID to run on. Tunnel ID and Tunnel Name cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
	Id string `json:"id,omitempty"`

	// +kubebuilder:validation:Optional
	// Existing Tunnel name to run on. Tunnel Name and Tunnel ID cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
	Name string `json:"name,omitempty"`
}

ExistingTunnel spec needs either a Tunnel Id or a Name to find it on Cloudflare.

func (*ExistingTunnel) DeepCopy 

func (in *ExistingTunnel) DeepCopy() *ExistingTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExistingTunnel.

func (*ExistingTunnel) DeepCopyInto 

func (in *ExistingTunnel) DeepCopyInto(out *ExistingTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FIPSSettings 

type FIPSSettings struct {
	TLS bool `json:"tls,omitempty"`
}

FIPSSettings for FIPS compliance.

func (*FIPSSettings) DeepCopy 

func (in *FIPSSettings) DeepCopy() *FIPSSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FIPSSettings.

func (*FIPSSettings) DeepCopyInto 

func (in *FIPSSettings) DeepCopyInto(out *FIPSSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FallbackDomainEntry 

type FallbackDomainEntry struct {
	// Suffix is the domain suffix to match (e.g., "internal.company.com").
	// +kubebuilder:validation:Required
	Suffix string `json:"suffix"`

	// Description is an optional description for this entry.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=200
	Description string `json:"description,omitempty"`

	// DNSServer is a list of DNS server IPs to use for this domain.
	// +kubebuilder:validation:Optional
	DNSServer []string `json:"dnsServer,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration.

func (*FallbackDomainEntry) DeepCopy 

func (in *FallbackDomainEntry) DeepCopy() *FallbackDomainEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FallbackDomainEntry.

func (*FallbackDomainEntry) DeepCopyInto 

func (in *FallbackDomainEntry) DeepCopyInto(out *FallbackDomainEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FeatureToggle added in v0.20.0 

type FeatureToggle string

FeatureToggle represents on/off toggle settings +kubebuilder:validation:Enum=on;off 

const (
	FeatureOn  FeatureToggle = "on"
	FeatureOff FeatureToggle = "off"
)

type GatewayConfiguration 

type GatewayConfiguration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayConfigurationSpec   `json:"spec,omitempty"`
	Status GatewayConfigurationStatus `json:"status,omitempty"`
}

GatewayConfiguration is the Schema for the gatewayconfigurations API.

func (*GatewayConfiguration) DeepCopy 

func (in *GatewayConfiguration) DeepCopy() *GatewayConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfiguration.

func (*GatewayConfiguration) DeepCopyInto 

func (in *GatewayConfiguration) DeepCopyInto(out *GatewayConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayConfiguration) DeepCopyObject 

func (in *GatewayConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayConfigurationList 

type GatewayConfigurationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayConfiguration `json:"items"`
}

GatewayConfigurationList contains a list of GatewayConfiguration

func (*GatewayConfigurationList) DeepCopy 

func (in *GatewayConfigurationList) DeepCopy() *GatewayConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationList.

func (*GatewayConfigurationList) DeepCopyInto 

func (in *GatewayConfigurationList) DeepCopyInto(out *GatewayConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayConfigurationList) DeepCopyObject 

func (in *GatewayConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayConfigurationSpec 

type GatewayConfigurationSpec struct {
	// Settings contains the Gateway configuration settings.
	// +kubebuilder:validation:Required
	Settings GatewaySettings `json:"settings"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayConfigurationSpec defines the desired state of GatewayConfiguration

func (*GatewayConfigurationSpec) DeepCopy 

func (in *GatewayConfigurationSpec) DeepCopy() *GatewayConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationSpec.

func (*GatewayConfigurationSpec) DeepCopyInto 

func (in *GatewayConfigurationSpec) DeepCopyInto(out *GatewayConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayConfigurationStatus 

type GatewayConfigurationStatus struct {
	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayConfigurationStatus defines the observed state

func (*GatewayConfigurationStatus) DeepCopy 

func (in *GatewayConfigurationStatus) DeepCopy() *GatewayConfigurationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationStatus.

func (*GatewayConfigurationStatus) DeepCopyInto 

func (in *GatewayConfigurationStatus) DeepCopyInto(out *GatewayConfigurationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayList 

type GatewayList struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayListSpec   `json:"spec,omitempty"`
	Status GatewayListStatus `json:"status,omitempty"`
}

GatewayList is the Schema for the gatewaylists API.

func (*GatewayList) DeepCopy 

func (in *GatewayList) DeepCopy() *GatewayList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList.

func (*GatewayList) DeepCopyInto 

func (in *GatewayList) DeepCopyInto(out *GatewayList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayList) DeepCopyObject 

func (in *GatewayList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GatewayList) GetGatewayListName 

func (g *GatewayList) GetGatewayListName() string

GetGatewayListName returns the name to use in Cloudflare.

type GatewayListItem 

type GatewayListItem struct {
	// Value is the list entry value.
	// +kubebuilder:validation:Required
	Value string `json:"value"`

	// Description is an optional description for this item.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`
}

GatewayListItem represents a single list item.

func (*GatewayListItem) DeepCopy 

func (in *GatewayListItem) DeepCopy() *GatewayListItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListItem.

func (*GatewayListItem) DeepCopyInto 

func (in *GatewayListItem) DeepCopyInto(out *GatewayListItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayListList 

type GatewayListList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayList `json:"items"`
}

GatewayListList contains a list of GatewayList

func (*GatewayListList) DeepCopy 

func (in *GatewayListList) DeepCopy() *GatewayListList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListList.

func (*GatewayListList) DeepCopyInto 

func (in *GatewayListList) DeepCopyInto(out *GatewayListList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayListList) DeepCopyObject 

func (in *GatewayListList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayListSpec 

type GatewayListSpec struct {
	// Name of the Gateway List in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Type is the list type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=SERIAL;URL;DOMAIN;EMAIL;IP
	Type string `json:"type"`

	// Items are the list entries.
	// +kubebuilder:validation:Optional
	Items []GatewayListItem `json:"items,omitempty"`

	// ItemsFromConfigMap references a ConfigMap containing list items.
	// +kubebuilder:validation:Optional
	ItemsFromConfigMap *ConfigMapKeyRef `json:"itemsFromConfigMap,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayListSpec defines the desired state of GatewayList

func (*GatewayListSpec) DeepCopy 

func (in *GatewayListSpec) DeepCopy() *GatewayListSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListSpec.

func (*GatewayListSpec) DeepCopyInto 

func (in *GatewayListSpec) DeepCopyInto(out *GatewayListSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayListStatus 

type GatewayListStatus struct {
	// ListID is the Cloudflare Gateway List ID.
	// +kubebuilder:validation:Optional
	ListID string `json:"listId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ItemCount is the number of items in the list.
	// +kubebuilder:validation:Optional
	ItemCount int `json:"itemCount,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayListStatus defines the observed state

func (*GatewayListStatus) DeepCopy 

func (in *GatewayListStatus) DeepCopy() *GatewayListStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListStatus.

func (*GatewayListStatus) DeepCopyInto 

func (in *GatewayListStatus) DeepCopyInto(out *GatewayListStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRule 

type GatewayRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GatewayRuleSpec   `json:"spec,omitempty"`
	Status GatewayRuleStatus `json:"status,omitempty"`
}

GatewayRule is the Schema for the gatewayrules API.

func (*GatewayRule) DeepCopy 

func (in *GatewayRule) DeepCopy() *GatewayRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRule.

func (*GatewayRule) DeepCopyInto 

func (in *GatewayRule) DeepCopyInto(out *GatewayRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayRule) DeepCopyObject 

func (in *GatewayRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GatewayRule) GetGatewayRuleName 

func (g *GatewayRule) GetGatewayRuleName() string

GetGatewayRuleName returns the name to use in Cloudflare.

type GatewayRuleList 

type GatewayRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GatewayRule `json:"items"`
}

GatewayRuleList contains a list of GatewayRule

func (*GatewayRuleList) DeepCopy 

func (in *GatewayRuleList) DeepCopy() *GatewayRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleList.

func (*GatewayRuleList) DeepCopyInto 

func (in *GatewayRuleList) DeepCopyInto(out *GatewayRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GatewayRuleList) DeepCopyObject 

func (in *GatewayRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GatewayRuleSettings 

type GatewayRuleSettings struct {
	// BlockPageEnabled enables custom block page.
	// +kubebuilder:validation:Optional
	BlockPageEnabled *bool `json:"blockPageEnabled,omitempty"`

	// BlockReason is shown on the block page.
	// +kubebuilder:validation:Optional
	BlockReason string `json:"blockReason,omitempty"`

	// OverrideIPs for DNS override action.
	// +kubebuilder:validation:Optional
	OverrideIPs []string `json:"overrideIps,omitempty"`

	// OverrideHost for DNS override action.
	// +kubebuilder:validation:Optional
	OverrideHost string `json:"overrideHost,omitempty"`

	// L4Override for L4 override action.
	// +kubebuilder:validation:Optional
	L4Override *L4OverrideSettings `json:"l4Override,omitempty"`

	// BISOAdminControls for browser isolation.
	// +kubebuilder:validation:Optional
	BISOAdminControls *BISOAdminControls `json:"bisoAdminControls,omitempty"`

	// CheckSession enables session check.
	// +kubebuilder:validation:Optional
	CheckSession *SessionSettings `json:"checkSession,omitempty"`

	// AddHeaders adds headers to requests.
	// +kubebuilder:validation:Optional
	AddHeaders map[string]string `json:"addHeaders,omitempty"`

	// InsecureDisableDNSSECValidation disables DNSSEC validation.
	// +kubebuilder:validation:Optional
	InsecureDisableDNSSECValidation *bool `json:"insecureDisableDnssecValidation,omitempty"`

	// EgressSettings for egress action.
	// +kubebuilder:validation:Optional
	Egress *EgressSettings `json:"egress,omitempty"`

	// PayloadLog configures logging.
	// +kubebuilder:validation:Optional
	PayloadLog *PayloadLogSettings `json:"payloadLog,omitempty"`

	// UntrustedCertificateAction for TLS inspection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pass_through;block;error
	UntrustedCertificateAction string `json:"untrustedCertificateAction,omitempty"`

	// AuditSSH enables SSH command logging.
	// +kubebuilder:validation:Optional
	AuditSSH *AuditSSHSettings `json:"auditSsh,omitempty"`

	// ResolveDNSInternally for private DNS resolution.
	// +kubebuilder:validation:Optional
	ResolveDNSInternally *bool `json:"resolveDnsInternally,omitempty"`

	// DNSResolverIPv4 custom resolver.
	// +kubebuilder:validation:Optional
	DNSResolverIPv4 *DNSResolver `json:"dnsResolverIpv4,omitempty"`

	// DNSResolverIPv6 custom resolver.
	// +kubebuilder:validation:Optional
	DNSResolverIPv6 *DNSResolver `json:"dnsResolverIpv6,omitempty"`

	// NotificationSettings for alerts.
	// +kubebuilder:validation:Optional
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}

GatewayRuleSettings contains action-specific settings.

func (*GatewayRuleSettings) DeepCopy 

func (in *GatewayRuleSettings) DeepCopy() *GatewayRuleSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSettings.

func (*GatewayRuleSettings) DeepCopyInto 

func (in *GatewayRuleSettings) DeepCopyInto(out *GatewayRuleSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRuleSpec 

type GatewayRuleSpec struct {
	// Name of the Gateway Rule in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Description is a human-readable description.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=1000
	Description string `json:"description,omitempty"`

	// Precedence determines the order of rule evaluation (lower = earlier).
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=0
	Precedence int `json:"precedence"`

	// Enabled controls whether the rule is active.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Action is what happens when the rule matches.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=allow;block;log;isolate;l4_override;egress;resolve;quarantine
	Action string `json:"action"`

	// Filters specifies which types of traffic this rule applies to.
	// +kubebuilder:validation:Optional
	Filters []string `json:"filters,omitempty"`

	// Traffic is the wirefilter expression for traffic matching.
	// +kubebuilder:validation:Optional
	Traffic string `json:"traffic,omitempty"`

	// Identity is the wirefilter expression for identity matching.
	// +kubebuilder:validation:Optional
	Identity string `json:"identity,omitempty"`

	// DevicePosture is the wirefilter expression for device posture matching.
	// +kubebuilder:validation:Optional
	DevicePosture string `json:"devicePosture,omitempty"`

	// RuleSettings contains action-specific settings.
	// +kubebuilder:validation:Optional
	RuleSettings *GatewayRuleSettings `json:"ruleSettings,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

GatewayRuleSpec defines the desired state of GatewayRule

func (*GatewayRuleSpec) DeepCopy 

func (in *GatewayRuleSpec) DeepCopy() *GatewayRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSpec.

func (*GatewayRuleSpec) DeepCopyInto 

func (in *GatewayRuleSpec) DeepCopyInto(out *GatewayRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayRuleStatus 

type GatewayRuleStatus struct {
	// RuleID is the Cloudflare Gateway Rule ID.
	// +kubebuilder:validation:Optional
	RuleID string `json:"ruleId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

GatewayRuleStatus defines the observed state

func (*GatewayRuleStatus) DeepCopy 

func (in *GatewayRuleStatus) DeepCopy() *GatewayRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleStatus.

func (*GatewayRuleStatus) DeepCopyInto 

func (in *GatewayRuleStatus) DeepCopyInto(out *GatewayRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewaySettings 

type GatewaySettings struct {
	// TLSDecrypt enables TLS decryption.
	// +kubebuilder:validation:Optional
	TLSDecrypt *TLSDecryptSettings `json:"tlsDecrypt,omitempty"`

	// ActivityLog configures activity logging.
	// +kubebuilder:validation:Optional
	ActivityLog *ActivityLogSettings `json:"activityLog,omitempty"`

	// AntiVirus configures AV scanning.
	// +kubebuilder:validation:Optional
	AntiVirus *AntiVirusSettings `json:"antiVirus,omitempty"`

	// BlockPage configures the block page.
	// +kubebuilder:validation:Optional
	BlockPage *BlockPageSettings `json:"blockPage,omitempty"`

	// BodyScanning configures body scanning.
	// +kubebuilder:validation:Optional
	BodyScanning *BodyScanningSettings `json:"bodyScanning,omitempty"`

	// BrowserIsolation configures browser isolation.
	// +kubebuilder:validation:Optional
	BrowserIsolation *BrowserIsolationSettings `json:"browserIsolation,omitempty"`

	// FIPS enables FIPS mode.
	// +kubebuilder:validation:Optional
	FIPS *FIPSSettings `json:"fips,omitempty"`

	// ProtocolDetection enables protocol detection.
	// +kubebuilder:validation:Optional
	ProtocolDetection *ProtocolDetectionSettings `json:"protocolDetection,omitempty"`

	// CustomCertificate configures custom root CA.
	// +kubebuilder:validation:Optional
	CustomCertificate *CustomCertificateSettings `json:"customCertificate,omitempty"`

	// NonIdentityBrowserIsolation configures non-identity isolation.
	// +kubebuilder:validation:Optional
	NonIdentityBrowserIsolation *NonIdentityBrowserIsolationSettings `json:"nonIdentityBrowserIsolation,omitempty"`
}

GatewaySettings contains Gateway configuration.

func (*GatewaySettings) DeepCopy 

func (in *GatewaySettings) DeepCopy() *GatewaySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySettings.

func (*GatewaySettings) DeepCopyInto 

func (in *GatewaySettings) DeepCopyInto(out *GatewaySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderModification added in v0.20.0 

type HeaderModification struct {
	// Name is the header name
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Operation is the operation to perform
	// +kubebuilder:validation:Required
	Operation HeaderOperation `json:"operation"`

	// Value is the static header value (for set/add operations)
	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// Expression is a dynamic expression for the value
	// Example: ip.geoip.country
	// +kubebuilder:validation:Optional
	Expression string `json:"expression,omitempty"`
}

HeaderModification defines a header modification

func (*HeaderModification) DeepCopy added in v0.20.0 

func (in *HeaderModification) DeepCopy() *HeaderModification

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderModification.

func (*HeaderModification) DeepCopyInto added in v0.20.0 

func (in *HeaderModification) DeepCopyInto(out *HeaderModification)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderOperation added in v0.20.0 

type HeaderOperation string

HeaderOperation represents the operation to perform on a header +kubebuilder:validation:Enum=set;add;remove 

const (
	// HeaderOperationSet sets the header value (overwrites if exists)
	HeaderOperationSet HeaderOperation = "set"
	// HeaderOperationAdd adds a value to the header (preserves existing)
	HeaderOperationAdd HeaderOperation = "add"
	// HeaderOperationRemove removes the header
	HeaderOperationRemove HeaderOperation = "remove"
)

type IdentityProviderConfig 

type IdentityProviderConfig struct {
	// ClientID is the OAuth client ID.
	// +kubebuilder:validation:Optional
	ClientID string `json:"clientId,omitempty"`

	// ClientSecret is the OAuth client secret (use ConfigSecretRef for sensitive values).
	// +kubebuilder:validation:Optional
	ClientSecret string `json:"clientSecret,omitempty"`

	// AppsDomain is the Google Workspace domain.
	// +kubebuilder:validation:Optional
	AppsDomain string `json:"appsDomain,omitempty"`

	// AuthURL is the authorization URL (OIDC/OAuth).
	// +kubebuilder:validation:Optional
	AuthURL string `json:"authUrl,omitempty"`

	// TokenURL is the token endpoint URL.
	// +kubebuilder:validation:Optional
	TokenURL string `json:"tokenUrl,omitempty"`

	// CertsURL is the JWKS endpoint URL.
	// +kubebuilder:validation:Optional
	CertsURL string `json:"certsUrl,omitempty"`

	// Scopes are the OAuth scopes to request.
	// +kubebuilder:validation:Optional
	Scopes []string `json:"scopes,omitempty"`

	// IdPPublicCerts are the IdP's public certificates for SAML.
	// +kubebuilder:validation:Optional
	IdPPublicCerts []string `json:"idpPublicCerts,omitempty"`

	// IssuerURL is the OIDC issuer URL.
	// +kubebuilder:validation:Optional
	IssuerURL string `json:"issuerUrl,omitempty"`

	// SSOTargetURL is the SAML SSO URL.
	// +kubebuilder:validation:Optional
	SSOTargetURL string `json:"ssoTargetUrl,omitempty"`

	// SignRequest enables SAML request signing.
	// +kubebuilder:validation:Optional
	SignRequest *bool `json:"signRequest,omitempty"`

	// EmailClaimName is the claim containing the user's email.
	// +kubebuilder:validation:Optional
	EmailClaimName string `json:"emailClaimName,omitempty"`

	// DirectoryID is the Azure AD directory ID.
	// +kubebuilder:validation:Optional
	DirectoryID string `json:"directoryId,omitempty"`

