Documentation
¶
Overview ¶
Package v1alpha2 contains API Schema definitions for the networking v1alpha2 API group. +kubebuilder:object:generate=true +groupName=networking.cloudflare-operator.io
Index ¶
- Variables
- type AccessAppLauncherCustomization
- type AccessApplication
- type AccessApplicationCorsHeaders
- type AccessApplicationList
- type AccessApplicationSCIMConfig
- type AccessApplicationSpec
- type AccessApplicationStatus
- type AccessDestination
- type AccessFooterLink
- type AccessGroup
- type AccessGroupAuthContextRule
- type AccessGroupAuthMethodRule
- type AccessGroupAzureRule
- type AccessGroupCommonNameRule
- type AccessGroupCountryRule
- type AccessGroupDevicePostureRule
- type AccessGroupEmailDomainRule
- type AccessGroupEmailListRule
- type AccessGroupEmailRule
- type AccessGroupExternalEvaluationRule
- type AccessGroupGSuiteRule
- type AccessGroupGitHubRule
- type AccessGroupGroupRule
- type AccessGroupIPListRule
- type AccessGroupIPRangesRule
- type AccessGroupList
- type AccessGroupLoginMethodRule
- type AccessGroupOIDCRule
- type AccessGroupOktaRule
- type AccessGroupRule
- type AccessGroupSAMLRule
- type AccessGroupServiceTokenRule
- type AccessGroupSpec
- type AccessGroupStatus
- type AccessIdentityProvider
- type AccessIdentityProviderList
- type AccessIdentityProviderRef
- type AccessIdentityProviderSpec
- type AccessIdentityProviderStatus
- type AccessInfrastructureTargetContext
- type AccessLandingPageDesign
- type AccessPolicyRef
- type AccessServiceToken
- type AccessServiceTokenList
- type AccessServiceTokenSpec
- type AccessServiceTokenStatus
- type ActivityLogSettings
- type AntiVirusSettings
- type AuditSSHSettings
- type AuthenticatedOriginPullConfig
- type AutoPopulateConfig
- type BISOAdminControls
- type BlockPageSettings
- type BodyScanningSettings
- type BrowserIsolationSettings
- type CacheConfig
- type CacheLevel
- type CacheReserveConfig
- type CertificateRequestType
- type CertificateValidity
- type CloudflareAuthType
- type CloudflareCredentials
- type CloudflareCredentialsList
- type CloudflareCredentialsRef
- type CloudflareCredentialsSpec
- type CloudflareCredentialsStatus
- type CloudflareDetails
- type CloudflareDomain
- type CloudflareDomainList
- type CloudflareDomainSpec
- type CloudflareDomainState
- type CloudflareDomainStatus
- type ClusterTunnel
- type ClusterTunnelList
- type ConfigMapKeyRef
- type ConfigSyncState
- type ConfigSyncStatus
- type CredentialsReference
- type CustomCertificateSettings
- type DNSManagementMode
- type DNSRecord
- type DNSRecordData
- type DNSRecordList
- type DNSRecordSpec
- type DNSRecordStatus
- type DNSResolverEntry
- type DNSResolversSettings
- type DevicePostureInput
- type DevicePostureLocation
- type DevicePostureMatch
- type DevicePostureRule
- type DevicePostureRuleList
- type DevicePostureRuleSpec
- type DevicePostureRuleStatus
- type DeviceSettingsPolicy
- type DeviceSettingsPolicyList
- type DeviceSettingsPolicySpec
- type DeviceSettingsPolicyStatus
- type DomainConfiguration
- type DomainRegistration
- type DomainRegistrationList
- type DomainRegistrationSpec
- type DomainRegistrationState
- type DomainRegistrationStatus
- type EgressSettings
- type ExistingTunnel
- type FIPSSettings
- type FallbackDomainEntry
- type FeatureToggle
- type GatewayConfiguration
- type GatewayConfigurationList
- type GatewayConfigurationSpec
- type GatewayConfigurationStatus
- type GatewayList
- type GatewayListItem
- type GatewayListList
- type GatewayListSpec
- type GatewayListStatus
- type GatewayRule
- type GatewayRuleExpiration
- type GatewayRuleList
- type GatewayRuleSchedule
- type GatewayRuleSettings
- type GatewayRuleSpec
- type GatewayRuleStatus
- type GatewaySettings
- type HeaderModification
- type HeaderOperation
- type HybridAndImplicitOptions
- type IdentityProviderConfig
- type IdentityProviderScimConfig
- type L4OverrideSettings
- type MinifyConfig
- type NetworkRoute
- type NetworkRouteList
- type NetworkRouteSpec
- type NetworkRouteStatus
- type NewTunnel
- type NonIdentityBrowserIsolationSettings
- type NotificationSettings
- type OIDCClaimConfig
- type OIDCClaimSource
- type OriginCACertificate
- type OriginCACertificateList
- type OriginCACertificateSpec
- type OriginCACertificateState
- type OriginCACertificateStatus
- type OriginRequestSpec
- type PayloadLogSettings
- type PerformanceConfig
- type PolishMode
- type PrivateKeySpec
- type PrivateService
- type PrivateServiceList
- type PrivateServiceSpec
- type PrivateServiceStatus
- type ProtocolDetectionSettings
- type ProtocolType
- type QuarantineSettings
- type R2Bucket
- type R2BucketDomain
- type R2BucketDomainList
- type R2BucketDomainMinTLS
- type R2BucketDomainSpec
- type R2BucketDomainState
- type R2BucketDomainStatus
- type R2BucketList
- type R2BucketNotification
- type R2BucketNotificationList
- type R2BucketNotificationSpec
- type R2BucketNotificationStatus
- type R2BucketSpec
- type R2BucketState
- type R2BucketStatus
- type R2CORSRule
- type R2EventType
- type R2LifecycleAbortUpload
- type R2LifecycleExpiration
- type R2LifecycleRule
- type R2LocationHint
- type R2NotificationRule
- type R2NotificationState
- type RedirectRule
- type RedirectRuleDefinition
- type RedirectRuleList
- type RedirectRuleSpec
- type RedirectRuleState
- type RedirectRuleStatus
- type RedirectStatusCode
- type RedirectTarget
- type RefreshTokenOptions
- type RegistrantContact
- type RenewalConfig
- type ResolveDNSInternallySettings
- type ResolvedPolicyStatus
- type ResourceRequirements
- type RewriteValue
- type RulesetCacheKey
- type RulesetCacheSettings
- type RulesetCacheTTL
- type RulesetCompressionAlgorithm
- type RulesetCookieCacheKey
- type RulesetCustomResponse
- type RulesetHeaderAction
- type RulesetHeaderCacheKey
- type RulesetHostCacheKey
- type RulesetOrigin
- type RulesetPhase
- type RulesetQueryStringCacheKey
- type RulesetQueryStringList
- type RulesetRedirect
- type RulesetRewriteValue
- type RulesetRule
- type RulesetRuleAction
- type RulesetRuleActionParameters
- type RulesetRuleRateLimit
- type RulesetStatusCodeRange
- type RulesetStatusCodeTTL
- type RulesetURIRewrite
- type RulesetUserCacheKey
- type SAMLAttributeConfig
- type SAMLAttributeSource
- type SAMLHeaderAttribute
- type SCIMAuthentication
- type SCIMMapping
- type SCIMMappingOperations
- type SSLConfig
- type SSLMode
- type SaasApplicationConfig
- type SecretKeyReference
- type SecretKeySelector
- type SecretReference
- type SecretSyncConfig
- type SecurityConfig
- type SecurityLevel
- type ServiceRef
- type ServiceTokenSecretRef
- type SessionSettings
- type SplitTunnelEntry
- type TLSDecryptSettings
- type TLSVersion
- type TieredCacheConfig
- type TieredCacheTopology
- type Toleration
- type TransformRule
- type TransformRuleDefinition
- type TransformRuleList
- type TransformRuleSpec
- type TransformRuleState
- type TransformRuleStatus
- type TransformRuleType
- type Tunnel
- type TunnelGatewayClassConfig
- func (in *TunnelGatewayClassConfig) DeepCopy() *TunnelGatewayClassConfig
- func (in *TunnelGatewayClassConfig) DeepCopyInto(out *TunnelGatewayClassConfig)
- func (in *TunnelGatewayClassConfig) DeepCopyObject() runtime.Object
- func (c *TunnelGatewayClassConfig) GetTunnelNamespace() string
- func (c *TunnelGatewayClassConfig) IsDNSProxied() bool
- type TunnelGatewayClassConfigList
- type TunnelGatewayClassConfigSpec
- type TunnelGatewayClassConfigStatus
- type TunnelIngressClassConfig
- func (in *TunnelIngressClassConfig) DeepCopy() *TunnelIngressClassConfig
- func (in *TunnelIngressClassConfig) DeepCopyInto(out *TunnelIngressClassConfig)
- func (in *TunnelIngressClassConfig) DeepCopyObject() runtime.Object
- func (c *TunnelIngressClassConfig) GetTunnelNamespace() string
- func (c *TunnelIngressClassConfig) IsDNSProxied() bool
- type TunnelIngressClassConfigList
- type TunnelIngressClassConfigSpec
- type TunnelIngressClassConfigStatus
- type TunnelList
- type TunnelRef
- type TunnelReference
- type TunnelSpec
- type TunnelStatus
- type URLRewriteConfig
- type VirtualNetwork
- type VirtualNetworkList
- type VirtualNetworkRef
- type VirtualNetworkSpec
- type VirtualNetworkStatus
- type WAFConfig
- type WARPConnector
- type WARPConnectorList
- type WARPConnectorRoute
- type WARPConnectorSpec
- type WARPConnectorStatus
- type WildcardRedirectRule
- type ZoneRuleset
- type ZoneRulesetList
- type ZoneRulesetSpec
- type ZoneRulesetState
- type ZoneRulesetStatus
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "networking.cloudflare-operator.io", Version: "v1alpha2"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AccessAppLauncherCustomization ¶ added in v0.21.1
type AccessAppLauncherCustomization struct {
// LandingPageDesign configures the landing page appearance.
// +kubebuilder:validation:Optional
LandingPageDesign *AccessLandingPageDesign `json:"landingPageDesign,omitempty"`
// AppLauncherLogoURL is the URL of the app launcher logo.