	// SupportGroups enables group sync.
	// +kubebuilder:validation:Optional
	SupportGroups *bool `json:"supportGroups,omitempty"`

	// PKCEEnabled enables PKCE.
	// +kubebuilder:validation:Optional
	PKCEEnabled *bool `json:"pkceEnabled,omitempty"`

	// ConditionalAccessEnabled enables Azure AD conditional access.
	// +kubebuilder:validation:Optional
	ConditionalAccessEnabled *bool `json:"conditionalAccessEnabled,omitempty"`

	// Claims are custom OIDC claims to include.
	// +kubebuilder:validation:Optional
	Claims []string `json:"claims,omitempty"`

	// EmailAttributeName is the SAML attribute containing email.
	// +kubebuilder:validation:Optional
	EmailAttributeName string `json:"emailAttributeName,omitempty"`

	// HeaderAttributes are SAML attributes to pass as headers.
	// +kubebuilder:validation:Optional
	HeaderAttributes []SAMLHeaderAttribute `json:"headerAttributes,omitempty"`

	// APIToken is the API token (GitHub, etc).
	// +kubebuilder:validation:Optional
	APIToken string `json:"apiToken,omitempty"`

	// OktaAccount is the Okta organization URL.
	// +kubebuilder:validation:Optional
	OktaAccount string `json:"oktaAccount,omitempty"`

	// OneloginAccount is the OneLogin subdomain.
	// +kubebuilder:validation:Optional
	OneloginAccount string `json:"oneloginAccount,omitempty"`

	// PingEnvID is the PingOne environment ID.
	// +kubebuilder:validation:Optional
	PingEnvID string `json:"pingEnvId,omitempty"`

	// CentrifyAccount is the Centrify account.
	// +kubebuilder:validation:Optional
	CentrifyAccount string `json:"centrifyAccount,omitempty"`

	// CentrifyAppID is the Centrify app ID.
	// +kubebuilder:validation:Optional
	CentrifyAppID string `json:"centrifyAppId,omitempty"`

	// RedirectURL is the callback URL.
	// +kubebuilder:validation:Optional
	RedirectURL string `json:"redirectUrl,omitempty"`
}

IdentityProviderConfig contains provider configuration.

func (*IdentityProviderConfig) DeepCopy 

func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig.

func (*IdentityProviderConfig) DeepCopyInto 

func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type L4OverrideSettings 

type L4OverrideSettings struct {
	IP   string `json:"ip"`
	Port int    `json:"port"`
}

L4OverrideSettings for L4 override.

func (*L4OverrideSettings) DeepCopy 

func (in *L4OverrideSettings) DeepCopy() *L4OverrideSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4OverrideSettings.

func (*L4OverrideSettings) DeepCopyInto 

func (in *L4OverrideSettings) DeepCopyInto(out *L4OverrideSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MinifyConfig added in v0.20.0 

type MinifyConfig struct {
	// HTML enables HTML minification
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	HTML bool `json:"html,omitempty"`

	// CSS enables CSS minification
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	CSS bool `json:"css,omitempty"`

	// JavaScript enables JavaScript minification
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	JavaScript bool `json:"javascript,omitempty"`
}

MinifyConfig configures code minification

func (*MinifyConfig) DeepCopy added in v0.20.0 

func (in *MinifyConfig) DeepCopy() *MinifyConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MinifyConfig.

func (*MinifyConfig) DeepCopyInto added in v0.20.0 

func (in *MinifyConfig) DeepCopyInto(out *MinifyConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRoute 

type NetworkRoute struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   NetworkRouteSpec   `json:"spec,omitempty"`
	Status NetworkRouteStatus `json:"status,omitempty"`
}

NetworkRoute is the Schema for the networkroutes API. A NetworkRoute defines a CIDR range to be routed through a Cloudflare Tunnel, enabling private network access via WARP clients.

func (*NetworkRoute) DeepCopy 

func (in *NetworkRoute) DeepCopy() *NetworkRoute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRoute.

func (*NetworkRoute) DeepCopyInto 

func (in *NetworkRoute) DeepCopyInto(out *NetworkRoute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkRoute) DeepCopyObject 

func (in *NetworkRoute) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkRouteList 

type NetworkRouteList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []NetworkRoute `json:"items"`
}

NetworkRouteList contains a list of NetworkRoute

func (*NetworkRouteList) DeepCopy 

func (in *NetworkRouteList) DeepCopy() *NetworkRouteList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteList.

func (*NetworkRouteList) DeepCopyInto 

func (in *NetworkRouteList) DeepCopyInto(out *NetworkRouteList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkRouteList) DeepCopyObject 

func (in *NetworkRouteList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkRouteSpec 

type NetworkRouteSpec struct {
	// Network is the CIDR notation for the IP range to route (e.g., "10.0.0.0/8").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
	Network string `json:"network"`

	// TunnelRef references the Tunnel or ClusterTunnel that will handle this route.
	// +kubebuilder:validation:Required
	TunnelRef TunnelRef `json:"tunnelRef"`

	// VirtualNetworkRef references the VirtualNetwork for this route.
	// If not specified, the default Virtual Network will be used.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Comment is an optional description for the route.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

NetworkRouteSpec defines the desired state of NetworkRoute

func (*NetworkRouteSpec) DeepCopy 

func (in *NetworkRouteSpec) DeepCopy() *NetworkRouteSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteSpec.

func (*NetworkRouteSpec) DeepCopyInto 

func (in *NetworkRouteSpec) DeepCopyInto(out *NetworkRouteSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkRouteStatus 

type NetworkRouteStatus struct {
	// Network is the CIDR from the route in Cloudflare.
	// +kubebuilder:validation:Optional
	Network string `json:"network,omitempty"`

	// TunnelID is the Cloudflare Tunnel ID this route points to.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the name of the Tunnel in Cloudflare.
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// VirtualNetworkID is the Cloudflare Virtual Network ID.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state of the route.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the NetworkRoute's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

NetworkRouteStatus defines the observed state of NetworkRoute

func (*NetworkRouteStatus) DeepCopy 

func (in *NetworkRouteStatus) DeepCopy() *NetworkRouteStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteStatus.

func (*NetworkRouteStatus) DeepCopyInto 

func (in *NetworkRouteStatus) DeepCopyInto(out *NetworkRouteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NewTunnel 

type NewTunnel struct {
	// +kubebuilder:validation:Required
	// Tunnel name to create on Cloudflare.
	Name string `json:"name,omitempty"`
}

NewTunnel spec needs a name to create a Tunnel on Cloudflare.

func (*NewTunnel) DeepCopy 

func (in *NewTunnel) DeepCopy() *NewTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NewTunnel.

func (*NewTunnel) DeepCopyInto 

func (in *NewTunnel) DeepCopyInto(out *NewTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NonIdentityBrowserIsolationSettings 

type NonIdentityBrowserIsolationSettings struct {
	Enabled bool `json:"enabled"`
}

NonIdentityBrowserIsolationSettings for non-identity isolation.

func (*NonIdentityBrowserIsolationSettings) DeepCopy 

func (in *NonIdentityBrowserIsolationSettings) DeepCopy() *NonIdentityBrowserIsolationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonIdentityBrowserIsolationSettings.

func (*NonIdentityBrowserIsolationSettings) DeepCopyInto 

func (in *NonIdentityBrowserIsolationSettings) DeepCopyInto(out *NonIdentityBrowserIsolationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NotificationSettings 

type NotificationSettings struct {
	Enabled    bool   `json:"enabled"`
	Message    string `json:"message,omitempty"`
	SupportURL string `json:"supportUrl,omitempty"`
}

NotificationSettings for alerts.

func (*NotificationSettings) DeepCopy 

func (in *NotificationSettings) DeepCopy() *NotificationSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotificationSettings.

func (*NotificationSettings) DeepCopyInto 

func (in *NotificationSettings) DeepCopyInto(out *NotificationSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OriginCACertificate added in v0.20.0 

type OriginCACertificate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   OriginCACertificateSpec   `json:"spec,omitempty"`
	Status OriginCACertificateStatus `json:"status,omitempty"`
}

OriginCACertificate manages Cloudflare Origin CA certificates. These certificates are trusted by Cloudflare's edge servers and can be used for SSL/TLS encryption between Cloudflare and your origin server.

The controller can optionally sync the certificate to a Kubernetes Secret in cert-manager compatible format for use with Ingress or other TLS consumers.

func (*OriginCACertificate) DeepCopy added in v0.20.0 

func (in *OriginCACertificate) DeepCopy() *OriginCACertificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificate.

func (*OriginCACertificate) DeepCopyInto added in v0.20.0 

func (in *OriginCACertificate) DeepCopyInto(out *OriginCACertificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OriginCACertificate) DeepCopyObject added in v0.20.0 

func (in *OriginCACertificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OriginCACertificateList added in v0.20.0 

type OriginCACertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []OriginCACertificate `json:"items"`
}

OriginCACertificateList contains a list of OriginCACertificate

func (*OriginCACertificateList) DeepCopy added in v0.20.0 

func (in *OriginCACertificateList) DeepCopy() *OriginCACertificateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateList.

func (*OriginCACertificateList) DeepCopyInto added in v0.20.0 

func (in *OriginCACertificateList) DeepCopyInto(out *OriginCACertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OriginCACertificateList) DeepCopyObject added in v0.20.0 

func (in *OriginCACertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OriginCACertificateSpec added in v0.20.0 

type OriginCACertificateSpec struct {
	// Hostnames are the domain names the certificate should be valid for
	// Supports wildcards (e.g., "*.example.com")
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Hostnames []string `json:"hostnames"`

	// RequestType specifies the certificate type (RSA or ECC)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=origin-rsa
	RequestType CertificateRequestType `json:"requestType,omitempty"`

	// Validity specifies the certificate validity period in days
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=5475
	Validity CertificateValidity `json:"validity,omitempty"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`

	// PrivateKey configures the private key generation or reference
	// +kubebuilder:validation:Optional
	PrivateKey *PrivateKeySpec `json:"privateKey,omitempty"`

	// SecretSync configures syncing the certificate to a Kubernetes Secret
	// +kubebuilder:validation:Optional
	SecretSync *SecretSyncConfig `json:"secretSync,omitempty"`

	// Renewal configures automatic certificate renewal
	// +kubebuilder:validation:Optional
	Renewal *RenewalConfig `json:"renewal,omitempty"`

	// CSR is an optional Certificate Signing Request
	// If provided, the controller will use this CSR instead of generating one
	// +kubebuilder:validation:Optional
	CSR string `json:"csr,omitempty"`
}

OriginCACertificateSpec defines the desired state of OriginCACertificate

func (*OriginCACertificateSpec) DeepCopy added in v0.20.0 

func (in *OriginCACertificateSpec) DeepCopy() *OriginCACertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateSpec.

func (*OriginCACertificateSpec) DeepCopyInto added in v0.20.0 

func (in *OriginCACertificateSpec) DeepCopyInto(out *OriginCACertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OriginCACertificateState added in v0.20.0 

type OriginCACertificateState string

OriginCACertificateState represents the state of the certificate +kubebuilder:validation:Enum=Pending;Issuing;Ready;Renewing;Error;Revoked 

const (
	// OriginCACertificateStatePending means the certificate is waiting to be issued
	OriginCACertificateStatePending OriginCACertificateState = "Pending"
	// OriginCACertificateStateIssuing means the certificate is being issued
	OriginCACertificateStateIssuing OriginCACertificateState = "Issuing"
	// OriginCACertificateStateReady means the certificate is issued and ready
	OriginCACertificateStateReady OriginCACertificateState = "Ready"
	// OriginCACertificateStateRenewing means the certificate is being renewed
	OriginCACertificateStateRenewing OriginCACertificateState = "Renewing"
	// OriginCACertificateStateError means there was an error with the certificate
	OriginCACertificateStateError OriginCACertificateState = "Error"
	// OriginCACertificateStateRevoked means the certificate has been revoked
	OriginCACertificateStateRevoked OriginCACertificateState = "Revoked"
)

type OriginCACertificateStatus added in v0.20.0 

type OriginCACertificateStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the certificate
	// +optional
	State OriginCACertificateState `json:"state,omitempty"`

	// CertificateID is the Cloudflare certificate ID
	// +optional
	CertificateID string `json:"certificateId,omitempty"`

	// Certificate is the PEM-encoded certificate (public key)
	// +optional
	Certificate string `json:"certificate,omitempty"`

	// ExpiresAt is the certificate expiration time
	// +optional
	ExpiresAt *metav1.Time `json:"expiresAt,omitempty"`

	// IssuedAt is the time the certificate was issued
	// +optional
	IssuedAt *metav1.Time `json:"issuedAt,omitempty"`

	// RevokedAt is the time the certificate was revoked (if revoked)
	// +optional
	RevokedAt *metav1.Time `json:"revokedAt,omitempty"`

	// RenewalTime is the next scheduled renewal time
	// +optional
	RenewalTime *metav1.Time `json:"renewalTime,omitempty"`

	// SecretName is the name of the synced Secret
	// +optional
	SecretName string `json:"secretName,omitempty"`

	// SecretNamespace is the namespace of the synced Secret
	// +optional
	SecretNamespace string `json:"secretNamespace,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

OriginCACertificateStatus defines the observed state of OriginCACertificate

func (*OriginCACertificateStatus) DeepCopy added in v0.20.0 

func (in *OriginCACertificateStatus) DeepCopy() *OriginCACertificateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateStatus.

func (*OriginCACertificateStatus) DeepCopyInto added in v0.20.0 

func (in *OriginCACertificateStatus) DeepCopyInto(out *OriginCACertificateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OriginRequestSpec added in v0.18.1 

type OriginRequestSpec struct {
	// NoTLSVerify disables TLS verification for HTTPS origins
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	NoTLSVerify bool `json:"noTlsVerify,omitempty"`

	// HTTP2Origin enables HTTP/2 to origin (origin must be HTTPS)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	HTTP2Origin bool `json:"http2Origin,omitempty"`

	// ConnectTimeout for establishing connection to origin (e.g., "30s")
	// +kubebuilder:validation:Optional
	ConnectTimeout string `json:"connectTimeout,omitempty"`

	// TLSTimeout for TLS handshake with origin (e.g., "10s")
	// +kubebuilder:validation:Optional
	TLSTimeout string `json:"tlsTimeout,omitempty"`

	// KeepAliveTimeout for idle connections to origin (e.g., "90s")
	// +kubebuilder:validation:Optional
	KeepAliveTimeout string `json:"keepAliveTimeout,omitempty"`

	// KeepAliveConnections is the maximum number of idle connections to keep open
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	KeepAliveConnections *int `json:"keepAliveConnections,omitempty"`

	// CAPool is the name of a Secret containing CA certificate (tls.crt) for backend verification
	// +kubebuilder:validation:Optional
	CAPool string `json:"caPool,omitempty"`

	// OriginServerName overrides the hostname used for TLS verification
	// +kubebuilder:validation:Optional
	OriginServerName string `json:"originServerName,omitempty"`

	// HTTPHostHeader overrides the Host header sent to origin
	// +kubebuilder:validation:Optional
	HTTPHostHeader string `json:"httpHostHeader,omitempty"`

	// ProxyAddress for bastion/SOCKS mode
	// +kubebuilder:validation:Optional
	ProxyAddress string `json:"proxyAddress,omitempty"`

	// ProxyPort for bastion/SOCKS mode
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	ProxyPort *uint16 `json:"proxyPort,omitempty"`

	// ProxyType specifies the proxy type: "" (none) or "socks"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="";socks
	ProxyType string `json:"proxyType,omitempty"`

	// DisableChunkedEncoding disables chunked transfer encoding for HTTP requests
	// +kubebuilder:validation:Optional
	DisableChunkedEncoding *bool `json:"disableChunkedEncoding,omitempty"`

	// BastionMode enables bastion mode for the tunnel
	// +kubebuilder:validation:Optional
	BastionMode *bool `json:"bastionMode,omitempty"`
}

OriginRequestSpec defines origin request configuration for backend connections

func (*OriginRequestSpec) DeepCopy added in v0.18.1 

func (in *OriginRequestSpec) DeepCopy() *OriginRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginRequestSpec.

func (*OriginRequestSpec) DeepCopyInto added in v0.18.1 

func (in *OriginRequestSpec) DeepCopyInto(out *OriginRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PayloadLogSettings 

type PayloadLogSettings struct {
	Enabled bool `json:"enabled"`
}

PayloadLogSettings for logging.

func (*PayloadLogSettings) DeepCopy 

func (in *PayloadLogSettings) DeepCopy() *PayloadLogSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PayloadLogSettings.

func (*PayloadLogSettings) DeepCopyInto 

func (in *PayloadLogSettings) DeepCopyInto(out *PayloadLogSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PerformanceConfig added in v0.20.0 

type PerformanceConfig struct {
	// Brotli enables Brotli compression
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Brotli *bool `json:"brotli,omitempty"`

	// HTTP2 enables HTTP/2 support
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	HTTP2 *bool `json:"http2,omitempty"`

	// HTTP3 enables HTTP/3 (QUIC) support
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	HTTP3 *bool `json:"http3,omitempty"`

	// ZeroRTT enables 0-RTT Connection Resumption
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	ZeroRTT *bool `json:"zeroRTT,omitempty"`

	// Minify configures code minification
	// +kubebuilder:validation:Optional
	Minify *MinifyConfig `json:"minify,omitempty"`

	// Polish configures image optimization mode
	// Requires Pro plan or higher
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=off
	Polish PolishMode `json:"polish,omitempty"`

	// WebP enables WebP image conversion
	// Requires Pro plan or higher
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	WebP bool `json:"webp,omitempty"`

	// Mirage enables mobile image optimization
	// Requires Pro plan or higher
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Mirage bool `json:"mirage,omitempty"`

	// EarlyHints enables 103 Early Hints
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	EarlyHints *bool `json:"earlyHints,omitempty"`

	// RocketLoader optimizes JavaScript loading
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	RocketLoader bool `json:"rocketLoader,omitempty"`

	// PrefetchPreload enables prefetch and preload
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	PrefetchPreload *bool `json:"prefetchPreload,omitempty"`

	// IPGeolocation adds visitor's country to request headers
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	IPGeolocation *bool `json:"ipGeolocation,omitempty"`

	// Websockets enables WebSocket support
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Websockets *bool `json:"websockets,omitempty"`
}

PerformanceConfig defines performance settings for a domain

func (*PerformanceConfig) DeepCopy added in v0.20.0 

func (in *PerformanceConfig) DeepCopy() *PerformanceConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceConfig.

func (*PerformanceConfig) DeepCopyInto added in v0.20.0 

func (in *PerformanceConfig) DeepCopyInto(out *PerformanceConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolishMode added in v0.20.0 

type PolishMode string

PolishMode represents image optimization mode +kubebuilder:validation:Enum=off;lossless;lossy 

const (
	PolishModeOff      PolishMode = "off"
	PolishModeLossless PolishMode = "lossless"
	PolishModeLossy    PolishMode = "lossy"
)

type PrivateKeySpec added in v0.20.0 

type PrivateKeySpec struct {
	// Algorithm specifies the private key algorithm
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=RSA;ECDSA
	// +kubebuilder:default=RSA
	Algorithm string `json:"algorithm,omitempty"`

	// Size specifies the key size in bits (for RSA) or curve (for ECDSA)
	// For RSA: 2048, 4096. For ECDSA: 256, 384
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=2048
	Size int `json:"size,omitempty"`

	// SecretRef references an existing Secret containing the private key
	// If specified, the controller will use this key instead of generating one
	// The Secret must contain a "private-key" or "tls.key" key
	// +kubebuilder:validation:Optional
	SecretRef *SecretKeyReference `json:"secretRef,omitempty"`
}

PrivateKeySpec configures how the private key is handled

func (*PrivateKeySpec) DeepCopy added in v0.20.0 

func (in *PrivateKeySpec) DeepCopy() *PrivateKeySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateKeySpec.

func (*PrivateKeySpec) DeepCopyInto added in v0.20.0 

func (in *PrivateKeySpec) DeepCopyInto(out *PrivateKeySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrivateService 

type PrivateService struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PrivateServiceSpec   `json:"spec,omitempty"`
	Status PrivateServiceStatus `json:"status,omitempty"`
}

PrivateService is the Schema for the privateservices API. A PrivateService exposes a Kubernetes Service privately through a Cloudflare Tunnel, making it accessible only to authenticated WARP clients.

func (*PrivateService) DeepCopy 

func (in *PrivateService) DeepCopy() *PrivateService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateService.

func (*PrivateService) DeepCopyInto 

func (in *PrivateService) DeepCopyInto(out *PrivateService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PrivateService) DeepCopyObject 

func (in *PrivateService) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PrivateServiceList 

type PrivateServiceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PrivateService `json:"items"`
}

PrivateServiceList contains a list of PrivateService

func (*PrivateServiceList) DeepCopy 

func (in *PrivateServiceList) DeepCopy() *PrivateServiceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceList.

func (*PrivateServiceList) DeepCopyInto 

func (in *PrivateServiceList) DeepCopyInto(out *PrivateServiceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PrivateServiceList) DeepCopyObject 

func (in *PrivateServiceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PrivateServiceSpec 

type PrivateServiceSpec struct {
	// ServiceRef references the Kubernetes Service to expose privately.
	// The Service must be in the same namespace as the PrivateService.
	// +kubebuilder:validation:Required
	ServiceRef ServiceRef `json:"serviceRef"`

	// TunnelRef references the Tunnel or ClusterTunnel that will handle this private service.
	// +kubebuilder:validation:Required
	TunnelRef TunnelRef `json:"tunnelRef"`

	// VirtualNetworkRef references the VirtualNetwork for this private service.
	// If not specified, the default Virtual Network will be used.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Protocol specifies the protocol to use for the private service.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=tcp;udp
	// +kubebuilder:default=tcp
	Protocol string `json:"protocol,omitempty"`

	// Comment is an optional description for the private service.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

PrivateServiceSpec defines the desired state of PrivateService

func (*PrivateServiceSpec) DeepCopy 

func (in *PrivateServiceSpec) DeepCopy() *PrivateServiceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceSpec.

func (*PrivateServiceSpec) DeepCopyInto 

func (in *PrivateServiceSpec) DeepCopyInto(out *PrivateServiceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PrivateServiceStatus 

type PrivateServiceStatus struct {
	// Network is the CIDR that was created for this private service.
	// +kubebuilder:validation:Optional
	Network string `json:"network,omitempty"`

	// ServiceIP is the ClusterIP of the referenced Service.
	// +kubebuilder:validation:Optional
	ServiceIP string `json:"serviceIP,omitempty"`

	// TunnelID is the Cloudflare Tunnel ID this service routes through.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the name of the Tunnel in Cloudflare.
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// VirtualNetworkID is the Cloudflare Virtual Network ID.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// State indicates the current state of the private service.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations of the PrivateService's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

PrivateServiceStatus defines the observed state of PrivateService

func (*PrivateServiceStatus) DeepCopy 

func (in *PrivateServiceStatus) DeepCopy() *PrivateServiceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceStatus.

func (*PrivateServiceStatus) DeepCopyInto 

func (in *PrivateServiceStatus) DeepCopyInto(out *PrivateServiceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProtocolDetectionSettings 

type ProtocolDetectionSettings struct {
	Enabled bool `json:"enabled"`
}

ProtocolDetectionSettings for protocol detection.

func (*ProtocolDetectionSettings) DeepCopy 

func (in *ProtocolDetectionSettings) DeepCopy() *ProtocolDetectionSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProtocolDetectionSettings.

func (*ProtocolDetectionSettings) DeepCopyInto 

func (in *ProtocolDetectionSettings) DeepCopyInto(out *ProtocolDetectionSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2Bucket added in v0.20.0 

type R2Bucket struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   R2BucketSpec   `json:"spec,omitempty"`
	Status R2BucketStatus `json:"status,omitempty"`
}

R2Bucket manages a Cloudflare R2 storage bucket. R2 is Cloudflare's S3-compatible object storage service.

The controller creates and manages R2 buckets in your Cloudflare account.

func (*R2Bucket) DeepCopy added in v0.20.0 

func (in *R2Bucket) DeepCopy() *R2Bucket

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2Bucket.

func (*R2Bucket) DeepCopyInto added in v0.20.0 

func (in *R2Bucket) DeepCopyInto(out *R2Bucket)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2Bucket) DeepCopyObject added in v0.20.0 

func (in *R2Bucket) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketDomain added in v0.20.0 

type R2BucketDomain struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   R2BucketDomainSpec   `json:"spec,omitempty"`
	Status R2BucketDomainStatus `json:"status,omitempty"`
}

R2BucketDomain is the Schema for the r2bucketdomains API It configures a custom domain for an R2 storage bucket

func (*R2BucketDomain) DeepCopy added in v0.20.0 

func (in *R2BucketDomain) DeepCopy() *R2BucketDomain

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomain.

func (*R2BucketDomain) DeepCopyInto added in v0.20.0 

func (in *R2BucketDomain) DeepCopyInto(out *R2BucketDomain)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2BucketDomain) DeepCopyObject added in v0.20.0 

func (in *R2BucketDomain) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketDomainList added in v0.20.0 

type R2BucketDomainList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []R2BucketDomain `json:"items"`
}

R2BucketDomainList contains a list of R2BucketDomain

func (*R2BucketDomainList) DeepCopy added in v0.20.0 

func (in *R2BucketDomainList) DeepCopy() *R2BucketDomainList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainList.

func (*R2BucketDomainList) DeepCopyInto added in v0.20.0 

func (in *R2BucketDomainList) DeepCopyInto(out *R2BucketDomainList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2BucketDomainList) DeepCopyObject added in v0.20.0 

func (in *R2BucketDomainList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketDomainMinTLS added in v0.20.0 

type R2BucketDomainMinTLS string

R2BucketDomainMinTLS represents the minimum TLS version +kubebuilder:validation:Enum="1.0";"1.1";"1.2";"1.3" 

const (
	// R2BucketDomainMinTLS10 is TLS 1.0
	R2BucketDomainMinTLS10 R2BucketDomainMinTLS = "1.0"
	// R2BucketDomainMinTLS11 is TLS 1.1
	R2BucketDomainMinTLS11 R2BucketDomainMinTLS = "1.1"
	// R2BucketDomainMinTLS12 is TLS 1.2
	R2BucketDomainMinTLS12 R2BucketDomainMinTLS = "1.2"
	// R2BucketDomainMinTLS13 is TLS 1.3
	R2BucketDomainMinTLS13 R2BucketDomainMinTLS = "1.3"
)

type R2BucketDomainSpec added in v0.20.0 

type R2BucketDomainSpec struct {
	// BucketName is the name of the R2 bucket to attach the domain to
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=3
	BucketName string `json:"bucketName"`

	// Domain is the custom domain name to attach to the bucket
	// The domain must belong to a zone in the same Cloudflare account
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$`
	Domain string `json:"domain"`

	// ZoneID is the Cloudflare zone ID for the domain
	// If not specified, it will be looked up automatically
	// +kubebuilder:validation:Optional
	ZoneID string `json:"zoneId,omitempty"`

	// MinTLS sets the minimum TLS version for the custom domain
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="1.2"
	MinTLS R2BucketDomainMinTLS `json:"minTls,omitempty"`

	// EnablePublicAccess enables public access to the bucket via this domain
	// When true, the bucket contents can be accessed without authentication
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	EnablePublicAccess bool `json:"enablePublicAccess,omitempty"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

R2BucketDomainSpec defines the desired state of R2BucketDomain

func (*R2BucketDomainSpec) DeepCopy added in v0.20.0 

func (in *R2BucketDomainSpec) DeepCopy() *R2BucketDomainSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainSpec.

func (*R2BucketDomainSpec) DeepCopyInto added in v0.20.0 

func (in *R2BucketDomainSpec) DeepCopyInto(out *R2BucketDomainSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2BucketDomainState added in v0.20.0 

type R2BucketDomainState string

R2BucketDomainState represents the state of the R2 bucket domain +kubebuilder:validation:Enum=Pending;Initializing;Active;Error 

const (
	// R2BucketDomainStatePending means the domain is waiting to be configured
	R2BucketDomainStatePending R2BucketDomainState = "Pending"
	// R2BucketDomainStateInitializing means the domain is being configured
	R2BucketDomainStateInitializing R2BucketDomainState = "Initializing"
	// R2BucketDomainStateActive means the domain is active and serving content
	R2BucketDomainStateActive R2BucketDomainState = "Active"
	// R2BucketDomainStateError means there was an error configuring the domain
	R2BucketDomainStateError R2BucketDomainState = "Error"
)

type R2BucketDomainStatus added in v0.20.0 

type R2BucketDomainStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the domain
	// +optional
	State R2BucketDomainState `json:"state,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`

	// DomainID is the Cloudflare domain configuration ID
	// +optional
	DomainID string `json:"domainId,omitempty"`

	// ZoneID is the resolved zone ID for the domain
	// +optional
	ZoneID string `json:"zoneId,omitempty"`

	// Enabled indicates if the domain is enabled
	// +optional
	Enabled bool `json:"enabled,omitempty"`

	// MinTLS is the configured minimum TLS version
	// +optional
	MinTLS string `json:"minTls,omitempty"`

	// PublicAccessEnabled indicates if public access is enabled
	// +optional
	PublicAccessEnabled bool `json:"publicAccessEnabled,omitempty"`

	// URL is the full URL to access the bucket via this domain
	// +optional
	URL string `json:"url,omitempty"`
}

R2BucketDomainStatus defines the observed state of R2BucketDomain

func (*R2BucketDomainStatus) DeepCopy added in v0.20.0 

func (in *R2BucketDomainStatus) DeepCopy() *R2BucketDomainStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainStatus.

func (*R2BucketDomainStatus) DeepCopyInto added in v0.20.0 

func (in *R2BucketDomainStatus) DeepCopyInto(out *R2BucketDomainStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2BucketList added in v0.20.0 

type R2BucketList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []R2Bucket `json:"items"`
}

R2BucketList contains a list of R2Bucket

func (*R2BucketList) DeepCopy added in v0.20.0 

func (in *R2BucketList) DeepCopy() *R2BucketList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketList.

func (*R2BucketList) DeepCopyInto added in v0.20.0 

func (in *R2BucketList) DeepCopyInto(out *R2BucketList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2BucketList) DeepCopyObject added in v0.20.0 

func (in *R2BucketList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketNotification added in v0.20.0 

type R2BucketNotification struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   R2BucketNotificationSpec   `json:"spec,omitempty"`
	Status R2BucketNotificationStatus `json:"status,omitempty"`
}

R2BucketNotification configures event notifications for an R2 bucket. Events are sent to a Cloudflare Queue when objects are created or deleted.

func (*R2BucketNotification) DeepCopy added in v0.20.0 

func (in *R2BucketNotification) DeepCopy() *R2BucketNotification

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotification.

func (*R2BucketNotification) DeepCopyInto added in v0.20.0 

func (in *R2BucketNotification) DeepCopyInto(out *R2BucketNotification)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2BucketNotification) DeepCopyObject added in v0.20.0 

func (in *R2BucketNotification) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketNotificationList added in v0.20.0 

type R2BucketNotificationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []R2BucketNotification `json:"items"`
}

R2BucketNotificationList contains a list of R2BucketNotification

func (*R2BucketNotificationList) DeepCopy added in v0.20.0 

func (in *R2BucketNotificationList) DeepCopy() *R2BucketNotificationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationList.

func (*R2BucketNotificationList) DeepCopyInto added in v0.20.0 

func (in *R2BucketNotificationList) DeepCopyInto(out *R2BucketNotificationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*R2BucketNotificationList) DeepCopyObject added in v0.20.0 

func (in *R2BucketNotificationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type R2BucketNotificationSpec added in v0.20.0 

type R2BucketNotificationSpec struct {
	// BucketName is the name of the R2 bucket to configure notifications for
	// +kubebuilder:validation:Required
	BucketName string `json:"bucketName"`

	// QueueName is the name of the Cloudflare Queue to send notifications to
	// +kubebuilder:validation:Required
	QueueName string `json:"queueName"`

	// Rules defines the notification rules
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Rules []R2NotificationRule `json:"rules"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

R2BucketNotificationSpec defines the desired state of R2BucketNotification

func (*R2BucketNotificationSpec) DeepCopy added in v0.20.0 

func (in *R2BucketNotificationSpec) DeepCopy() *R2BucketNotificationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationSpec.

func (*R2BucketNotificationSpec) DeepCopyInto added in v0.20.0 

func (in *R2BucketNotificationSpec) DeepCopyInto(out *R2BucketNotificationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2BucketNotificationStatus added in v0.20.0 

type R2BucketNotificationStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the notification
	// +optional
	State R2NotificationState `json:"state,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`

	// QueueID is the Cloudflare Queue ID
	// +optional
	QueueID string `json:"queueId,omitempty"`

	// RuleCount is the number of notification rules configured
	// +optional
	RuleCount int `json:"ruleCount,omitempty"`
}

R2BucketNotificationStatus defines the observed state of R2BucketNotification

func (*R2BucketNotificationStatus) DeepCopy added in v0.20.0 

func (in *R2BucketNotificationStatus) DeepCopy() *R2BucketNotificationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationStatus.

func (*R2BucketNotificationStatus) DeepCopyInto added in v0.20.0 

func (in *R2BucketNotificationStatus) DeepCopyInto(out *R2BucketNotificationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2BucketSpec added in v0.20.0 

type R2BucketSpec struct {
	// Name is the name of the R2 bucket in Cloudflare
	// If not specified, defaults to the Kubernetes resource name
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$`
	Name string `json:"name,omitempty"`

	// LocationHint specifies the preferred location for the bucket
	// Cloudflare will attempt to place the bucket in this location,
	// but may use a different location if unavailable
	// +kubebuilder:validation:Optional
	LocationHint R2LocationHint `json:"locationHint,omitempty"`

	// CORS defines the Cross-Origin Resource Sharing rules for the bucket
	// +kubebuilder:validation:Optional
	CORS []R2CORSRule `json:"cors,omitempty"`

	// Lifecycle defines the object lifecycle rules for the bucket
	// +kubebuilder:validation:Optional
	Lifecycle []R2LifecycleRule `json:"lifecycle,omitempty"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`

	// DeletionPolicy specifies what happens when the Kubernetes resource is deleted
	// Delete: The R2 bucket will be deleted from Cloudflare
	// Orphan: The R2 bucket will be left in Cloudflare
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=Delete;Orphan
	// +kubebuilder:default=Delete
	DeletionPolicy string `json:"deletionPolicy,omitempty"`
}

R2BucketSpec defines the desired state of R2Bucket

func (*R2BucketSpec) DeepCopy added in v0.20.0 

func (in *R2BucketSpec) DeepCopy() *R2BucketSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketSpec.

func (*R2BucketSpec) DeepCopyInto added in v0.20.0 

func (in *R2BucketSpec) DeepCopyInto(out *R2BucketSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2BucketState added in v0.20.0 

type R2BucketState string

R2BucketState represents the state of the R2 bucket +kubebuilder:validation:Enum=Pending;Creating;Ready;Deleting;Error 

const (
	// R2BucketStatePending means the bucket is waiting to be created
	R2BucketStatePending R2BucketState = "Pending"
	// R2BucketStateCreating means the bucket is being created
	R2BucketStateCreating R2BucketState = "Creating"
	// R2BucketStateReady means the bucket is created and ready
	R2BucketStateReady R2BucketState = "Ready"
	// R2BucketStateDeleting means the bucket is being deleted
	R2BucketStateDeleting R2BucketState = "Deleting"
	// R2BucketStateError means there was an error with the bucket
	R2BucketStateError R2BucketState = "Error"
)

type R2BucketStatus added in v0.20.0 

type R2BucketStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the bucket
	// +optional
	State R2BucketState `json:"state,omitempty"`

	// BucketName is the actual name of the bucket in Cloudflare
	// +optional
	BucketName string `json:"bucketName,omitempty"`

	// Location is the actual location where the bucket was created
	// +optional
	Location string `json:"location,omitempty"`

	// CreatedAt is the time the bucket was created in Cloudflare
	// +optional
	CreatedAt *metav1.Time `json:"createdAt,omitempty"`

	// CORSRulesCount is the number of CORS rules configured
	// +optional
	CORSRulesCount int `json:"corsRulesCount,omitempty"`

	// LifecycleRulesCount is the number of lifecycle rules configured
	// +optional
	LifecycleRulesCount int `json:"lifecycleRulesCount,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

R2BucketStatus defines the observed state of R2Bucket

func (*R2BucketStatus) DeepCopy added in v0.20.0 

func (in *R2BucketStatus) DeepCopy() *R2BucketStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketStatus.

func (*R2BucketStatus) DeepCopyInto added in v0.20.0 

func (in *R2BucketStatus) DeepCopyInto(out *R2BucketStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2CORSRule added in v0.20.0 

type R2CORSRule struct {
	// ID is an optional identifier for the rule
	// +kubebuilder:validation:Optional
	ID string `json:"id,omitempty"`

	// AllowedOrigins is a list of origins that are allowed
	// Use "*" to allow all origins
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	AllowedOrigins []string `json:"allowedOrigins"`

	// AllowedMethods is a list of HTTP methods that are allowed
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	AllowedMethods []string `json:"allowedMethods"`

	// AllowedHeaders is a list of headers that are allowed in requests
	// +kubebuilder:validation:Optional
	AllowedHeaders []string `json:"allowedHeaders,omitempty"`