// +kubebuilder:validation:Optional
AppLauncherLogoURL string `json:"appLauncherLogoUrl,omitempty"`
// HeaderBackgroundColor is the header background color (hex format).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^#[0-9a-fA-F]{6}$`
HeaderBackgroundColor string `json:"headerBackgroundColor,omitempty"`
// BackgroundColor is the background color (hex format).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^#[0-9a-fA-F]{6}$`
BackgroundColor string `json:"backgroundColor,omitempty"`
// +kubebuilder:validation:Optional
FooterLinks []AccessFooterLink `json:"footerLinks,omitempty"`
// SkipAppLauncherLoginPage skips the app launcher login page.
// +kubebuilder:validation:Optional
SkipAppLauncherLoginPage *bool `json:"skipAppLauncherLoginPage,omitempty"`
}
AccessAppLauncherCustomization represents the App Launcher customization settings.
func (*AccessAppLauncherCustomization) DeepCopy ¶ added in v0.21.1
func (in *AccessAppLauncherCustomization) DeepCopy() *AccessAppLauncherCustomization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessAppLauncherCustomization.
func (*AccessAppLauncherCustomization) DeepCopyInto ¶ added in v0.21.1
func (in *AccessAppLauncherCustomization) DeepCopyInto(out *AccessAppLauncherCustomization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessApplication ¶
type AccessApplication struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AccessApplicationSpec `json:"spec,omitempty"`
Status AccessApplicationStatus `json:"status,omitempty"`
}
AccessApplication is the Schema for the accessapplications API. An AccessApplication represents a Cloudflare Access Application, which protects internal resources with Zero Trust policies.
func (*AccessApplication) DeepCopy ¶
func (in *AccessApplication) DeepCopy() *AccessApplication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplication.
func (*AccessApplication) DeepCopyInto ¶
func (in *AccessApplication) DeepCopyInto(out *AccessApplication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessApplication) DeepCopyObject ¶
func (in *AccessApplication) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AccessApplication) GetAccessApplicationName ¶
func (a *AccessApplication) GetAccessApplicationName() string
GetAccessApplicationName returns the name to use in Cloudflare.
type AccessApplicationCorsHeaders ¶ added in v0.21.1
type AccessApplicationCorsHeaders struct {
// AllowedMethods is a list of allowed HTTP methods.
// +kubebuilder:validation:Optional
AllowedMethods []string `json:"allowedMethods,omitempty"`
// AllowedOrigins is a list of allowed origins.
// +kubebuilder:validation:Optional
AllowedOrigins []string `json:"allowedOrigins,omitempty"`
// AllowedHeaders is a list of allowed headers.
// +kubebuilder:validation:Optional
AllowedHeaders []string `json:"allowedHeaders,omitempty"`
// AllowAllMethods allows all HTTP methods.
// +kubebuilder:validation:Optional
AllowAllMethods bool `json:"allowAllMethods,omitempty"`
// AllowAllHeaders allows all headers.
// +kubebuilder:validation:Optional
AllowAllHeaders bool `json:"allowAllHeaders,omitempty"`
// AllowAllOrigins allows all origins.
// +kubebuilder:validation:Optional
AllowAllOrigins bool `json:"allowAllOrigins,omitempty"`
// AllowCredentials allows credentials.
// +kubebuilder:validation:Optional
AllowCredentials bool `json:"allowCredentials,omitempty"`
// MaxAge is the maximum age for CORS preflight cache in seconds.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=86400
MaxAge int `json:"maxAge,omitempty"`
}
AccessApplicationCorsHeaders represents CORS settings for an Access Application.
func (*AccessApplicationCorsHeaders) DeepCopy ¶ added in v0.21.1
func (in *AccessApplicationCorsHeaders) DeepCopy() *AccessApplicationCorsHeaders
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationCorsHeaders.
func (*AccessApplicationCorsHeaders) DeepCopyInto ¶ added in v0.21.1
func (in *AccessApplicationCorsHeaders) DeepCopyInto(out *AccessApplicationCorsHeaders)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessApplicationList ¶
type AccessApplicationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AccessApplication `json:"items"`
}
AccessApplicationList contains a list of AccessApplication
func (*AccessApplicationList) DeepCopy ¶
func (in *AccessApplicationList) DeepCopy() *AccessApplicationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationList.
func (*AccessApplicationList) DeepCopyInto ¶
func (in *AccessApplicationList) DeepCopyInto(out *AccessApplicationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessApplicationList) DeepCopyObject ¶
func (in *AccessApplicationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AccessApplicationSCIMConfig ¶ added in v0.21.1
type AccessApplicationSCIMConfig struct {
// Enabled enables SCIM provisioning.
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty"`
// RemoteURI is the remote SCIM endpoint URI.
// +kubebuilder:validation:Optional
RemoteURI string `json:"remoteUri,omitempty"`
// Authentication configures SCIM authentication.
// +kubebuilder:validation:Optional
Authentication *SCIMAuthentication `json:"authentication,omitempty"`
// IDPUID is the identity provider UID for SCIM.
// +kubebuilder:validation:Optional
IDPUID string `json:"idpUid,omitempty"`
// DeactivateOnDelete deactivates users on delete instead of deleting.
// +kubebuilder:validation:Optional
DeactivateOnDelete *bool `json:"deactivateOnDelete,omitempty"`
// Mappings defines SCIM attribute mappings.
// +kubebuilder:validation:Optional
Mappings []SCIMMapping `json:"mappings,omitempty"`
}
AccessApplicationSCIMConfig represents SCIM configuration for an Access Application.
func (*AccessApplicationSCIMConfig) DeepCopy ¶ added in v0.21.1
func (in *AccessApplicationSCIMConfig) DeepCopy() *AccessApplicationSCIMConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationSCIMConfig.
func (*AccessApplicationSCIMConfig) DeepCopyInto ¶ added in v0.21.1
func (in *AccessApplicationSCIMConfig) DeepCopyInto(out *AccessApplicationSCIMConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessApplicationSpec ¶
type AccessApplicationSpec struct {
// Name of the Access Application in Cloudflare.
// If not specified, the Kubernetes resource name will be used.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Domain is the primary domain/URL for the application.
// +kubebuilder:validation:Required
Domain string `json:"domain"`
// SelfHostedDomains is a list of additional domains for the application.
// This allows protecting multiple domains with a single Access Application.
// Each domain should be a fully qualified domain name (e.g., "app.example.com" or "app.example.com/path").
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxItems=50
SelfHostedDomains []string `json:"selfHostedDomains,omitempty"`
// Destinations specifies the destination configurations for the application.
// This is more flexible than SelfHostedDomains and supports both public and private destinations.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxItems=50
Destinations []AccessDestination `json:"destinations,omitempty"`
// DomainType specifies the type of domain (public or private).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=public;private
DomainType string `json:"domainType,omitempty"`
// PrivateAddress is the private address for private applications.
// +kubebuilder:validation:Optional
PrivateAddress string `json:"privateAddress,omitempty"`
// Type is the application type.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=self_hosted;saas;ssh;vnc;app_launcher;warp;biso;bookmark;dash_sso;infrastructure
// +kubebuilder:default=self_hosted
Type string `json:"type"`
// SessionDuration is the amount of time that the token is valid for.
// +kubebuilder:validation:Optional
// +kubebuilder:default="24h"
SessionDuration string `json:"sessionDuration,omitempty"`
// AllowedIdps is the list of identity provider IDs allowed for this application.
// +kubebuilder:validation:Optional
AllowedIdps []string `json:"allowedIdps,omitempty"`
// AllowedIdpRefs references AccessIdentityProvider resources by name.
// +kubebuilder:validation:Optional
AllowedIdpRefs []AccessIdentityProviderRef `json:"allowedIdpRefs,omitempty"`
// AutoRedirectToIdentity enables automatic redirect to the identity provider.
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
AutoRedirectToIdentity bool `json:"autoRedirectToIdentity,omitempty"`
// EnableBindingCookie enables the binding cookie.
// +kubebuilder:validation:Optional
EnableBindingCookie *bool `json:"enableBindingCookie,omitempty"`
// HttpOnlyCookieAttribute sets the HttpOnly attribute on the cookie.
// +kubebuilder:validation:Optional
HttpOnlyCookieAttribute *bool `json:"httpOnlyCookieAttribute,omitempty"`
// PathCookieAttribute sets the Path attribute on the cookie.
// +kubebuilder:validation:Optional
PathCookieAttribute *bool `json:"pathCookieAttribute,omitempty"`
// SameSiteCookieAttribute sets the SameSite attribute on the cookie.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=strict;lax;none
SameSiteCookieAttribute string `json:"sameSiteCookieAttribute,omitempty"`
// LogoURL is the URL of the application logo.
// +kubebuilder:validation:Optional
LogoURL string `json:"logoUrl,omitempty"`
// SkipInterstitial skips the interstitial page.
// +kubebuilder:validation:Optional
SkipInterstitial *bool `json:"skipInterstitial,omitempty"`
// OptionsPreflightBypass allows CORS preflight requests to bypass Access authentication.
// +kubebuilder:validation:Optional
OptionsPreflightBypass *bool `json:"optionsPreflightBypass,omitempty"`
// AppLauncherVisible shows the application in the App Launcher.
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
AppLauncherVisible *bool `json:"appLauncherVisible,omitempty"`
// ServiceAuth401Redirect redirects unauthorized service auth requests.
// +kubebuilder:validation:Optional
ServiceAuth401Redirect *bool `json:"serviceAuth401Redirect,omitempty"`
// CustomDenyMessage is a custom message shown when access is denied.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=1024
CustomDenyMessage string `json:"customDenyMessage,omitempty"`
// CustomDenyURL is a custom URL to redirect to when access is denied.
// +kubebuilder:validation:Optional
CustomDenyURL string `json:"customDenyUrl,omitempty"`
// CustomNonIdentityDenyURL is a custom URL for non-identity deny.
// +kubebuilder:validation:Optional
CustomNonIdentityDenyURL string `json:"customNonIdentityDenyUrl,omitempty"`
// AllowAuthenticateViaWarp allows authentication via WARP.