	// ExposeHeaders is a list of headers that can be exposed to the browser
	// +kubebuilder:validation:Optional
	ExposeHeaders []string `json:"exposeHeaders,omitempty"`

	// MaxAgeSeconds is the number of seconds the browser can cache the preflight response
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=0
	MaxAgeSeconds *int `json:"maxAgeSeconds,omitempty"`
}

R2CORSRule defines a CORS rule for the bucket

func (*R2CORSRule) DeepCopy added in v0.20.0 

func (in *R2CORSRule) DeepCopy() *R2CORSRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2CORSRule.

func (*R2CORSRule) DeepCopyInto added in v0.20.0 

func (in *R2CORSRule) DeepCopyInto(out *R2CORSRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2EventType added in v0.20.0 

type R2EventType string

R2EventType represents the type of R2 event to notify on +kubebuilder:validation:Enum=object-create;object-delete 

const (
	// R2EventTypeObjectCreate triggers on object creation
	R2EventTypeObjectCreate R2EventType = "object-create"
	// R2EventTypeObjectDelete triggers on object deletion
	R2EventTypeObjectDelete R2EventType = "object-delete"
)

type R2LifecycleAbortUpload added in v0.20.0 

type R2LifecycleAbortUpload struct {
	// DaysAfterInitiation is the number of days after which incomplete uploads are aborted
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=1
	DaysAfterInitiation int `json:"daysAfterInitiation"`
}

R2LifecycleAbortUpload defines abort incomplete upload settings

func (*R2LifecycleAbortUpload) DeepCopy added in v0.20.0 

func (in *R2LifecycleAbortUpload) DeepCopy() *R2LifecycleAbortUpload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleAbortUpload.

func (*R2LifecycleAbortUpload) DeepCopyInto added in v0.20.0 

func (in *R2LifecycleAbortUpload) DeepCopyInto(out *R2LifecycleAbortUpload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2LifecycleExpiration added in v0.20.0 

type R2LifecycleExpiration struct {
	// Days is the number of days after object creation when the object expires
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	Days *int `json:"days,omitempty"`

	// Date is the specific date when objects expire (ISO 8601 format)
	// +kubebuilder:validation:Optional
	Date string `json:"date,omitempty"`
}

R2LifecycleExpiration defines expiration settings

func (*R2LifecycleExpiration) DeepCopy added in v0.20.0 

func (in *R2LifecycleExpiration) DeepCopy() *R2LifecycleExpiration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleExpiration.

func (*R2LifecycleExpiration) DeepCopyInto added in v0.20.0 

func (in *R2LifecycleExpiration) DeepCopyInto(out *R2LifecycleExpiration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2LifecycleRule added in v0.20.0 

type R2LifecycleRule struct {
	// ID is a unique identifier for the rule
	// +kubebuilder:validation:Required
	ID string `json:"id"`

	// Enabled indicates if this rule is active
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Prefix limits the rule to objects with this key prefix
	// +kubebuilder:validation:Optional
	Prefix string `json:"prefix,omitempty"`

	// Expiration defines when objects should be deleted
	// +kubebuilder:validation:Optional
	Expiration *R2LifecycleExpiration `json:"expiration,omitempty"`

	// AbortIncompleteMultipartUpload defines when to abort incomplete multipart uploads
	// +kubebuilder:validation:Optional
	AbortIncompleteMultipartUpload *R2LifecycleAbortUpload `json:"abortIncompleteMultipartUpload,omitempty"`
}

R2LifecycleRule defines a lifecycle rule for the bucket

func (*R2LifecycleRule) DeepCopy added in v0.20.0 

func (in *R2LifecycleRule) DeepCopy() *R2LifecycleRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleRule.

func (*R2LifecycleRule) DeepCopyInto added in v0.20.0 

func (in *R2LifecycleRule) DeepCopyInto(out *R2LifecycleRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2LocationHint added in v0.20.0 

type R2LocationHint string

R2LocationHint specifies the location hint for the bucket +kubebuilder:validation:Enum=apac;eeur;enam;weur;wnam 

const (
	// R2LocationAPAC is Asia-Pacific
	R2LocationAPAC R2LocationHint = "apac"
	// R2LocationEEUR is Eastern Europe
	R2LocationEEUR R2LocationHint = "eeur"
	// R2LocationENAM is Eastern North America
	R2LocationENAM R2LocationHint = "enam"
	// R2LocationWEUR is Western Europe
	R2LocationWEUR R2LocationHint = "weur"
	// R2LocationWNAM is Western North America
	R2LocationWNAM R2LocationHint = "wnam"
)

type R2NotificationRule added in v0.20.0 

type R2NotificationRule struct {
	// EventTypes is the list of event types to notify on
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	EventTypes []R2EventType `json:"eventTypes"`

	// Prefix filters events to objects with keys starting with this prefix
	// +kubebuilder:validation:Optional
	Prefix string `json:"prefix,omitempty"`

	// Suffix filters events to objects with keys ending with this suffix
	// +kubebuilder:validation:Optional
	Suffix string `json:"suffix,omitempty"`

	// Description is a human-readable description of this rule
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`
}

R2NotificationRule defines a notification rule

func (*R2NotificationRule) DeepCopy added in v0.20.0 

func (in *R2NotificationRule) DeepCopy() *R2NotificationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2NotificationRule.

func (*R2NotificationRule) DeepCopyInto added in v0.20.0 

func (in *R2NotificationRule) DeepCopyInto(out *R2NotificationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type R2NotificationState added in v0.20.0 

type R2NotificationState string

R2NotificationState represents the state of the notification rule +kubebuilder:validation:Enum=Pending;Active;Error 

const (
	// R2NotificationStatePending means the notification is waiting to be configured
	R2NotificationStatePending R2NotificationState = "Pending"
	// R2NotificationStateActive means the notification is active
	R2NotificationStateActive R2NotificationState = "Active"
	// R2NotificationStateError means there was an error configuring the notification
	R2NotificationStateError R2NotificationState = "Error"
)

type RedirectRule added in v0.20.0 

type RedirectRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RedirectRuleSpec   `json:"spec,omitempty"`
	Status RedirectRuleStatus `json:"status,omitempty"`
}

RedirectRule manages Cloudflare Redirect Rules (Single Redirects). Redirect Rules allow you to create URL redirects with static or dynamic targets.

Two syntaxes are supported: - Rules: Expression-based rules for complex redirect logic - WildcardRules: Wildcard pattern rules for simpler use cases

This is a simplified interface over ZoneRuleset for redirect use cases.

func (*RedirectRule) DeepCopy added in v0.20.0 

func (in *RedirectRule) DeepCopy() *RedirectRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRule.

func (*RedirectRule) DeepCopyInto added in v0.20.0 

func (in *RedirectRule) DeepCopyInto(out *RedirectRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RedirectRule) DeepCopyObject added in v0.20.0 

func (in *RedirectRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RedirectRuleDefinition added in v0.20.0 

type RedirectRuleDefinition struct {
	// Name is a human-readable name for the rule
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Expression is the filter expression (Cloudflare Rules language)
	// Example: (http.request.uri.path eq "/old-path")
	// +kubebuilder:validation:Required
	Expression string `json:"expression"`

	// Enabled controls whether the rule is active
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Target defines where to redirect
	// +kubebuilder:validation:Required
	Target RedirectTarget `json:"target"`

	// StatusCode is the HTTP redirect status code
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=302
	StatusCode RedirectStatusCode `json:"statusCode,omitempty"`

	// PreserveQueryString keeps the original query string in the redirect
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	PreserveQueryString bool `json:"preserveQueryString,omitempty"`
}

RedirectRuleDefinition defines a single redirect rule

func (*RedirectRuleDefinition) DeepCopy added in v0.20.0 

func (in *RedirectRuleDefinition) DeepCopy() *RedirectRuleDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleDefinition.

func (*RedirectRuleDefinition) DeepCopyInto added in v0.20.0 

func (in *RedirectRuleDefinition) DeepCopyInto(out *RedirectRuleDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RedirectRuleList added in v0.20.0 

type RedirectRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RedirectRule `json:"items"`
}

RedirectRuleList contains a list of RedirectRule

func (*RedirectRuleList) DeepCopy added in v0.20.0 

func (in *RedirectRuleList) DeepCopy() *RedirectRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleList.

func (*RedirectRuleList) DeepCopyInto added in v0.20.0 

func (in *RedirectRuleList) DeepCopyInto(out *RedirectRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RedirectRuleList) DeepCopyObject added in v0.20.0 

func (in *RedirectRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RedirectRuleSpec added in v0.20.0 

type RedirectRuleSpec struct {
	// Zone is the zone name (domain) to apply rules to
	// +kubebuilder:validation:Required
	Zone string `json:"zone"`

	// Description is a human-readable description of the redirect rules
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Rules are expression-based redirect rules
	// Use this for complex redirect logic
	// +kubebuilder:validation:Optional
	Rules []RedirectRuleDefinition `json:"rules,omitempty"`

	// WildcardRules are wildcard-based redirect rules
	// Use this for simpler pattern-based redirects
	// +kubebuilder:validation:Optional
	WildcardRules []WildcardRedirectRule `json:"wildcardRules,omitempty"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

RedirectRuleSpec defines the desired state of RedirectRule

func (*RedirectRuleSpec) DeepCopy added in v0.20.0 

func (in *RedirectRuleSpec) DeepCopy() *RedirectRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleSpec.

func (*RedirectRuleSpec) DeepCopyInto added in v0.20.0 

func (in *RedirectRuleSpec) DeepCopyInto(out *RedirectRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RedirectRuleState added in v0.20.0 

type RedirectRuleState string

RedirectRuleState represents the state of the redirect rule +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error 

const (
	// RedirectRuleStatePending means the rule is waiting to be synced
	RedirectRuleStatePending RedirectRuleState = "Pending"
	// RedirectRuleStateSyncing means the rule is being synced
	RedirectRuleStateSyncing RedirectRuleState = "Syncing"
	// RedirectRuleStateReady means the rule is synced and ready
	RedirectRuleStateReady RedirectRuleState = "Ready"
	// RedirectRuleStateError means there was an error with the rule
	RedirectRuleStateError RedirectRuleState = "Error"
)

type RedirectRuleStatus added in v0.20.0 

type RedirectRuleStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the rule
	// +optional
	State RedirectRuleState `json:"state,omitempty"`

	// RulesetID is the Cloudflare ruleset ID
	// +optional
	RulesetID string `json:"rulesetId,omitempty"`

	// ZoneID is the Cloudflare zone ID
	// +optional
	ZoneID string `json:"zoneId,omitempty"`

	// RuleCount is the total number of redirect rules
	// +optional
	RuleCount int `json:"ruleCount,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

RedirectRuleStatus defines the observed state of RedirectRule

func (*RedirectRuleStatus) DeepCopy added in v0.20.0 

func (in *RedirectRuleStatus) DeepCopy() *RedirectRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleStatus.

func (*RedirectRuleStatus) DeepCopyInto added in v0.20.0 

func (in *RedirectRuleStatus) DeepCopyInto(out *RedirectRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RedirectStatusCode added in v0.20.0 

type RedirectStatusCode int

RedirectStatusCode represents valid HTTP redirect status codes +kubebuilder:validation:Enum=301;302;307;308 

const (
	// RedirectStatusMovedPermanently (301) - Permanent redirect
	RedirectStatusMovedPermanently RedirectStatusCode = 301
	// RedirectStatusFound (302) - Temporary redirect (commonly used)
	RedirectStatusFound RedirectStatusCode = 302
	// RedirectStatusTemporaryRedirect (307) - Temporary redirect, preserve method
	RedirectStatusTemporaryRedirect RedirectStatusCode = 307
	// RedirectStatusPermanentRedirect (308) - Permanent redirect, preserve method
	RedirectStatusPermanentRedirect RedirectStatusCode = 308
)

type RedirectTarget added in v0.20.0 

type RedirectTarget struct {
	// URL is a static target URL
	// Example: https://example.com/new-path
	// +kubebuilder:validation:Optional
	URL string `json:"url,omitempty"`

	// Expression is a dynamic expression for the target URL
	// Example: concat("https://", http.host, "/new", http.request.uri.path)
	// +kubebuilder:validation:Optional
	Expression string `json:"expression,omitempty"`
}

RedirectTarget defines the redirect destination

func (*RedirectTarget) DeepCopy added in v0.20.0 

func (in *RedirectTarget) DeepCopy() *RedirectTarget

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectTarget.

func (*RedirectTarget) DeepCopyInto added in v0.20.0 

func (in *RedirectTarget) DeepCopyInto(out *RedirectTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RegistrantContact added in v0.20.0 

type RegistrantContact struct {
	// FirstName is the registrant's first name
	// +kubebuilder:validation:Required
	FirstName string `json:"firstName"`

	// LastName is the registrant's last name
	// +kubebuilder:validation:Required
	LastName string `json:"lastName"`

	// Organization is the registrant's organization (optional)
	// +kubebuilder:validation:Optional
	Organization string `json:"organization,omitempty"`

	// Address is the street address
	// +kubebuilder:validation:Required
	Address string `json:"address"`

	// Address2 is the secondary address line (optional)
	// +kubebuilder:validation:Optional
	Address2 string `json:"address2,omitempty"`

	// City is the city
	// +kubebuilder:validation:Required
	City string `json:"city"`

	// State is the state/province
	// +kubebuilder:validation:Required
	State string `json:"state"`

	// Zip is the postal/zip code
	// +kubebuilder:validation:Required
	Zip string `json:"zip"`

	// Country is the two-letter country code (ISO 3166-1 alpha-2)
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^[A-Z]{2}$`
	Country string `json:"country"`

	// Phone is the phone number in E.164 format
	// +kubebuilder:validation:Required
	Phone string `json:"phone"`

	// Email is the contact email address
	// +kubebuilder:validation:Required
	Email string `json:"email"`

	// Fax is the fax number (optional)
	// +kubebuilder:validation:Optional
	Fax string `json:"fax,omitempty"`
}

RegistrantContact contains the registrant contact information

func (*RegistrantContact) DeepCopy added in v0.20.0 

func (in *RegistrantContact) DeepCopy() *RegistrantContact

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrantContact.

func (*RegistrantContact) DeepCopyInto added in v0.20.0 

func (in *RegistrantContact) DeepCopyInto(out *RegistrantContact)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RenewalConfig added in v0.20.0 

type RenewalConfig struct {
	// Enabled enables automatic renewal
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// RenewBeforeDays specifies how many days before expiration to renew
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=365
	// +kubebuilder:default=30
	RenewBeforeDays int `json:"renewBeforeDays,omitempty"`
}

RenewalConfig configures automatic certificate renewal

func (*RenewalConfig) DeepCopy added in v0.20.0 

func (in *RenewalConfig) DeepCopy() *RenewalConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RenewalConfig.

func (*RenewalConfig) DeepCopyInto added in v0.20.0 

func (in *RenewalConfig) DeepCopyInto(out *RenewalConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResolvedPolicyStatus added in v0.18.0 

type ResolvedPolicyStatus struct {
	// Precedence is the policy precedence (order of evaluation).
	Precedence int `json:"precedence"`

	// PolicyID is the Cloudflare policy ID.
	// +kubebuilder:validation:Optional
	PolicyID string `json:"policyId,omitempty"`

	// GroupID is the resolved Cloudflare Access Group ID.
	// +kubebuilder:validation:Optional
	GroupID string `json:"groupId,omitempty"`

	// GroupName is the name of the Access Group (for display purposes).
	// +kubebuilder:validation:Optional
	GroupName string `json:"groupName,omitempty"`

	// Source indicates how the group was resolved.
	// Possible values: k8s, groupId, cloudflareGroupName
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=k8s;groupId;cloudflareGroupName
	Source string `json:"source,omitempty"`

	// Decision is the policy decision (allow, deny, bypass, non_identity).
	// +kubebuilder:validation:Optional
	Decision string `json:"decision,omitempty"`
}

ResolvedPolicyStatus contains resolved policy information for debugging and status tracking.

func (*ResolvedPolicyStatus) DeepCopy added in v0.18.0 

func (in *ResolvedPolicyStatus) DeepCopy() *ResolvedPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolvedPolicyStatus.

func (*ResolvedPolicyStatus) DeepCopyInto added in v0.18.0 

func (in *ResolvedPolicyStatus) DeepCopyInto(out *ResolvedPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceRequirements 

type ResourceRequirements struct {
	// Limits describes max allowed resources.
	// +kubebuilder:validation:Optional
	Limits map[string]string `json:"limits,omitempty"`

	// Requests describes minimum required resources.
	// +kubebuilder:validation:Optional
	Requests map[string]string `json:"requests,omitempty"`
}

ResourceRequirements describes compute resources.

func (*ResourceRequirements) DeepCopy 

func (in *ResourceRequirements) DeepCopy() *ResourceRequirements

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.

func (*ResourceRequirements) DeepCopyInto 

func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RewriteValue added in v0.20.0 

type RewriteValue struct {
	// Static is a literal value
	// +kubebuilder:validation:Optional
	Static string `json:"static,omitempty"`

	// Expression is a dynamic expression using Cloudflare Rules language
	// Example: concat("/api/v2", http.request.uri.path)
	// +kubebuilder:validation:Optional
	Expression string `json:"expression,omitempty"`
}

RewriteValue defines a rewrite value (static or dynamic)

func (*RewriteValue) DeepCopy added in v0.20.0 

func (in *RewriteValue) DeepCopy() *RewriteValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RewriteValue.

func (*RewriteValue) DeepCopyInto added in v0.20.0 

func (in *RewriteValue) DeepCopyInto(out *RewriteValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCacheKey added in v0.20.0 

type RulesetCacheKey struct {
	// IgnoreQueryStringsOrder ignores query string order
	// +kubebuilder:validation:Optional
	IgnoreQueryStringsOrder *bool `json:"ignoreQueryStringsOrder,omitempty"`

	// CacheDeceptionArmor enables cache deception armor
	// +kubebuilder:validation:Optional
	CacheDeceptionArmor *bool `json:"cacheDeceptionArmor,omitempty"`

	// QueryString customizes query string handling
	// +kubebuilder:validation:Optional
	QueryString *RulesetQueryStringCacheKey `json:"queryString,omitempty"`

	// Header customizes header-based cache key
	// +kubebuilder:validation:Optional
	Header *RulesetHeaderCacheKey `json:"header,omitempty"`

	// Cookie customizes cookie-based cache key
	// +kubebuilder:validation:Optional
	Cookie *RulesetCookieCacheKey `json:"cookie,omitempty"`

	// User customizes user-based cache key
	// +kubebuilder:validation:Optional
	User *RulesetUserCacheKey `json:"user,omitempty"`

	// Host customizes host-based cache key
	// +kubebuilder:validation:Optional
	Host *RulesetHostCacheKey `json:"host,omitempty"`
}