// +kubebuilder:validation:Optional
AllowAuthenticateViaWarp *bool `json:"allowAuthenticateViaWarp,omitempty"`
// Tags are custom tags for the application.
// +kubebuilder:validation:Optional
Tags []string `json:"tags,omitempty"`
// CustomPages is a list of custom page IDs to use for the application.
// +kubebuilder:validation:Optional
CustomPages []string `json:"customPages,omitempty"`
// GatewayRules is a list of Gateway rule IDs associated with the application.
// +kubebuilder:validation:Optional
GatewayRules []string `json:"gatewayRules,omitempty"`
// CorsHeaders configures Cross-Origin Resource Sharing (CORS) for the application.
// +kubebuilder:validation:Optional
CorsHeaders *AccessApplicationCorsHeaders `json:"corsHeaders,omitempty"`
// SaasApp configures the SaaS application settings (for type=saas).
// +kubebuilder:validation:Optional
SaasApp *SaasApplicationConfig `json:"saasApp,omitempty"`
// SCIMConfig configures SCIM provisioning for the application.
// +kubebuilder:validation:Optional
SCIMConfig *AccessApplicationSCIMConfig `json:"scimConfig,omitempty"`
// AppLauncherCustomization configures the appearance of the app launcher.
// +kubebuilder:validation:Optional
AppLauncherCustomization *AccessAppLauncherCustomization `json:"appLauncherCustomization,omitempty"`
// TargetContexts specifies the target criteria for infrastructure applications.
// +kubebuilder:validation:Optional
TargetContexts []AccessInfrastructureTargetContext `json:"targetContexts,omitempty"`
// Policies defines the access policies for this application.
// +kubebuilder:validation:Optional
Policies []AccessPolicyRef `json:"policies,omitempty"`
// Cloudflare contains the Cloudflare API credentials and account information.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
AccessApplicationSpec defines the desired state of AccessApplication
func (*AccessApplicationSpec) DeepCopy ¶
func (in *AccessApplicationSpec) DeepCopy() *AccessApplicationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationSpec.
func (*AccessApplicationSpec) DeepCopyInto ¶
func (in *AccessApplicationSpec) DeepCopyInto(out *AccessApplicationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessApplicationStatus ¶
type AccessApplicationStatus struct {
// ApplicationID is the Cloudflare ID of the Access Application.
// +kubebuilder:validation:Optional
ApplicationID string `json:"applicationId,omitempty"`
// AUD is the Application Audience (AUD) Tag.
// +kubebuilder:validation:Optional
AUD string `json:"aud,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// Domain is the primary configured domain.
// +kubebuilder:validation:Optional
Domain string `json:"domain,omitempty"`
// SelfHostedDomains is the list of all configured domains (from Cloudflare API response).
// +kubebuilder:validation:Optional
SelfHostedDomains []string `json:"selfHostedDomains,omitempty"`
// State indicates the current state of the application.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// SaasAppClientID is the OIDC client ID (for SaaS applications with OIDC).
// +kubebuilder:validation:Optional
SaasAppClientID string `json:"saasAppClientId,omitempty"`
// ResolvedPolicies contains the resolved policy information for each policy.
// This helps with debugging and understanding policy state.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=precedence
ResolvedPolicies []ResolvedPolicyStatus `json:"resolvedPolicies,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
AccessApplicationStatus defines the observed state of AccessApplication
func (*AccessApplicationStatus) DeepCopy ¶
func (in *AccessApplicationStatus) DeepCopy() *AccessApplicationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessApplicationStatus.
func (*AccessApplicationStatus) DeepCopyInto ¶
func (in *AccessApplicationStatus) DeepCopyInto(out *AccessApplicationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessDestination ¶ added in v0.21.1
type AccessDestination struct {
// Type specifies the destination type (public or private).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=public;private
Type string `json:"type"`
// URI is the destination URI for public destinations.
// Required for public destinations.
// +kubebuilder:validation:Optional
URI string `json:"uri,omitempty"`
// Hostname is the destination hostname for private destinations.
// +kubebuilder:validation:Optional
Hostname string `json:"hostname,omitempty"`
// CIDR is the destination CIDR for private destinations.
// +kubebuilder:validation:Optional
CIDR string `json:"cidr,omitempty"`
// PortRange specifies the port range for private destinations (e.g., "80", "80-443").
// +kubebuilder:validation:Optional
PortRange string `json:"portRange,omitempty"`
// L4Protocol specifies the Layer 4 protocol for private destinations.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=tcp;udp
L4Protocol string `json:"l4Protocol,omitempty"`
// VnetID is the Virtual Network ID for private destinations.
// +kubebuilder:validation:Optional
VnetID string `json:"vnetId,omitempty"`
}
AccessDestination represents a destination for an Access Application.
func (*AccessDestination) DeepCopy ¶ added in v0.21.1
func (in *AccessDestination) DeepCopy() *AccessDestination
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessDestination.
func (*AccessDestination) DeepCopyInto ¶ added in v0.21.1
func (in *AccessDestination) DeepCopyInto(out *AccessDestination)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessFooterLink ¶ added in v0.21.1
type AccessFooterLink struct {
// +kubebuilder:validation:Required
// +kubebuilder:validation:MaxLength=255
Name string `json:"name"`
// +kubebuilder:validation:Required
URL string `json:"url"`
}
AccessFooterLink represents a footer link in the App Launcher.
func (*AccessFooterLink) DeepCopy ¶ added in v0.21.1
func (in *AccessFooterLink) DeepCopy() *AccessFooterLink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessFooterLink.
func (*AccessFooterLink) DeepCopyInto ¶ added in v0.21.1
func (in *AccessFooterLink) DeepCopyInto(out *AccessFooterLink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroup ¶
type AccessGroup struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AccessGroupSpec `json:"spec,omitempty"`
Status AccessGroupStatus `json:"status,omitempty"`
}
AccessGroup is the Schema for the accessgroups API.
func (*AccessGroup) DeepCopy ¶
func (in *AccessGroup) DeepCopy() *AccessGroup
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroup.
func (*AccessGroup) DeepCopyInto ¶
func (in *AccessGroup) DeepCopyInto(out *AccessGroup)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessGroup) DeepCopyObject ¶
func (in *AccessGroup) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AccessGroup) GetAccessGroupName ¶
func (a *AccessGroup) GetAccessGroupName() string
GetAccessGroupName returns the name to use in Cloudflare.
type AccessGroupAuthContextRule ¶ added in v0.21.1
type AccessGroupAuthContextRule struct {
// ID is the Azure Authentication Context ID.
ID string `json:"id"`
// AcID is the Azure AD Conditional Access Policy ID.
AcID string `json:"acId"`
// IdentityProviderID is the Cloudflare ID of the Azure identity provider.
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupAuthContextRule matches Azure Authentication Context.
func (*AccessGroupAuthContextRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupAuthContextRule) DeepCopy() *AccessGroupAuthContextRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupAuthContextRule.
func (*AccessGroupAuthContextRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupAuthContextRule) DeepCopyInto(out *AccessGroupAuthContextRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupAuthMethodRule ¶ added in v0.21.1
type AccessGroupAuthMethodRule struct {
// AuthMethod is the authentication method type (e.g., "mfa").
AuthMethod string `json:"authMethod"`
}
AccessGroupAuthMethodRule enforces MFA options.
func (*AccessGroupAuthMethodRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupAuthMethodRule) DeepCopy() *AccessGroupAuthMethodRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupAuthMethodRule.
func (*AccessGroupAuthMethodRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupAuthMethodRule) DeepCopyInto(out *AccessGroupAuthMethodRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupAzureRule ¶
type AccessGroupAzureRule struct {
ID string `json:"id"`
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupAzureRule matches Azure AD users.
func (*AccessGroupAzureRule) DeepCopy ¶
func (in *AccessGroupAzureRule) DeepCopy() *AccessGroupAzureRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupAzureRule.
func (*AccessGroupAzureRule) DeepCopyInto ¶
func (in *AccessGroupAzureRule) DeepCopyInto(out *AccessGroupAzureRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupCommonNameRule ¶
type AccessGroupCommonNameRule struct {
CommonName string `json:"commonName"`
}
AccessGroupCommonNameRule matches certificate common names.
func (*AccessGroupCommonNameRule) DeepCopy ¶
func (in *AccessGroupCommonNameRule) DeepCopy() *AccessGroupCommonNameRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCommonNameRule.
func (*AccessGroupCommonNameRule) DeepCopyInto ¶
func (in *AccessGroupCommonNameRule) DeepCopyInto(out *AccessGroupCommonNameRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupCountryRule ¶
type AccessGroupCountryRule struct {
Country []string `json:"country"`
}
AccessGroupCountryRule matches countries.
func (*AccessGroupCountryRule) DeepCopy ¶
func (in *AccessGroupCountryRule) DeepCopy() *AccessGroupCountryRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupCountryRule.
func (*AccessGroupCountryRule) DeepCopyInto ¶
func (in *AccessGroupCountryRule) DeepCopyInto(out *AccessGroupCountryRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupDevicePostureRule ¶
type AccessGroupDevicePostureRule struct {
IntegrationUID string `json:"integrationUid"`
}
AccessGroupDevicePostureRule matches device posture.
func (*AccessGroupDevicePostureRule) DeepCopy ¶
func (in *AccessGroupDevicePostureRule) DeepCopy() *AccessGroupDevicePostureRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupDevicePostureRule.
func (*AccessGroupDevicePostureRule) DeepCopyInto ¶
func (in *AccessGroupDevicePostureRule) DeepCopyInto(out *AccessGroupDevicePostureRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupEmailDomainRule ¶
type AccessGroupEmailDomainRule struct {
Domain string `json:"domain"`
}
AccessGroupEmailDomainRule matches emails from a domain.
func (*AccessGroupEmailDomainRule) DeepCopy ¶
func (in *AccessGroupEmailDomainRule) DeepCopy() *AccessGroupEmailDomainRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailDomainRule.
func (*AccessGroupEmailDomainRule) DeepCopyInto ¶
func (in *AccessGroupEmailDomainRule) DeepCopyInto(out *AccessGroupEmailDomainRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupEmailListRule ¶ added in v0.21.1
type AccessGroupEmailListRule struct {
// ID is the Cloudflare ID of the email list.