RulesetCacheKey defines cache key customization

func (*RulesetCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetCacheKey) DeepCopy() *RulesetCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheKey.

func (*RulesetCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetCacheKey) DeepCopyInto(out *RulesetCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCacheSettings added in v0.20.0 

type RulesetCacheSettings struct {
	// Cache enables or disables caching
	// +kubebuilder:validation:Optional
	Cache *bool `json:"cache,omitempty"`

	// EdgeTTL sets the edge cache TTL
	// +kubebuilder:validation:Optional
	EdgeTTL *RulesetCacheTTL `json:"edgeTtl,omitempty"`

	// BrowserTTL sets the browser cache TTL
	// +kubebuilder:validation:Optional
	BrowserTTL *RulesetCacheTTL `json:"browserTtl,omitempty"`

	// CacheKey customizes the cache key
	// +kubebuilder:validation:Optional
	CacheKey *RulesetCacheKey `json:"cacheKey,omitempty"`

	// RespectStrongETags respects strong ETags
	// +kubebuilder:validation:Optional
	RespectStrongETags *bool `json:"respectStrongEtags,omitempty"`

	// OriginErrorPagePassthru passes through origin error pages
	// +kubebuilder:validation:Optional
	OriginErrorPagePassthru *bool `json:"originErrorPagePassthru,omitempty"`
}

RulesetCacheSettings defines cache settings

func (*RulesetCacheSettings) DeepCopy added in v0.20.0 

func (in *RulesetCacheSettings) DeepCopy() *RulesetCacheSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheSettings.

func (*RulesetCacheSettings) DeepCopyInto added in v0.20.0 

func (in *RulesetCacheSettings) DeepCopyInto(out *RulesetCacheSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCacheTTL added in v0.20.0 

type RulesetCacheTTL struct {
	// Mode is the TTL mode (respect_origin, bypass_by_default, override_origin)
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=respect_origin;bypass_by_default;override_origin
	Mode string `json:"mode,omitempty"`

	// Default is the default TTL in seconds
	// +kubebuilder:validation:Optional
	Default *int `json:"default,omitempty"`

	// StatusCodeTTL sets TTL based on status codes
	// +kubebuilder:validation:Optional
	StatusCodeTTL []RulesetStatusCodeTTL `json:"statusCodeTtl,omitempty"`
}

RulesetCacheTTL defines cache TTL settings

func (*RulesetCacheTTL) DeepCopy added in v0.20.0 

func (in *RulesetCacheTTL) DeepCopy() *RulesetCacheTTL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheTTL.

func (*RulesetCacheTTL) DeepCopyInto added in v0.20.0 

func (in *RulesetCacheTTL) DeepCopyInto(out *RulesetCacheTTL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCompressionAlgorithm added in v0.20.0 

type RulesetCompressionAlgorithm struct {
	// Name is the algorithm name (gzip, brotli, auto, none)
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=gzip;brotli;auto;none
	Name string `json:"name"`
}

RulesetCompressionAlgorithm defines a compression algorithm

func (*RulesetCompressionAlgorithm) DeepCopy added in v0.20.0 

func (in *RulesetCompressionAlgorithm) DeepCopy() *RulesetCompressionAlgorithm

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCompressionAlgorithm.

func (*RulesetCompressionAlgorithm) DeepCopyInto added in v0.20.0 

func (in *RulesetCompressionAlgorithm) DeepCopyInto(out *RulesetCompressionAlgorithm)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCookieCacheKey added in v0.20.0 

type RulesetCookieCacheKey struct {
	// Include includes cookies
	// +kubebuilder:validation:Optional
	Include []string `json:"include,omitempty"`

	// CheckPresence checks for cookie presence
	// +kubebuilder:validation:Optional
	CheckPresence []string `json:"checkPresence,omitempty"`
}

RulesetCookieCacheKey defines cookie-based cache key settings

func (*RulesetCookieCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetCookieCacheKey) DeepCopy() *RulesetCookieCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCookieCacheKey.

func (*RulesetCookieCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetCookieCacheKey) DeepCopyInto(out *RulesetCookieCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetCustomResponse added in v0.20.0 

type RulesetCustomResponse struct {
	// StatusCode is the HTTP status code
	// +kubebuilder:validation:Optional
	StatusCode int `json:"statusCode,omitempty"`

	// ContentType is the response content type
	// +kubebuilder:validation:Optional
	ContentType string `json:"contentType,omitempty"`

	// Content is the response body
	// +kubebuilder:validation:Optional
	Content string `json:"content,omitempty"`
}

RulesetCustomResponse defines custom error response

func (*RulesetCustomResponse) DeepCopy added in v0.20.0 

func (in *RulesetCustomResponse) DeepCopy() *RulesetCustomResponse

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCustomResponse.

func (*RulesetCustomResponse) DeepCopyInto added in v0.20.0 

func (in *RulesetCustomResponse) DeepCopyInto(out *RulesetCustomResponse)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetHeaderAction added in v0.20.0 

type RulesetHeaderAction struct {
	// Operation is the header operation (set, add, remove)
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=set;add;remove
	Operation string `json:"operation"`

	// Value is the header value (for set/add operations)
	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// Expression is a dynamic expression for the value
	// +kubebuilder:validation:Optional
	Expression string `json:"expression,omitempty"`
}

RulesetHeaderAction defines a header modification action

func (*RulesetHeaderAction) DeepCopy added in v0.20.0 

func (in *RulesetHeaderAction) DeepCopy() *RulesetHeaderAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHeaderAction.

func (*RulesetHeaderAction) DeepCopyInto added in v0.20.0 

func (in *RulesetHeaderAction) DeepCopyInto(out *RulesetHeaderAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetHeaderCacheKey added in v0.20.0 

type RulesetHeaderCacheKey struct {
	// Include includes headers
	// +kubebuilder:validation:Optional
	Include []string `json:"include,omitempty"`

	// CheckPresence checks for header presence
	// +kubebuilder:validation:Optional
	CheckPresence []string `json:"checkPresence,omitempty"`

	// ExcludeOrigin excludes origin headers
	// +kubebuilder:validation:Optional
	ExcludeOrigin *bool `json:"excludeOrigin,omitempty"`
}

RulesetHeaderCacheKey defines header-based cache key settings

func (*RulesetHeaderCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetHeaderCacheKey) DeepCopy() *RulesetHeaderCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHeaderCacheKey.

func (*RulesetHeaderCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetHeaderCacheKey) DeepCopyInto(out *RulesetHeaderCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetHostCacheKey added in v0.20.0 

type RulesetHostCacheKey struct {
	// Resolved uses the resolved host
	// +kubebuilder:validation:Optional
	Resolved *bool `json:"resolved,omitempty"`
}

RulesetHostCacheKey defines host-based cache key settings

func (*RulesetHostCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetHostCacheKey) DeepCopy() *RulesetHostCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHostCacheKey.

func (*RulesetHostCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetHostCacheKey) DeepCopyInto(out *RulesetHostCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetOrigin added in v0.20.0 

type RulesetOrigin struct {
	// Host overrides the Host header
	// +kubebuilder:validation:Optional
	Host string `json:"host,omitempty"`

	// Port overrides the port
	// +kubebuilder:validation:Optional
	Port int `json:"port,omitempty"`
}

RulesetOrigin defines origin override parameters

func (*RulesetOrigin) DeepCopy added in v0.20.0 

func (in *RulesetOrigin) DeepCopy() *RulesetOrigin

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetOrigin.

func (*RulesetOrigin) DeepCopyInto added in v0.20.0 

func (in *RulesetOrigin) DeepCopyInto(out *RulesetOrigin)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetPhase added in v0.20.0 

type RulesetPhase string

RulesetPhase represents the phase/entry point of the ruleset +kubebuilder:validation:Enum=http_request_transform;http_request_late_transform;http_request_origin;http_request_redirect;http_request_dynamic_redirect;http_request_cache_settings;http_config_settings;http_custom_errors;http_response_headers_transform;http_response_compression;http_ratelimit;http_request_firewall_custom;http_request_firewall_managed;http_response_firewall_managed 

const (
	// RulesetPhaseHTTPRequestTransform is for URL Rewrite Rules (transform requests)
	RulesetPhaseHTTPRequestTransform RulesetPhase = "http_request_transform"
	// RulesetPhaseHTTPRequestLateTransform is for HTTP Request Header Modification Rules
	RulesetPhaseHTTPRequestLateTransform RulesetPhase = "http_request_late_transform"
	// RulesetPhaseHTTPRequestOrigin is for Origin Rules
	RulesetPhaseHTTPRequestOrigin RulesetPhase = "http_request_origin"
	// RulesetPhaseHTTPRequestRedirect is for Single Redirects
	RulesetPhaseHTTPRequestRedirect RulesetPhase = "http_request_redirect"
	// RulesetPhaseHTTPRequestDynamicRedirect is for Dynamic Redirects / Bulk Redirects
	RulesetPhaseHTTPRequestDynamicRedirect RulesetPhase = "http_request_dynamic_redirect"
	// RulesetPhaseHTTPRequestCacheSettings is for Cache Rules
	RulesetPhaseHTTPRequestCacheSettings RulesetPhase = "http_request_cache_settings"
	// RulesetPhaseHTTPConfigSettings is for Configuration Rules
	RulesetPhaseHTTPConfigSettings RulesetPhase = "http_config_settings"
	// RulesetPhaseHTTPCustomErrors is for Custom Error Responses
	RulesetPhaseHTTPCustomErrors RulesetPhase = "http_custom_errors"
	// RulesetPhaseHTTPResponseHeadersTransform is for HTTP Response Header Modification Rules
	RulesetPhaseHTTPResponseHeadersTransform RulesetPhase = "http_response_headers_transform"
	// RulesetPhaseHTTPResponseCompression is for Compression Rules
	RulesetPhaseHTTPResponseCompression RulesetPhase = "http_response_compression"
	// RulesetPhaseHTTPRateLimit is for Rate Limiting Rules
	RulesetPhaseHTTPRateLimit RulesetPhase = "http_ratelimit"
	// RulesetPhaseHTTPRequestFirewallCustom is for Custom Firewall Rules (WAF)
	RulesetPhaseHTTPRequestFirewallCustom RulesetPhase = "http_request_firewall_custom"
	// RulesetPhaseHTTPRequestFirewallManaged is for Managed Firewall Rules (WAF)
	RulesetPhaseHTTPRequestFirewallManaged RulesetPhase = "http_request_firewall_managed"
	// RulesetPhaseHTTPResponseFirewallManaged is for Response Firewall Rules
	RulesetPhaseHTTPResponseFirewallManaged RulesetPhase = "http_response_firewall_managed"
)

type RulesetQueryStringCacheKey added in v0.20.0 

type RulesetQueryStringCacheKey struct {
	// Exclude excludes query parameters
	// +kubebuilder:validation:Optional
	Exclude *RulesetQueryStringList `json:"exclude,omitempty"`

	// Include includes query parameters
	// +kubebuilder:validation:Optional
	Include *RulesetQueryStringList `json:"include,omitempty"`
}

RulesetQueryStringCacheKey defines query string cache key settings

func (*RulesetQueryStringCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetQueryStringCacheKey) DeepCopy() *RulesetQueryStringCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetQueryStringCacheKey.

func (*RulesetQueryStringCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetQueryStringCacheKey) DeepCopyInto(out *RulesetQueryStringCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetQueryStringList added in v0.20.0 

type RulesetQueryStringList struct {
	// List is a list of query parameter names
	// +kubebuilder:validation:Optional
	List []string `json:"list,omitempty"`

	// All includes/excludes all query parameters
	// +kubebuilder:validation:Optional
	All *bool `json:"all,omitempty"`
}

RulesetQueryStringList defines a list of query parameters

func (*RulesetQueryStringList) DeepCopy added in v0.20.0 

func (in *RulesetQueryStringList) DeepCopy() *RulesetQueryStringList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetQueryStringList.

func (*RulesetQueryStringList) DeepCopyInto added in v0.20.0 

func (in *RulesetQueryStringList) DeepCopyInto(out *RulesetQueryStringList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRedirect added in v0.20.0 

type RulesetRedirect struct {
	// SourceURL is the URL pattern to match
	// +kubebuilder:validation:Optional
	SourceURL string `json:"sourceUrl,omitempty"`

	// TargetURL is the redirect destination
	// +kubebuilder:validation:Optional
	TargetURL *RulesetRewriteValue `json:"targetUrl,omitempty"`

	// StatusCode is the HTTP status code (301, 302, 307, 308)
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=301;302;307;308
	StatusCode int `json:"statusCode,omitempty"`

	// PreserveQueryString preserves the original query string
	// +kubebuilder:validation:Optional
	PreserveQueryString bool `json:"preserveQueryString,omitempty"`

	// IncludeSubdomains applies to subdomains
	// +kubebuilder:validation:Optional
	IncludeSubdomains bool `json:"includeSubdomains,omitempty"`

	// SubpathMatching enables subpath matching
	// +kubebuilder:validation:Optional
	SubpathMatching bool `json:"subpathMatching,omitempty"`
}

RulesetRedirect defines redirect parameters

func (*RulesetRedirect) DeepCopy added in v0.20.0 

func (in *RulesetRedirect) DeepCopy() *RulesetRedirect

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRedirect.

func (*RulesetRedirect) DeepCopyInto added in v0.20.0 

func (in *RulesetRedirect) DeepCopyInto(out *RulesetRedirect)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRewriteValue added in v0.20.0 

type RulesetRewriteValue struct {
	// Value is a static value
	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// Expression is a dynamic expression
	// +kubebuilder:validation:Optional
	Expression string `json:"expression,omitempty"`
}

RulesetRewriteValue defines a rewrite value

func (*RulesetRewriteValue) DeepCopy added in v0.20.0 

func (in *RulesetRewriteValue) DeepCopy() *RulesetRewriteValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRewriteValue.

func (*RulesetRewriteValue) DeepCopyInto added in v0.20.0 

func (in *RulesetRewriteValue) DeepCopyInto(out *RulesetRewriteValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRule added in v0.20.0 

type RulesetRule struct {
	// Description is a human-readable description of the rule
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Expression is the filter expression (Cloudflare Rules language)
	// +kubebuilder:validation:Required
	Expression string `json:"expression"`

	// Action is the action to take when the expression matches
	// +kubebuilder:validation:Required
	Action RulesetRuleAction `json:"action"`

	// ActionParameters contains parameters for the action
	// +kubebuilder:validation:Optional
	ActionParameters *RulesetRuleActionParameters `json:"actionParameters,omitempty"`

	// Enabled controls whether the rule is active
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Ref is a reference ID for the rule (for ordering)
	// +kubebuilder:validation:Optional
	Ref string `json:"ref,omitempty"`

	// RateLimit defines rate limiting parameters (for http_ratelimit phase)
	// +kubebuilder:validation:Optional
	RateLimit *RulesetRuleRateLimit `json:"rateLimit,omitempty"`
}

RulesetRule defines a single rule in the ruleset

func (*RulesetRule) DeepCopy added in v0.20.0 

func (in *RulesetRule) DeepCopy() *RulesetRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRule.

func (*RulesetRule) DeepCopyInto added in v0.20.0 

func (in *RulesetRule) DeepCopyInto(out *RulesetRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRuleAction added in v0.20.0 

type RulesetRuleAction string

RulesetRuleAction represents the action to take when a rule matches +kubebuilder:validation:Enum=block;challenge;js_challenge;managed_challenge;log;skip;rewrite;redirect;route;score;execute;set_config;set_cache_settings;serve_error;compress_response 

const (
	// RulesetRuleActionBlock blocks the request
	RulesetRuleActionBlock RulesetRuleAction = "block"
	// RulesetRuleActionChallenge presents a CAPTCHA challenge
	RulesetRuleActionChallenge RulesetRuleAction = "challenge"
	// RulesetRuleActionJSChallenge presents a JavaScript challenge
	RulesetRuleActionJSChallenge RulesetRuleAction = "js_challenge"
	// RulesetRuleActionManagedChallenge presents a managed challenge
	RulesetRuleActionManagedChallenge RulesetRuleAction = "managed_challenge"
	// RulesetRuleActionLog logs the request
	RulesetRuleActionLog RulesetRuleAction = "log"
	// RulesetRuleActionSkip skips remaining rules
	RulesetRuleActionSkip RulesetRuleAction = "skip"
	// RulesetRuleActionRewrite rewrites the request
	RulesetRuleActionRewrite RulesetRuleAction = "rewrite"
	// RulesetRuleActionRedirect redirects the request
	RulesetRuleActionRedirect RulesetRuleAction = "redirect"
	// RulesetRuleActionRoute routes the request
	RulesetRuleActionRoute RulesetRuleAction = "route"
	// RulesetRuleActionScore scores the request
	RulesetRuleActionScore RulesetRuleAction = "score"
	// RulesetRuleActionExecute executes another ruleset
	RulesetRuleActionExecute RulesetRuleAction = "execute"
	// RulesetRuleActionSetConfig sets configuration
	RulesetRuleActionSetConfig RulesetRuleAction = "set_config"
	// RulesetRuleActionSetCacheSettings sets cache settings
	RulesetRuleActionSetCacheSettings RulesetRuleAction = "set_cache_settings"
	// RulesetRuleActionServeError serves an error page
	RulesetRuleActionServeError RulesetRuleAction = "serve_error"
	// RulesetRuleActionCompressResponse compresses the response
	RulesetRuleActionCompressResponse RulesetRuleAction = "compress_response"
)

type RulesetRuleActionParameters added in v0.20.0 

type RulesetRuleActionParameters struct {
	// URI contains URL rewrite parameters
	// +kubebuilder:validation:Optional
	URI *RulesetURIRewrite `json:"uri,omitempty"`

	// Headers contains header modification parameters
	// +kubebuilder:validation:Optional
	Headers map[string]RulesetHeaderAction `json:"headers,omitempty"`

	// Redirect contains redirect parameters
	// +kubebuilder:validation:Optional
	Redirect *RulesetRedirect `json:"redirect,omitempty"`

	// Origin contains origin override parameters
	// +kubebuilder:validation:Optional
	Origin *RulesetOrigin `json:"origin,omitempty"`

	// Cache contains cache settings
	// +kubebuilder:validation:Optional
	Cache *RulesetCacheSettings `json:"cache,omitempty"`

	// Products lists products to skip (for skip action)
	// +kubebuilder:validation:Optional
	Products []string `json:"products,omitempty"`

	// Ruleset is the ID of ruleset to execute (for execute action)
	// +kubebuilder:validation:Optional
	Ruleset string `json:"ruleset,omitempty"`

	// Phases lists phases to skip (for skip action)
	// +kubebuilder:validation:Optional
	Phases []string `json:"phases,omitempty"`

	// Rules lists rule IDs to skip (for skip action)
	// +kubebuilder:validation:Optional
	Rules map[string][]string `json:"rules,omitempty"`