ID string `json:"id"`
}
AccessGroupEmailListRule matches emails from a predefined list.
func (*AccessGroupEmailListRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupEmailListRule) DeepCopy() *AccessGroupEmailListRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailListRule.
func (*AccessGroupEmailListRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupEmailListRule) DeepCopyInto(out *AccessGroupEmailListRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupEmailRule ¶
type AccessGroupEmailRule struct {
Email string `json:"email"`
}
AccessGroupEmailRule matches a specific email.
func (*AccessGroupEmailRule) DeepCopy ¶
func (in *AccessGroupEmailRule) DeepCopy() *AccessGroupEmailRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupEmailRule.
func (*AccessGroupEmailRule) DeepCopyInto ¶
func (in *AccessGroupEmailRule) DeepCopyInto(out *AccessGroupEmailRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupExternalEvaluationRule ¶
type AccessGroupExternalEvaluationRule struct {
EvaluateURL string `json:"evaluateUrl"`
KeysURL string `json:"keysUrl"`
}
AccessGroupExternalEvaluationRule calls external endpoint.
func (*AccessGroupExternalEvaluationRule) DeepCopy ¶
func (in *AccessGroupExternalEvaluationRule) DeepCopy() *AccessGroupExternalEvaluationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupExternalEvaluationRule.
func (*AccessGroupExternalEvaluationRule) DeepCopyInto ¶
func (in *AccessGroupExternalEvaluationRule) DeepCopyInto(out *AccessGroupExternalEvaluationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupGSuiteRule ¶
type AccessGroupGSuiteRule struct {
Email string `json:"email"`
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupGSuiteRule matches Google Workspace users.
func (*AccessGroupGSuiteRule) DeepCopy ¶
func (in *AccessGroupGSuiteRule) DeepCopy() *AccessGroupGSuiteRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGSuiteRule.
func (*AccessGroupGSuiteRule) DeepCopyInto ¶
func (in *AccessGroupGSuiteRule) DeepCopyInto(out *AccessGroupGSuiteRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupGitHubRule ¶
type AccessGroupGitHubRule struct {
Name string `json:"name"`
IdentityProviderID string `json:"identityProviderId"`
Teams []string `json:"teams,omitempty"`
}
AccessGroupGitHubRule matches GitHub users.
func (*AccessGroupGitHubRule) DeepCopy ¶
func (in *AccessGroupGitHubRule) DeepCopy() *AccessGroupGitHubRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGitHubRule.
func (*AccessGroupGitHubRule) DeepCopyInto ¶
func (in *AccessGroupGitHubRule) DeepCopyInto(out *AccessGroupGitHubRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupGroupRule ¶
type AccessGroupGroupRule struct {
ID string `json:"id"`
}
AccessGroupGroupRule matches IdP groups.
func (*AccessGroupGroupRule) DeepCopy ¶
func (in *AccessGroupGroupRule) DeepCopy() *AccessGroupGroupRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupGroupRule.
func (*AccessGroupGroupRule) DeepCopyInto ¶
func (in *AccessGroupGroupRule) DeepCopyInto(out *AccessGroupGroupRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupIPListRule ¶ added in v0.21.1
type AccessGroupIPListRule struct {
// ID is the Cloudflare ID of the IP list.
ID string `json:"id"`
}
AccessGroupIPListRule matches IPs from a predefined list.
func (*AccessGroupIPListRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupIPListRule) DeepCopy() *AccessGroupIPListRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupIPListRule.
func (*AccessGroupIPListRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupIPListRule) DeepCopyInto(out *AccessGroupIPListRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupIPRangesRule ¶
type AccessGroupIPRangesRule struct {
IP []string `json:"ip"`
}
AccessGroupIPRangesRule matches IP ranges.
func (*AccessGroupIPRangesRule) DeepCopy ¶
func (in *AccessGroupIPRangesRule) DeepCopy() *AccessGroupIPRangesRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupIPRangesRule.
func (*AccessGroupIPRangesRule) DeepCopyInto ¶
func (in *AccessGroupIPRangesRule) DeepCopyInto(out *AccessGroupIPRangesRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupList ¶
type AccessGroupList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AccessGroup `json:"items"`
}
AccessGroupList contains a list of AccessGroup
func (*AccessGroupList) DeepCopy ¶
func (in *AccessGroupList) DeepCopy() *AccessGroupList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupList.
func (*AccessGroupList) DeepCopyInto ¶
func (in *AccessGroupList) DeepCopyInto(out *AccessGroupList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessGroupList) DeepCopyObject ¶
func (in *AccessGroupList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AccessGroupLoginMethodRule ¶ added in v0.21.1
type AccessGroupLoginMethodRule struct {
// ID is the Cloudflare ID of the identity provider.