	// Response contains custom error response parameters
	// +kubebuilder:validation:Optional
	Response *RulesetCustomResponse `json:"response,omitempty"`

	// Algorithms contains compression algorithms
	// +kubebuilder:validation:Optional
	Algorithms []RulesetCompressionAlgorithm `json:"algorithms,omitempty"`
}

RulesetRuleActionParameters contains parameters for rule actions

func (*RulesetRuleActionParameters) DeepCopy added in v0.20.0 

func (in *RulesetRuleActionParameters) DeepCopy() *RulesetRuleActionParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRuleActionParameters.

func (*RulesetRuleActionParameters) DeepCopyInto added in v0.20.0 

func (in *RulesetRuleActionParameters) DeepCopyInto(out *RulesetRuleActionParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRuleRateLimit added in v0.20.0 

type RulesetRuleRateLimit struct {
	// Characteristics defines what to count for rate limiting
	// +kubebuilder:validation:Optional
	Characteristics []string `json:"characteristics,omitempty"`

	// Period is the period in seconds
	// +kubebuilder:validation:Optional
	Period int `json:"period,omitempty"`

	// RequestsPerPeriod is the request limit
	// +kubebuilder:validation:Optional
	RequestsPerPeriod int `json:"requestsPerPeriod,omitempty"`

	// MitigationTimeout is the block duration in seconds
	// +kubebuilder:validation:Optional
	MitigationTimeout int `json:"mitigationTimeout,omitempty"`

	// CountingExpression is the expression for counting
	// +kubebuilder:validation:Optional
	CountingExpression string `json:"countingExpression,omitempty"`

	// RequestsToOrigin counts only requests to origin
	// +kubebuilder:validation:Optional
	RequestsToOrigin *bool `json:"requestsToOrigin,omitempty"`

	// ScorePerPeriod is the score limit (for complexity-based limiting)
	// +kubebuilder:validation:Optional
	ScorePerPeriod int `json:"scorePerPeriod,omitempty"`

	// ScoreResponseHeaderName is the header for score reporting
	// +kubebuilder:validation:Optional
	ScoreResponseHeaderName string `json:"scoreResponseHeaderName,omitempty"`
}

RulesetRuleRateLimit defines rate limiting parameters

func (*RulesetRuleRateLimit) DeepCopy added in v0.20.0 

func (in *RulesetRuleRateLimit) DeepCopy() *RulesetRuleRateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRuleRateLimit.

func (*RulesetRuleRateLimit) DeepCopyInto added in v0.20.0 

func (in *RulesetRuleRateLimit) DeepCopyInto(out *RulesetRuleRateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetStatusCodeRange added in v0.20.0 

type RulesetStatusCodeRange struct {
	// From is the start of the range
	From int `json:"from"`
	// To is the end of the range
	To int `json:"to"`
}

RulesetStatusCodeRange defines a range of status codes

func (*RulesetStatusCodeRange) DeepCopy added in v0.20.0 

func (in *RulesetStatusCodeRange) DeepCopy() *RulesetStatusCodeRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetStatusCodeRange.

func (*RulesetStatusCodeRange) DeepCopyInto added in v0.20.0 

func (in *RulesetStatusCodeRange) DeepCopyInto(out *RulesetStatusCodeRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetStatusCodeTTL added in v0.20.0 

type RulesetStatusCodeTTL struct {
	// StatusCodeRange is the status code range (e.g., "200-299")
	// +kubebuilder:validation:Optional
	StatusCodeRange *RulesetStatusCodeRange `json:"statusCodeRange,omitempty"`

	// StatusCodeValue is a single status code
	// +kubebuilder:validation:Optional
	StatusCodeValue *int `json:"statusCodeValue,omitempty"`

	// Value is the TTL value in seconds
	// +kubebuilder:validation:Required
	Value int `json:"value"`
}

RulesetStatusCodeTTL defines TTL for specific status codes

func (*RulesetStatusCodeTTL) DeepCopy added in v0.20.0 

func (in *RulesetStatusCodeTTL) DeepCopy() *RulesetStatusCodeTTL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetStatusCodeTTL.

func (*RulesetStatusCodeTTL) DeepCopyInto added in v0.20.0 

func (in *RulesetStatusCodeTTL) DeepCopyInto(out *RulesetStatusCodeTTL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetURIRewrite added in v0.20.0 

type RulesetURIRewrite struct {
	// Path is the new path (can use expressions)
	// +kubebuilder:validation:Optional
	Path *RulesetRewriteValue `json:"path,omitempty"`

	// Query is the new query string (can use expressions)
	// +kubebuilder:validation:Optional
	Query *RulesetRewriteValue `json:"query,omitempty"`
}

RulesetURIRewrite defines URL rewrite parameters

func (*RulesetURIRewrite) DeepCopy added in v0.20.0 

func (in *RulesetURIRewrite) DeepCopy() *RulesetURIRewrite

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetURIRewrite.

func (*RulesetURIRewrite) DeepCopyInto added in v0.20.0 

func (in *RulesetURIRewrite) DeepCopyInto(out *RulesetURIRewrite)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetUserCacheKey added in v0.20.0 

type RulesetUserCacheKey struct {
	// DeviceType includes device type
	// +kubebuilder:validation:Optional
	DeviceType *bool `json:"deviceType,omitempty"`

	// Geo includes geolocation
	// +kubebuilder:validation:Optional
	Geo *bool `json:"geo,omitempty"`

	// Lang includes language
	// +kubebuilder:validation:Optional
	Lang *bool `json:"lang,omitempty"`
}

RulesetUserCacheKey defines user-based cache key settings

func (*RulesetUserCacheKey) DeepCopy added in v0.20.0 

func (in *RulesetUserCacheKey) DeepCopy() *RulesetUserCacheKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetUserCacheKey.

func (*RulesetUserCacheKey) DeepCopyInto added in v0.20.0 

func (in *RulesetUserCacheKey) DeepCopyInto(out *RulesetUserCacheKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SAMLHeaderAttribute 

type SAMLHeaderAttribute struct {
	// AttributeName is the SAML attribute name.
	AttributeName string `json:"attributeName"`

	// HeaderName is the HTTP header name.
	HeaderName string `json:"headerName"`

	// Required indicates if this attribute is required.
	// +kubebuilder:validation:Optional
	Required bool `json:"required,omitempty"`
}

SAMLHeaderAttribute defines a SAML attribute to header mapping.

func (*SAMLHeaderAttribute) DeepCopy 

func (in *SAMLHeaderAttribute) DeepCopy() *SAMLHeaderAttribute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLHeaderAttribute.

func (*SAMLHeaderAttribute) DeepCopyInto 

func (in *SAMLHeaderAttribute) DeepCopyInto(out *SAMLHeaderAttribute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSLConfig added in v0.20.0 

type SSLConfig struct {
	// Mode sets the SSL/TLS encryption mode
	// - off: No encryption (not recommended)
	// - flexible: Encrypts traffic between browser and Cloudflare only
	// - full: Encrypts end-to-end, using a self-signed cert on the origin
	// - strict/full_strict: Encrypts end-to-end, requires valid origin cert
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=full
	Mode SSLMode `json:"mode,omitempty"`

	// MinTLSVersion sets the minimum TLS version
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="1.2"
	MinTLSVersion TLSVersion `json:"minTLSVersion,omitempty"`

	// TLS13 enables TLS 1.3 support
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=on
	TLS13 FeatureToggle `json:"tls13,omitempty"`

	// AlwaysUseHTTPS redirects all HTTP requests to HTTPS
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AlwaysUseHTTPS *bool `json:"alwaysUseHttps,omitempty"`

	// AutomaticHTTPSRewrites rewrites HTTP links to HTTPS in HTML content
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	AutomaticHTTPSRewrites *bool `json:"automaticHttpsRewrites,omitempty"`

	// OpportunisticEncryption enables opportunistic encryption
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	OpportunisticEncryption *bool `json:"opportunisticEncryption,omitempty"`

	// AuthenticatedOriginPull configures mTLS between Cloudflare and origin
	// +kubebuilder:validation:Optional
	AuthenticatedOriginPull *AuthenticatedOriginPullConfig `json:"authenticatedOriginPull,omitempty"`
}

SSLConfig defines SSL/TLS settings for a domain

func (*SSLConfig) DeepCopy added in v0.20.0 

func (in *SSLConfig) DeepCopy() *SSLConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfig.

func (*SSLConfig) DeepCopyInto added in v0.20.0 

func (in *SSLConfig) DeepCopyInto(out *SSLConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSLMode added in v0.20.0 

type SSLMode string

SSLMode represents the SSL/TLS encryption mode +kubebuilder:validation:Enum=off;flexible;full;strict;full_strict 

const (
	SSLModeOff        SSLMode = "off"
	SSLModeFlexible   SSLMode = "flexible"
	SSLModeFull       SSLMode = "full"
	SSLModeStrict     SSLMode = "strict"
	SSLModeFullStrict SSLMode = "full_strict"
)

type SecretKeyReference added in v0.20.0 

type SecretKeyReference struct {
	// Name of the Secret
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace of the Secret
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`

	// Key is the key in the Secret data
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=tls.key
	Key string `json:"key,omitempty"`
}

SecretKeyReference references a specific key in a Secret

func (*SecretKeyReference) DeepCopy added in v0.20.0 

func (in *SecretKeyReference) DeepCopy() *SecretKeyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReference.

func (*SecretKeyReference) DeepCopyInto added in v0.20.0 

func (in *SecretKeyReference) DeepCopyInto(out *SecretKeyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretKeySelector 

type SecretKeySelector struct {
	// Name is the name of the Secret.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the Secret.
	// +kubebuilder:validation:Required
	Key string `json:"key"`

	// Namespace is the namespace of the Secret.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

SecretKeySelector selects a key from a Secret.

func (*SecretKeySelector) DeepCopy 

func (in *SecretKeySelector) DeepCopy() *SecretKeySelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.

func (*SecretKeySelector) DeepCopyInto 

func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretReference added in v0.17.0 

type SecretReference struct {
	// Name of the secret
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace of the secret. Defaults to "cloudflare-operator-system"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="cloudflare-operator-system"
	Namespace string `json:"namespace,omitempty"`

	// Key in the secret for API Token (used when authType is apiToken)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_API_TOKEN"
	APITokenKey string `json:"apiTokenKey,omitempty"`

	// Key in the secret for Global API Key (used when authType is globalAPIKey)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_API_KEY"
	APIKeyKey string `json:"apiKeyKey,omitempty"`

	// Key in the secret for Email (used when authType is globalAPIKey)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="CLOUDFLARE_EMAIL"
	EmailKey string `json:"emailKey,omitempty"`
}

SecretReference contains information about the secret location

func (*SecretReference) DeepCopy added in v0.17.0 

func (in *SecretReference) DeepCopy() *SecretReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.

func (*SecretReference) DeepCopyInto added in v0.17.0 

func (in *SecretReference) DeepCopyInto(out *SecretReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretSyncConfig added in v0.20.0 

type SecretSyncConfig struct {
	// Enabled enables syncing the certificate to a Kubernetes Secret
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// SecretName is the name of the Secret to create/update
	// If not specified, defaults to the OriginCACertificate name
	// +kubebuilder:validation:Optional
	SecretName string `json:"secretName,omitempty"`

	// Namespace is the namespace for the Secret
	// If not specified, defaults to the OriginCACertificate's namespace (for namespaced)
	// or "cloudflare-operator-system" (for cluster-scoped)
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`

	// CertManagerCompatible creates the Secret in cert-manager compatible format
	// When true, uses "tls.crt" and "tls.key" keys with kubernetes.io/tls type
	// When false, uses "certificate" and "private-key" keys with Opaque type
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	CertManagerCompatible bool `json:"certManagerCompatible,omitempty"`

	// IncludeCA includes the Cloudflare Origin CA root certificate in the Secret
	// This is useful for clients that need to verify the certificate chain
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	IncludeCA bool `json:"includeCA,omitempty"`
}

SecretSyncConfig configures how the certificate is synced to a Kubernetes Secret

func (*SecretSyncConfig) DeepCopy added in v0.20.0 

func (in *SecretSyncConfig) DeepCopy() *SecretSyncConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSyncConfig.

func (*SecretSyncConfig) DeepCopyInto added in v0.20.0 

func (in *SecretSyncConfig) DeepCopyInto(out *SecretSyncConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecurityConfig added in v0.20.0 

type SecurityConfig struct {
	// Level sets the security level
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=medium
	Level SecurityLevel `json:"level,omitempty"`

	// BrowserCheck enables browser integrity check
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	BrowserCheck *bool `json:"browserCheck,omitempty"`

	// EmailObfuscation hides email addresses from bots
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	EmailObfuscation *bool `json:"emailObfuscation,omitempty"`

	// ServerSideExclude enables server-side excludes
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	ServerSideExclude *bool `json:"serverSideExclude,omitempty"`

	// HotlinkProtection prevents hotlinking of images
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	HotlinkProtection bool `json:"hotlinkProtection,omitempty"`

	// ChallengePassage sets how long a visitor can access the site
	// after completing a challenge (in seconds)
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=300
	// +kubebuilder:validation:Maximum=31536000
	// +kubebuilder:default=1800
	ChallengePassage *int `json:"challengePassage,omitempty"`

	// WAF configures Web Application Firewall
	// +kubebuilder:validation:Optional
	WAF *WAFConfig `json:"waf,omitempty"`
}

SecurityConfig defines security settings for a domain

func (*SecurityConfig) DeepCopy added in v0.20.0 

func (in *SecurityConfig) DeepCopy() *SecurityConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityConfig.

func (*SecurityConfig) DeepCopyInto added in v0.20.0 

func (in *SecurityConfig) DeepCopyInto(out *SecurityConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecurityLevel added in v0.20.0 

type SecurityLevel string

SecurityLevel represents security level settings +kubebuilder:validation:Enum=off;essentially_off;low;medium;high;under_attack 

const (
	SecurityLevelOff            SecurityLevel = "off"
	SecurityLevelEssentiallyOff SecurityLevel = "essentially_off"
	SecurityLevelLow            SecurityLevel = "low"
	SecurityLevelMedium         SecurityLevel = "medium"
	SecurityLevelHigh           SecurityLevel = "high"
	SecurityLevelUnderAttack    SecurityLevel = "under_attack"
)

type ServiceRef 

type ServiceRef struct {
	// Name is the name of the Service.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Port is the port of the Service to expose.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	Port int32 `json:"port"`
}

ServiceRef references a Kubernetes Service.

func (*ServiceRef) DeepCopy 

func (in *ServiceRef) DeepCopy() *ServiceRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRef.

func (*ServiceRef) DeepCopyInto 

func (in *ServiceRef) DeepCopyInto(out *ServiceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceTokenSecretRef 

type ServiceTokenSecretRef struct {
	// Name is the name of the Secret to create/update.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace for the Secret.
	// +kubebuilder:validation:Required
	Namespace string `json:"namespace"`

	// ClientIDKey is the key for the Client ID.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="CF_ACCESS_CLIENT_ID"
	ClientIDKey string `json:"clientIdKey,omitempty"`

	// ClientSecretKey is the key for the Client Secret.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="CF_ACCESS_CLIENT_SECRET"
	ClientSecretKey string `json:"clientSecretKey,omitempty"`
}

ServiceTokenSecretRef defines where to store token credentials.

func (*ServiceTokenSecretRef) DeepCopy 

func (in *ServiceTokenSecretRef) DeepCopy() *ServiceTokenSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceTokenSecretRef.

func (*ServiceTokenSecretRef) DeepCopyInto 

func (in *ServiceTokenSecretRef) DeepCopyInto(out *ServiceTokenSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SessionSettings 

type SessionSettings struct {
	Enforce  bool   `json:"enforce"`
	Duration string `json:"duration"`
}

SessionSettings for session checks.

func (*SessionSettings) DeepCopy 

func (in *SessionSettings) DeepCopy() *SessionSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionSettings.

func (*SessionSettings) DeepCopyInto 

func (in *SessionSettings) DeepCopyInto(out *SessionSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SplitTunnelEntry 

type SplitTunnelEntry struct {
	// Address is a CIDR notation for IP addresses to match.
	// Either Address or Host must be specified.
	// +kubebuilder:validation:Optional
	Address string `json:"address,omitempty"`

	// Host is a domain name to match.
	// Either Address or Host must be specified.
	// +kubebuilder:validation:Optional
	Host string `json:"host,omitempty"`

	// Description is an optional description for this entry.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=200
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a single split tunnel entry.

func (*SplitTunnelEntry) DeepCopy 

func (in *SplitTunnelEntry) DeepCopy() *SplitTunnelEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SplitTunnelEntry.

func (*SplitTunnelEntry) DeepCopyInto 

func (in *SplitTunnelEntry) DeepCopyInto(out *SplitTunnelEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSDecryptSettings 

type TLSDecryptSettings struct {
	Enabled bool `json:"enabled"`
}

TLSDecryptSettings for TLS decryption.

func (*TLSDecryptSettings) DeepCopy 

func (in *TLSDecryptSettings) DeepCopy() *TLSDecryptSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSDecryptSettings.

func (*TLSDecryptSettings) DeepCopyInto 

func (in *TLSDecryptSettings) DeepCopyInto(out *TLSDecryptSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSVersion added in v0.20.0 

type TLSVersion string

TLSVersion represents supported TLS versions +kubebuilder:validation:Enum="1.0";"1.1";"1.2";"1.3" 

const (
	TLSVersion10 TLSVersion = "1.0"
	TLSVersion11 TLSVersion = "1.1"
	TLSVersion12 TLSVersion = "1.2"
	TLSVersion13 TLSVersion = "1.3"
)

type TieredCacheConfig added in v0.20.0 

type TieredCacheConfig struct {
	// Enabled enables tiered caching
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// Topology sets the tiered cache topology
	// - smart: Dynamically selects the best upper tier
	// - generic: Uses regional hub data centers
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=smart
	Topology TieredCacheTopology `json:"topology,omitempty"`
}

TieredCacheConfig configures tiered caching

func (*TieredCacheConfig) DeepCopy added in v0.20.0 

func (in *TieredCacheConfig) DeepCopy() *TieredCacheConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TieredCacheConfig.

func (*TieredCacheConfig) DeepCopyInto added in v0.20.0 

func (in *TieredCacheConfig) DeepCopyInto(out *TieredCacheConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TieredCacheTopology added in v0.20.0 

type TieredCacheTopology string

TieredCacheTopology represents tiered cache topology +kubebuilder:validation:Enum=smart;generic 

const (
	TieredCacheSmart   TieredCacheTopology = "smart"
	TieredCacheGeneric TieredCacheTopology = "generic"
)

type Toleration 

type Toleration struct {
	// Key is the taint key.
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// Operator represents the relationship.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=Exists;Equal
	Operator string `json:"operator,omitempty"`

	// Value is the taint value.
	// +kubebuilder:validation:Optional
	Value string `json:"value,omitempty"`

	// Effect indicates the taint effect.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=NoSchedule;PreferNoSchedule;NoExecute
	Effect string `json:"effect,omitempty"`

	// TolerationSeconds for NoExecute effect.
	// +kubebuilder:validation:Optional
	TolerationSeconds *int64 `json:"tolerationSeconds,omitempty"`
}

Toleration for pod scheduling.

func (*Toleration) DeepCopy 

func (in *Toleration) DeepCopy() *Toleration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Toleration.

func (*Toleration) DeepCopyInto 

func (in *Toleration) DeepCopyInto(out *Toleration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TransformRule added in v0.20.0 

type TransformRule struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TransformRuleSpec   `json:"spec,omitempty"`
	Status TransformRuleStatus `json:"status,omitempty"`
}

TransformRule manages Cloudflare Transform Rules. Transform Rules allow you to modify HTTP requests and responses: - URL Rewrites: Change the URL path and/or query string - Request Headers: Add, modify, or remove HTTP request headers - Response Headers: Add, modify, or remove HTTP response headers

This is a simplified interface over ZoneRuleset for common transform use cases.

func (*TransformRule) DeepCopy added in v0.20.0 

func (in *TransformRule) DeepCopy() *TransformRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRule.

func (*TransformRule) DeepCopyInto added in v0.20.0 

func (in *TransformRule) DeepCopyInto(out *TransformRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TransformRule) DeepCopyObject added in v0.20.0 

func (in *TransformRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TransformRuleDefinition added in v0.20.0 

type TransformRuleDefinition struct {
	// Name is a human-readable name for the rule
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Expression is the filter expression (Cloudflare Rules language)
	// Example: (http.host eq "example.com")
	// +kubebuilder:validation:Required
	Expression string `json:"expression"`

	// Enabled controls whether the rule is active
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// URLRewrite contains URL rewrite configuration
	// Only used when type is url_rewrite
	// +kubebuilder:validation:Optional
	URLRewrite *URLRewriteConfig `json:"urlRewrite,omitempty"`

	// Headers contains header modification configuration
	// Only used when type is request_header or response_header
	// +kubebuilder:validation:Optional
	Headers []HeaderModification `json:"headers,omitempty"`
}

TransformRuleDefinition defines a single transform rule

func (*TransformRuleDefinition) DeepCopy added in v0.20.0 

func (in *TransformRuleDefinition) DeepCopy() *TransformRuleDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleDefinition.

func (*TransformRuleDefinition) DeepCopyInto added in v0.20.0 

func (in *TransformRuleDefinition) DeepCopyInto(out *TransformRuleDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TransformRuleList added in v0.20.0 

type TransformRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TransformRule `json:"items"`
}

TransformRuleList contains a list of TransformRule

func (*TransformRuleList) DeepCopy added in v0.20.0 

func (in *TransformRuleList) DeepCopy() *TransformRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleList.

func (*TransformRuleList) DeepCopyInto added in v0.20.0 

func (in *TransformRuleList) DeepCopyInto(out *TransformRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TransformRuleList) DeepCopyObject added in v0.20.0 

func (in *TransformRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TransformRuleSpec added in v0.20.0 

type TransformRuleSpec struct {
	// Zone is the zone name (domain) to apply rules to
	// +kubebuilder:validation:Required
	Zone string `json:"zone"`

	// Type is the type of transform rule
	// +kubebuilder:validation:Required
	Type TransformRuleType `json:"type"`

	// Description is a human-readable description of the ruleset
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Rules are the transform rules
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Rules []TransformRuleDefinition `json:"rules"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

TransformRuleSpec defines the desired state of TransformRule

func (*TransformRuleSpec) DeepCopy added in v0.20.0 

func (in *TransformRuleSpec) DeepCopy() *TransformRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleSpec.

func (*TransformRuleSpec) DeepCopyInto added in v0.20.0 

func (in *TransformRuleSpec) DeepCopyInto(out *TransformRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TransformRuleState added in v0.20.0 

type TransformRuleState string

TransformRuleState represents the state of the transform rule +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error 

const (
	// TransformRuleStatePending means the rule is waiting to be synced
	TransformRuleStatePending TransformRuleState = "Pending"
	// TransformRuleStateSyncing means the rule is being synced
	TransformRuleStateSyncing TransformRuleState = "Syncing"
	// TransformRuleStateReady means the rule is synced and ready
	TransformRuleStateReady TransformRuleState = "Ready"
	// TransformRuleStateError means there was an error with the rule
	TransformRuleStateError TransformRuleState = "Error"
)

type TransformRuleStatus added in v0.20.0 

type TransformRuleStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the rule
	// +optional
	State TransformRuleState `json:"state,omitempty"`

	// RulesetID is the Cloudflare ruleset ID
	// +optional
	RulesetID string `json:"rulesetId,omitempty"`

	// ZoneID is the Cloudflare zone ID
	// +optional
	ZoneID string `json:"zoneId,omitempty"`

	// RuleCount is the number of rules
	// +optional
	RuleCount int `json:"ruleCount,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

TransformRuleStatus defines the observed state of TransformRule

func (*TransformRuleStatus) DeepCopy added in v0.20.0 

func (in *TransformRuleStatus) DeepCopy() *TransformRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleStatus.

func (*TransformRuleStatus) DeepCopyInto added in v0.20.0 

func (in *TransformRuleStatus) DeepCopyInto(out *TransformRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TransformRuleType added in v0.20.0 

type TransformRuleType string

TransformRuleType represents the type of transform rule +kubebuilder:validation:Enum=url_rewrite;request_header;response_header 

const (
	// TransformRuleTypeURLRewrite rewrites the URL path and/or query string
	TransformRuleTypeURLRewrite TransformRuleType = "url_rewrite"
	// TransformRuleTypeRequestHeader modifies HTTP request headers
	TransformRuleTypeRequestHeader TransformRuleType = "request_header"
	// TransformRuleTypeResponseHeader modifies HTTP response headers
	TransformRuleTypeResponseHeader TransformRuleType = "response_header"
)

type Tunnel 

type Tunnel struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelSpec   `json:"spec,omitempty"`
	Status TunnelStatus `json:"status,omitempty"`
}

Tunnel is the Schema for the tunnels API

func (*Tunnel) DeepCopy 

func (in *Tunnel) DeepCopy() *Tunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tunnel.

func (*Tunnel) DeepCopyInto 

func (in *Tunnel) DeepCopyInto(out *Tunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Tunnel) DeepCopyObject 

func (in *Tunnel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Tunnel) Hub 

func (*Tunnel) Hub()

Hub marks this type as a conversion hub.

type TunnelGatewayClassConfig added in v0.18.1 

type TunnelGatewayClassConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelGatewayClassConfigSpec   `json:"spec,omitempty"`
	Status TunnelGatewayClassConfigStatus `json:"status,omitempty"`
}

TunnelGatewayClassConfig provides GatewayClass parameters for Cloudflare Tunnel Gateway Controller. This resource links a GatewayClass to a specific Tunnel or ClusterTunnel and configures how the Gateway Controller handles DNS records and origin connections.

Example usage: 

apiVersion: networking.cloudflare-operator.io/v1alpha2
kind: TunnelGatewayClassConfig
metadata:
  name: cloudflare-tunnel
spec:
  tunnelRef:
    kind: ClusterTunnel
    name: production-tunnel
  dnsManagement: Automatic
  dnsProxied: true

func (*TunnelGatewayClassConfig) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopy() *TunnelGatewayClassConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfig.

func (*TunnelGatewayClassConfig) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopyInto(out *TunnelGatewayClassConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelGatewayClassConfig) DeepCopyObject added in v0.18.1 

func (in *TunnelGatewayClassConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*TunnelGatewayClassConfig) GetTunnelNamespace added in v0.18.1 

func (c *TunnelGatewayClassConfig) GetTunnelNamespace() string

GetTunnelNamespace returns the namespace where the Tunnel resource is located. For ClusterTunnel, this returns empty string (cluster-scoped). For Tunnel, this returns the namespace from TunnelRef or falls back to config's namespace.

func (*TunnelGatewayClassConfig) IsDNSProxied added in v0.18.1 

func (c *TunnelGatewayClassConfig) IsDNSProxied() bool

IsDNSProxied returns whether DNS records should be proxied through Cloudflare.

type TunnelGatewayClassConfigList added in v0.18.1 

type TunnelGatewayClassConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TunnelGatewayClassConfig `json:"items"`
}

TunnelGatewayClassConfigList contains a list of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigList) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopy() *TunnelGatewayClassConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigList.

func (*TunnelGatewayClassConfigList) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopyInto(out *TunnelGatewayClassConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelGatewayClassConfigList) DeepCopyObject added in v0.18.1 

func (in *TunnelGatewayClassConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelGatewayClassConfigSpec added in v0.18.1 

type TunnelGatewayClassConfigSpec struct {
	// TunnelRef references the Tunnel or ClusterTunnel to use for this GatewayClass
	// +kubebuilder:validation:Required
	TunnelRef TunnelReference `json:"tunnelRef"`

	// DefaultOriginRequest provides default origin request settings for all Routes
	// using this GatewayClass. Can be overridden per-Route via annotations.
	// +kubebuilder:validation:Optional
	DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`

	// DNSManagement controls how DNS records are managed for Route hostnames.
	// - Automatic: Controller creates CNAME records directly via Cloudflare API
	// - Manual: User manages DNS records externally (compatible with external-dns)
	// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=Automatic
	DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`

	// DNSProxied controls whether DNS records are proxied through Cloudflare.
	// Only applies when DNSManagement is Automatic or DNSRecord.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DNSProxied *bool `json:"dnsProxied,omitempty"`

	// WatchNamespaces limits which namespaces the controller watches for Routes.
	// If empty, watches all namespaces.
	// +kubebuilder:validation:Optional
	WatchNamespaces []string `json:"watchNamespaces,omitempty"`

	// FallbackTarget is the default target for unmatched requests.
	// Defaults to "http_status:404" if not specified.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="http_status:404"
	FallbackTarget string `json:"fallbackTarget,omitempty"`
}

TunnelGatewayClassConfigSpec defines the desired state of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigSpec) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigSpec) DeepCopy() *TunnelGatewayClassConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigSpec.

func (*TunnelGatewayClassConfigSpec) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigSpec) DeepCopyInto(out *TunnelGatewayClassConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelGatewayClassConfigStatus added in v0.18.1 

type TunnelGatewayClassConfigStatus struct {
	// TunnelID is the resolved Cloudflare Tunnel ID
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the resolved Cloudflare Tunnel name
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// GatewayCount is the number of Gateways using this configuration
	// +kubebuilder:validation:Optional
	GatewayCount int `json:"gatewayCount,omitempty"`

	// RouteCount is the total number of Routes across all Gateways
	// +kubebuilder:validation:Optional
	RouteCount int `json:"routeCount,omitempty"`

	// State represents the current state of the configuration
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pending;active;error
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

TunnelGatewayClassConfigStatus defines the observed state of TunnelGatewayClassConfig

func (*TunnelGatewayClassConfigStatus) DeepCopy added in v0.18.1 

func (in *TunnelGatewayClassConfigStatus) DeepCopy() *TunnelGatewayClassConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigStatus.

func (*TunnelGatewayClassConfigStatus) DeepCopyInto added in v0.18.1 

func (in *TunnelGatewayClassConfigStatus) DeepCopyInto(out *TunnelGatewayClassConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelIngressClassConfig added in v0.18.1 

type TunnelIngressClassConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   TunnelIngressClassConfigSpec   `json:"spec,omitempty"`
	Status TunnelIngressClassConfigStatus `json:"status,omitempty"`
}

TunnelIngressClassConfig provides IngressClass parameters for Cloudflare Tunnel Ingress Controller. This resource links an IngressClass to a specific Tunnel or ClusterTunnel and configures how the Ingress Controller handles DNS records and origin connections.

func (*TunnelIngressClassConfig) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopy() *TunnelIngressClassConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfig.

func (*TunnelIngressClassConfig) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopyInto(out *TunnelIngressClassConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelIngressClassConfig) DeepCopyObject added in v0.18.1 

func (in *TunnelIngressClassConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*TunnelIngressClassConfig) GetTunnelNamespace added in v0.18.1 

func (c *TunnelIngressClassConfig) GetTunnelNamespace() string

GetTunnelNamespace returns the namespace of the referenced tunnel. For ClusterTunnel, returns empty string. For Tunnel, returns the specified namespace or the config's namespace.

func (*TunnelIngressClassConfig) IsDNSProxied added in v0.18.1 

func (c *TunnelIngressClassConfig) IsDNSProxied() bool

IsDNSProxied returns whether DNS records should be proxied through Cloudflare.

type TunnelIngressClassConfigList added in v0.18.1 

type TunnelIngressClassConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []TunnelIngressClassConfig `json:"items"`
}

TunnelIngressClassConfigList contains a list of TunnelIngressClassConfig

func (*TunnelIngressClassConfigList) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopy() *TunnelIngressClassConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigList.

func (*TunnelIngressClassConfigList) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopyInto(out *TunnelIngressClassConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelIngressClassConfigList) DeepCopyObject added in v0.18.1 

func (in *TunnelIngressClassConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelIngressClassConfigSpec added in v0.18.1 

type TunnelIngressClassConfigSpec struct {
	// TunnelRef references the Tunnel or ClusterTunnel to use for this IngressClass
	// +kubebuilder:validation:Required
	TunnelRef TunnelReference `json:"tunnelRef"`

	// DefaultOriginRequest provides default origin request settings for all Ingresses
	// using this IngressClass. Can be overridden per-Ingress via annotations.
	// +kubebuilder:validation:Optional
	DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`

	// DNSManagement controls how DNS records are managed for Ingress hostnames.
	// - Automatic: Controller creates CNAME records directly via Cloudflare API
	// - Manual: User manages DNS records externally (compatible with external-dns)
	// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=Automatic
	DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`

	// DNSProxied controls whether DNS records are proxied through Cloudflare.
	// Only applies when DNSManagement is Automatic or DNSRecord.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DNSProxied *bool `json:"dnsProxied,omitempty"`

	// WatchNamespaces limits which namespaces the controller watches for Ingresses.
	// If empty, watches all namespaces.
	// +kubebuilder:validation:Optional
	WatchNamespaces []string `json:"watchNamespaces,omitempty"`
}

TunnelIngressClassConfigSpec defines the desired state of TunnelIngressClassConfig

func (*TunnelIngressClassConfigSpec) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigSpec) DeepCopy() *TunnelIngressClassConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigSpec.

func (*TunnelIngressClassConfigSpec) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigSpec) DeepCopyInto(out *TunnelIngressClassConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelIngressClassConfigStatus added in v0.18.1 

type TunnelIngressClassConfigStatus struct {
	// TunnelID is the resolved Cloudflare Tunnel ID
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// TunnelName is the resolved Cloudflare Tunnel name
	// +kubebuilder:validation:Optional
	TunnelName string `json:"tunnelName,omitempty"`

	// IngressCount is the number of Ingresses using this configuration
	// +kubebuilder:validation:Optional
	IngressCount int `json:"ingressCount,omitempty"`

	// State represents the current state of the configuration
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum=pending;active;error
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

TunnelIngressClassConfigStatus defines the observed state of TunnelIngressClassConfig

func (*TunnelIngressClassConfigStatus) DeepCopy added in v0.18.1 

func (in *TunnelIngressClassConfigStatus) DeepCopy() *TunnelIngressClassConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigStatus.

func (*TunnelIngressClassConfigStatus) DeepCopyInto added in v0.18.1 

func (in *TunnelIngressClassConfigStatus) DeepCopyInto(out *TunnelIngressClassConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelList 

type TunnelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Tunnel `json:"items"`
}

TunnelList contains a list of Tunnel

func (*TunnelList) DeepCopy 

func (in *TunnelList) DeepCopy() *TunnelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelList.

func (*TunnelList) DeepCopyInto 

func (in *TunnelList) DeepCopyInto(out *TunnelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TunnelList) DeepCopyObject 

func (in *TunnelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TunnelRef 

type TunnelRef struct {
	// Kind is the type of tunnel resource (Tunnel or ClusterTunnel).
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
	// +kubebuilder:default=ClusterTunnel
	Kind string `json:"kind"`

	// Name is the name of the Tunnel or ClusterTunnel resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace of the Tunnel resource.
	// Only applicable when Kind is Tunnel. Ignored for ClusterTunnel.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

TunnelRef references a Tunnel or ClusterTunnel resource.

func (*TunnelRef) DeepCopy 

func (in *TunnelRef) DeepCopy() *TunnelRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRef.

func (*TunnelRef) DeepCopyInto 

func (in *TunnelRef) DeepCopyInto(out *TunnelRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelReference added in v0.18.1 

type TunnelReference struct {
	// Kind is the tunnel resource kind: Tunnel or ClusterTunnel
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
	Kind string `json:"kind"`

	// Name is the name of the Tunnel/ClusterTunnel resource
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Namespace is the namespace of the Tunnel (only for Kind=Tunnel).
	// If not specified for Kind=Tunnel, defaults to the TunnelIngressClassConfig's namespace.
	// +kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`
}

TunnelReference references a Tunnel or ClusterTunnel resource

func (*TunnelReference) DeepCopy added in v0.18.1 

func (in *TunnelReference) DeepCopy() *TunnelReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelReference.

func (*TunnelReference) DeepCopyInto added in v0.18.1 

func (in *TunnelReference) DeepCopyInto(out *TunnelReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelSpec 

type TunnelSpec struct {
	// Deployment patch for the cloudflared deployment.
	// Follows https://kubernetes.io/docs/reference/kubectl/generated/kubectl_patch/
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="{}"
	DeployPatch string `json:"deployPatch,omitempty"`

	// +kubebuilder:default:=false
	// +kubebuilder:validation:Optional
	// NoTlsVerify disables origin TLS certificate checks when the endpoint is HTTPS.
	NoTlsVerify bool `json:"noTlsVerify,omitempty"`

	// +kubebuilder:validation:Optional
	// OriginCaPool speficies the secret with tls.crt (and other certs as needed to be referred in the service annotation) of the Root CA to be trusted when sending traffic to HTTPS endpoints
	OriginCaPool string `json:"originCaPool,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"auto","quic","http2"}
	// +kubebuilder:default:="auto"
	// Protocol specifies the protocol to use for the tunnel. Defaults to auto. Options are "auto", "quic" and "http2"
	Protocol string `json:"protocol,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:="http_status:404"
	// FallbackTarget speficies the target for requests that do not match an ingress. Defaults to http_status:404
	FallbackTarget string `json:"fallbackTarget,omitempty"`

	// +kubebuilder:validation:Required
	// Cloudflare Credentials
	Cloudflare CloudflareDetails `json:"cloudflare,omitempty"`

	// +kubebuilder:validation:Optional
	// Existing tunnel object.
	// ExistingTunnel and NewTunnel cannot be both empty and are mutually exclusive.
	ExistingTunnel *ExistingTunnel `json:"existingTunnel,omitempty"`

	// +kubebuilder:validation:Optional
	// New tunnel object.
	// NewTunnel and ExistingTunnel cannot be both empty and are mutually exclusive.
	NewTunnel *NewTunnel `json:"newTunnel,omitempty"`

	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	// EnableWarpRouting enables WARP routing for this tunnel, allowing private network
	// access via WARP clients. When enabled, the tunnel can route traffic to private
	// IP ranges defined in NetworkRoute resources.
	EnableWarpRouting bool `json:"enableWarpRouting,omitempty"`
}

TunnelSpec defines the desired state of Tunnel

func (*TunnelSpec) DeepCopy 

func (in *TunnelSpec) DeepCopy() *TunnelSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelSpec.

func (*TunnelSpec) DeepCopyInto 

func (in *TunnelSpec) DeepCopyInto(out *TunnelSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelStatus 

type TunnelStatus struct {
	// TunnelId is the Cloudflare tunnel ID
	TunnelId string `json:"tunnelId"`

	// TunnelName is the Cloudflare tunnel name
	TunnelName string `json:"tunnelName"`

	// AccountId is the Cloudflare account ID
	AccountId string `json:"accountId"`

	// ZoneId is the Cloudflare zone ID (optional, for DNS features)
	ZoneId string `json:"zoneId"`

	// State represents the current state of the tunnel
	// +kubebuilder:validation:Enum=pending;creating;active;error;deleting
	State string `json:"state,omitempty"`

	// ObservedGeneration is the generation observed by the controller
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Conditions represent the latest available observations of the tunnel's state
	// +optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

TunnelStatus defines the observed state of Tunnel

func (*TunnelStatus) DeepCopy 

func (in *TunnelStatus) DeepCopy() *TunnelStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelStatus.

func (*TunnelStatus) DeepCopyInto 

func (in *TunnelStatus) DeepCopyInto(out *TunnelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type URLRewriteConfig added in v0.20.0 

type URLRewriteConfig struct {
	// Path is the new path configuration
	// +kubebuilder:validation:Optional
	Path *RewriteValue `json:"path,omitempty"`

	// Query is the new query string configuration
	// +kubebuilder:validation:Optional
	Query *RewriteValue `json:"query,omitempty"`
}

URLRewriteConfig defines URL rewrite configuration

func (*URLRewriteConfig) DeepCopy added in v0.20.0 

func (in *URLRewriteConfig) DeepCopy() *URLRewriteConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new URLRewriteConfig.

func (*URLRewriteConfig) DeepCopyInto added in v0.20.0 

func (in *URLRewriteConfig) DeepCopyInto(out *URLRewriteConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetwork 

type VirtualNetwork struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VirtualNetworkSpec   `json:"spec,omitempty"`
	Status VirtualNetworkStatus `json:"status,omitempty"`
}

VirtualNetwork is the Schema for the virtualnetworks API. A VirtualNetwork represents a Cloudflare Zero Trust Virtual Network, which provides isolated private network address spaces for routing traffic through Cloudflare Tunnels.

func (*VirtualNetwork) DeepCopy 

func (in *VirtualNetwork) DeepCopy() *VirtualNetwork

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetwork.

func (*VirtualNetwork) DeepCopyInto 

func (in *VirtualNetwork) DeepCopyInto(out *VirtualNetwork)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VirtualNetwork) DeepCopyObject 

func (in *VirtualNetwork) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VirtualNetwork) GetVirtualNetworkName 

func (v *VirtualNetwork) GetVirtualNetworkName() string

GetVirtualNetworkName returns the name to use in Cloudflare. Uses spec.name if specified, otherwise falls back to metadata.name.

type VirtualNetworkList 

type VirtualNetworkList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VirtualNetwork `json:"items"`
}

VirtualNetworkList contains a list of VirtualNetwork

func (*VirtualNetworkList) DeepCopy 

func (in *VirtualNetworkList) DeepCopy() *VirtualNetworkList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkList.

func (*VirtualNetworkList) DeepCopyInto 

func (in *VirtualNetworkList) DeepCopyInto(out *VirtualNetworkList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VirtualNetworkList) DeepCopyObject 

func (in *VirtualNetworkList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VirtualNetworkRef 

type VirtualNetworkRef struct {
	// Name is the name of the VirtualNetwork resource.
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

VirtualNetworkRef references a VirtualNetwork resource.

func (*VirtualNetworkRef) DeepCopy 

func (in *VirtualNetworkRef) DeepCopy() *VirtualNetworkRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkRef.

func (*VirtualNetworkRef) DeepCopyInto 

func (in *VirtualNetworkRef) DeepCopyInto(out *VirtualNetworkRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetworkSpec 

type VirtualNetworkSpec struct {
	// Name of the Virtual Network in Cloudflare.
	// If not specified, the Kubernetes resource name will be used.
	// +kubebuilder:validation:Optional
	Name string `json:"name,omitempty"`

	// Comment is an optional description for the Virtual Network.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=500
	Comment string `json:"comment,omitempty"`

	// IsDefaultNetwork marks this Virtual Network as the default for the account.
	// Only one Virtual Network can be the default.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	IsDefaultNetwork bool `json:"isDefaultNetwork,omitempty"`

	// Cloudflare contains the Cloudflare API credentials and account information.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

VirtualNetworkSpec defines the desired state of VirtualNetwork

func (*VirtualNetworkSpec) DeepCopy 

func (in *VirtualNetworkSpec) DeepCopy() *VirtualNetworkSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkSpec.

func (*VirtualNetworkSpec) DeepCopyInto 

func (in *VirtualNetworkSpec) DeepCopyInto(out *VirtualNetworkSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualNetworkStatus 

type VirtualNetworkStatus struct {
	// VirtualNetworkId is the Cloudflare ID of the Virtual Network.
	// +kubebuilder:validation:Optional
	VirtualNetworkId string `json:"virtualNetworkId,omitempty"`

	// AccountId is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountId string `json:"accountId,omitempty"`

	// State indicates the current state of the Virtual Network (active, deleted, etc.).
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// IsDefault indicates whether this is the default Virtual Network for the account.
	// +kubebuilder:validation:Optional
	IsDefault bool `json:"isDefault,omitempty"`

	// Conditions represent the latest available observations of the VirtualNetwork's state.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed by the controller.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

VirtualNetworkStatus defines the observed state of VirtualNetwork

func (*VirtualNetworkStatus) DeepCopy 

func (in *VirtualNetworkStatus) DeepCopy() *VirtualNetworkStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkStatus.

func (*VirtualNetworkStatus) DeepCopyInto 

func (in *VirtualNetworkStatus) DeepCopyInto(out *VirtualNetworkStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WAFConfig added in v0.20.0 

type WAFConfig struct {
	// Enabled enables WAF
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	Enabled bool `json:"enabled,omitempty"`
}

WAFConfig configures Web Application Firewall

func (*WAFConfig) DeepCopy added in v0.20.0 

func (in *WAFConfig) DeepCopy() *WAFConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WAFConfig.

func (*WAFConfig) DeepCopyInto added in v0.20.0 

func (in *WAFConfig) DeepCopyInto(out *WAFConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnector 

type WARPConnector struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   WARPConnectorSpec   `json:"spec,omitempty"`
	Status WARPConnectorStatus `json:"status,omitempty"`
}

WARPConnector is the Schema for the warpconnectors API.

func (*WARPConnector) DeepCopy 

func (in *WARPConnector) DeepCopy() *WARPConnector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnector.

func (*WARPConnector) DeepCopyInto 

func (in *WARPConnector) DeepCopyInto(out *WARPConnector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WARPConnector) DeepCopyObject 

func (in *WARPConnector) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*WARPConnector) GetConnectorName 

func (w *WARPConnector) GetConnectorName() string

GetConnectorName returns the name to use in Cloudflare.

type WARPConnectorList 

type WARPConnectorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []WARPConnector `json:"items"`
}

WARPConnectorList contains a list of WARPConnector

func (*WARPConnectorList) DeepCopy 

func (in *WARPConnectorList) DeepCopy() *WARPConnectorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorList.

func (*WARPConnectorList) DeepCopyInto 

func (in *WARPConnectorList) DeepCopyInto(out *WARPConnectorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WARPConnectorList) DeepCopyObject 

func (in *WARPConnectorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WARPConnectorRoute 

type WARPConnectorRoute struct {
	// Network is the CIDR of the network to route.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
	Network string `json:"network"`

	// Comment is an optional description.
	// +kubebuilder:validation:Optional
	Comment string `json:"comment,omitempty"`
}

WARPConnectorRoute defines a route to advertise.

func (*WARPConnectorRoute) DeepCopy 

func (in *WARPConnectorRoute) DeepCopy() *WARPConnectorRoute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorRoute.

func (*WARPConnectorRoute) DeepCopyInto 

func (in *WARPConnectorRoute) DeepCopyInto(out *WARPConnectorRoute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnectorSpec 

type WARPConnectorSpec struct {
	// Name of the WARP Connector in Cloudflare.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=255
	Name string `json:"name,omitempty"`

	// Replicas is the number of connector instances.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	Replicas int32 `json:"replicas,omitempty"`

	// Image is the WARP connector container image.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="cloudflare/cloudflared:latest"
	Image string `json:"image,omitempty"`

	// VirtualNetworkRef references the VirtualNetwork for this connector.
	// +kubebuilder:validation:Optional
	VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`

	// Routes are the private network routes to advertise.
	// +kubebuilder:validation:Optional
	Routes []WARPConnectorRoute `json:"routes,omitempty"`

	// Resources defines compute resources.
	// +kubebuilder:validation:Optional
	Resources *ResourceRequirements `json:"resources,omitempty"`

	// NodeSelector for pod scheduling.
	// +kubebuilder:validation:Optional
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// Tolerations for pod scheduling.
	// +kubebuilder:validation:Optional
	Tolerations []Toleration `json:"tolerations,omitempty"`

	// ServiceAccount to use for the connector pods.
	// +kubebuilder:validation:Optional
	ServiceAccountName string `json:"serviceAccountName,omitempty"`

	// Cloudflare contains the Cloudflare API credentials.
	// +kubebuilder:validation:Required
	Cloudflare CloudflareDetails `json:"cloudflare"`
}

WARPConnectorSpec defines the desired state of WARPConnector

func (*WARPConnectorSpec) DeepCopy 

func (in *WARPConnectorSpec) DeepCopy() *WARPConnectorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorSpec.

func (*WARPConnectorSpec) DeepCopyInto 

func (in *WARPConnectorSpec) DeepCopyInto(out *WARPConnectorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WARPConnectorStatus 

type WARPConnectorStatus struct {
	// ConnectorID is the Cloudflare WARP Connector ID.
	// +kubebuilder:validation:Optional
	ConnectorID string `json:"connectorId,omitempty"`

	// TunnelID is the underlying tunnel ID.
	// +kubebuilder:validation:Optional
	TunnelID string `json:"tunnelId,omitempty"`

	// VirtualNetworkID is the Cloudflare VirtualNetwork ID used for routes.
	// This is saved to enable proper route deletion during cleanup.
	// +kubebuilder:validation:Optional
	VirtualNetworkID string `json:"virtualNetworkId,omitempty"`

	// AccountID is the Cloudflare Account ID.
	// +kubebuilder:validation:Optional
	AccountID string `json:"accountId,omitempty"`

	// ReadyReplicas is the number of ready connector pods.
	// +kubebuilder:validation:Optional
	ReadyReplicas int32 `json:"readyReplicas,omitempty"`

	// RoutesConfigured is the number of routes configured.
	// +kubebuilder:validation:Optional
	RoutesConfigured int `json:"routesConfigured,omitempty"`

	// State indicates the current state.
	// +kubebuilder:validation:Optional
	State string `json:"state,omitempty"`

	// Conditions represent the latest available observations.
	// +kubebuilder:validation:Optional
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed.
	// +kubebuilder:validation:Optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

WARPConnectorStatus defines the observed state

func (*WARPConnectorStatus) DeepCopy 

func (in *WARPConnectorStatus) DeepCopy() *WARPConnectorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorStatus.

func (*WARPConnectorStatus) DeepCopyInto 

func (in *WARPConnectorStatus) DeepCopyInto(out *WARPConnectorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WildcardRedirectRule added in v0.20.0 

type WildcardRedirectRule struct {
	// Name is a human-readable name for the rule
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// SourceURL is the wildcard URL pattern to match
	// Use * as wildcard. Example: https://example.com/blog/*
	// +kubebuilder:validation:Required
	SourceURL string `json:"sourceUrl"`

	// TargetURL is the redirect destination
	// Use ${1}, ${2} etc. for wildcard replacements
	// Example: https://example.com/articles/${1}
	// +kubebuilder:validation:Required
	TargetURL string `json:"targetUrl"`

	// Enabled controls whether the rule is active
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	Enabled bool `json:"enabled,omitempty"`

	// StatusCode is the HTTP redirect status code
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=301
	StatusCode RedirectStatusCode `json:"statusCode,omitempty"`

	// PreserveQueryString keeps the original query string in the redirect
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	PreserveQueryString bool `json:"preserveQueryString,omitempty"`

	// IncludeSubdomains applies the redirect to subdomains
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	IncludeSubdomains bool `json:"includeSubdomains,omitempty"`

	// SubpathMatching enables matching of subpaths
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	SubpathMatching bool `json:"subpathMatching,omitempty"`
}

WildcardRedirectRule defines a wildcard-based redirect rule This provides a simpler syntax for common redirect patterns

func (*WildcardRedirectRule) DeepCopy added in v0.20.0 

func (in *WildcardRedirectRule) DeepCopy() *WildcardRedirectRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WildcardRedirectRule.

func (*WildcardRedirectRule) DeepCopyInto added in v0.20.0 

func (in *WildcardRedirectRule) DeepCopyInto(out *WildcardRedirectRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ZoneRuleset added in v0.20.0 

type ZoneRuleset struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ZoneRulesetSpec   `json:"spec,omitempty"`
	Status ZoneRulesetStatus `json:"status,omitempty"`
}

ZoneRuleset manages Cloudflare zone rulesets. Rulesets are the backbone of Cloudflare Rules (Transform Rules, Redirect Rules, Cache Rules, Configuration Rules, WAF Custom Rules, etc.).

Each ZoneRuleset manages rules for a specific phase (entry point) in the request processing pipeline.

func (*ZoneRuleset) DeepCopy added in v0.20.0 

func (in *ZoneRuleset) DeepCopy() *ZoneRuleset

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRuleset.

func (*ZoneRuleset) DeepCopyInto added in v0.20.0 

func (in *ZoneRuleset) DeepCopyInto(out *ZoneRuleset)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ZoneRuleset) DeepCopyObject added in v0.20.0 

func (in *ZoneRuleset) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ZoneRulesetList added in v0.20.0 

type ZoneRulesetList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ZoneRuleset `json:"items"`
}

ZoneRulesetList contains a list of ZoneRuleset

func (*ZoneRulesetList) DeepCopy added in v0.20.0 

func (in *ZoneRulesetList) DeepCopy() *ZoneRulesetList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetList.

func (*ZoneRulesetList) DeepCopyInto added in v0.20.0 

func (in *ZoneRulesetList) DeepCopyInto(out *ZoneRulesetList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ZoneRulesetList) DeepCopyObject added in v0.20.0 

func (in *ZoneRulesetList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ZoneRulesetSpec added in v0.20.0 

type ZoneRulesetSpec struct {
	// Zone is the zone name (domain) to apply rules to
	// +kubebuilder:validation:Required
	Zone string `json:"zone"`

	// Phase is the ruleset phase/entry point
	// +kubebuilder:validation:Required
	Phase RulesetPhase `json:"phase"`

	// Description is a human-readable description of the ruleset
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Rules are the rules in this ruleset
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Rules []RulesetRule `json:"rules"`

	// CredentialsRef references a CloudflareCredentials resource
	// If not specified, the default CloudflareCredentials will be used
	// +kubebuilder:validation:Optional
	CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}

ZoneRulesetSpec defines the desired state of ZoneRuleset

func (*ZoneRulesetSpec) DeepCopy added in v0.20.0 

func (in *ZoneRulesetSpec) DeepCopy() *ZoneRulesetSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetSpec.

func (*ZoneRulesetSpec) DeepCopyInto added in v0.20.0 

func (in *ZoneRulesetSpec) DeepCopyInto(out *ZoneRulesetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ZoneRulesetState added in v0.20.0 

type ZoneRulesetState string

ZoneRulesetState represents the state of the ruleset +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error 

const (
	// ZoneRulesetStatePending means the ruleset is waiting to be synced
	ZoneRulesetStatePending ZoneRulesetState = "Pending"
	// ZoneRulesetStateSyncing means the ruleset is being synced
	ZoneRulesetStateSyncing ZoneRulesetState = "Syncing"
	// ZoneRulesetStateReady means the ruleset is synced and ready
	ZoneRulesetStateReady ZoneRulesetState = "Ready"
	// ZoneRulesetStateError means there was an error with the ruleset
	ZoneRulesetStateError ZoneRulesetState = "Error"
)

type ZoneRulesetStatus added in v0.20.0 

type ZoneRulesetStatus struct {
	// Conditions represent the latest available observations
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ObservedGeneration is the most recent generation observed
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// State represents the current state of the ruleset
	// +optional
	State ZoneRulesetState `json:"state,omitempty"`

	// RulesetID is the Cloudflare ruleset ID
	// +optional
	RulesetID string `json:"rulesetId,omitempty"`

	// RulesetVersion is the current ruleset version
	// +optional
	RulesetVersion string `json:"rulesetVersion,omitempty"`

	// ZoneID is the Cloudflare zone ID
	// +optional
	ZoneID string `json:"zoneId,omitempty"`

	// RuleCount is the number of rules in the ruleset
	// +optional
	RuleCount int `json:"ruleCount,omitempty"`

	// LastUpdated is the last time the ruleset was updated
	// +optional
	LastUpdated *metav1.Time `json:"lastUpdated,omitempty"`

	// Message provides additional information about the current state
	// +optional
	Message string `json:"message,omitempty"`
}

ZoneRulesetStatus defines the observed state of ZoneRuleset

func (*ZoneRulesetStatus) DeepCopy added in v0.20.0 

func (in *ZoneRulesetStatus) DeepCopy() *ZoneRulesetStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetStatus.

func (*ZoneRulesetStatus) DeepCopyInto added in v0.20.0 

func (in *ZoneRulesetStatus) DeepCopyInto(out *ZoneRulesetStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.