ID string `json:"id"`
}
AccessGroupLoginMethodRule matches a specific identity provider.
func (*AccessGroupLoginMethodRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupLoginMethodRule) DeepCopy() *AccessGroupLoginMethodRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupLoginMethodRule.
func (*AccessGroupLoginMethodRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupLoginMethodRule) DeepCopyInto(out *AccessGroupLoginMethodRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupOIDCRule ¶
type AccessGroupOIDCRule struct {
ClaimName string `json:"claimName"`
ClaimValue string `json:"claimValue"`
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupOIDCRule matches OIDC claims.
func (*AccessGroupOIDCRule) DeepCopy ¶
func (in *AccessGroupOIDCRule) DeepCopy() *AccessGroupOIDCRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupOIDCRule.
func (*AccessGroupOIDCRule) DeepCopyInto ¶
func (in *AccessGroupOIDCRule) DeepCopyInto(out *AccessGroupOIDCRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupOktaRule ¶ added in v0.21.1
type AccessGroupOktaRule struct {
// Name is the Okta group name.
Name string `json:"name"`
// IdentityProviderID is the Cloudflare ID of the Okta identity provider.
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupOktaRule matches Okta groups.
func (*AccessGroupOktaRule) DeepCopy ¶ added in v0.21.1
func (in *AccessGroupOktaRule) DeepCopy() *AccessGroupOktaRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupOktaRule.
func (*AccessGroupOktaRule) DeepCopyInto ¶ added in v0.21.1
func (in *AccessGroupOktaRule) DeepCopyInto(out *AccessGroupOktaRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupRule ¶
type AccessGroupRule struct {
// Email matches a specific email address.
// +kubebuilder:validation:Optional
Email *AccessGroupEmailRule `json:"email,omitempty"`
// EmailDomain matches all emails from a domain.
// +kubebuilder:validation:Optional
EmailDomain *AccessGroupEmailDomainRule `json:"emailDomain,omitempty"`
// EmailList matches emails from a predefined list.
// +kubebuilder:validation:Optional
EmailList *AccessGroupEmailListRule `json:"emailList,omitempty"`
// Everyone matches all users.
// +kubebuilder:validation:Optional
Everyone bool `json:"everyone,omitempty"`
// IPRanges matches users from specific IP ranges.
// +kubebuilder:validation:Optional
IPRanges *AccessGroupIPRangesRule `json:"ipRanges,omitempty"`
// IPList matches users from a predefined IP list.
// +kubebuilder:validation:Optional
IPList *AccessGroupIPListRule `json:"ipList,omitempty"`
// Country matches users from specific countries.
// +kubebuilder:validation:Optional
Country *AccessGroupCountryRule `json:"country,omitempty"`
// Group matches users in a specific IdP group.
// +kubebuilder:validation:Optional
Group *AccessGroupGroupRule `json:"group,omitempty"`
// ServiceToken matches requests with a specific service token.
// +kubebuilder:validation:Optional
ServiceToken *AccessGroupServiceTokenRule `json:"serviceToken,omitempty"`
// AnyValidServiceToken matches any valid service token.
// +kubebuilder:validation:Optional
AnyValidServiceToken bool `json:"anyValidServiceToken,omitempty"`
// Certificate matches requests with a valid mTLS certificate.
// +kubebuilder:validation:Optional
Certificate bool `json:"certificate,omitempty"`
// CommonName matches mTLS certificates with a specific common name.
// +kubebuilder:validation:Optional
CommonName *AccessGroupCommonNameRule `json:"commonName,omitempty"`
// DevicePosture matches devices that pass posture checks.
// +kubebuilder:validation:Optional
DevicePosture *AccessGroupDevicePostureRule `json:"devicePosture,omitempty"`
// GSUITE matches users from Google Workspace.
// +kubebuilder:validation:Optional
GSuite *AccessGroupGSuiteRule `json:"gsuite,omitempty"`
// GitHub matches users from GitHub organizations.
// +kubebuilder:validation:Optional
GitHub *AccessGroupGitHubRule `json:"github,omitempty"`
// Azure matches users from Azure AD groups.
// +kubebuilder:validation:Optional
Azure *AccessGroupAzureRule `json:"azure,omitempty"`
// Okta matches users from Okta groups.
// +kubebuilder:validation:Optional
Okta *AccessGroupOktaRule `json:"okta,omitempty"`
// OIDC matches users based on OIDC claims.
// +kubebuilder:validation:Optional
OIDC *AccessGroupOIDCRule `json:"oidc,omitempty"`
// SAML matches users based on SAML attributes.
// +kubebuilder:validation:Optional
SAML *AccessGroupSAMLRule `json:"saml,omitempty"`
// AuthMethod enforces different MFA options.
// +kubebuilder:validation:Optional
AuthMethod *AccessGroupAuthMethodRule `json:"authMethod,omitempty"`
// AuthContext matches Azure Authentication Context.
// +kubebuilder:validation:Optional
AuthContext *AccessGroupAuthContextRule `json:"authContext,omitempty"`
// LoginMethod matches a specific identity provider.
// +kubebuilder:validation:Optional
LoginMethod *AccessGroupLoginMethodRule `json:"loginMethod,omitempty"`
// ExternalEvaluation calls an external endpoint for evaluation.
// +kubebuilder:validation:Optional
ExternalEvaluation *AccessGroupExternalEvaluationRule `json:"externalEvaluation,omitempty"`
}
AccessGroupRule defines a single rule in an Access Group.
func (*AccessGroupRule) DeepCopy ¶
func (in *AccessGroupRule) DeepCopy() *AccessGroupRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupRule.
func (*AccessGroupRule) DeepCopyInto ¶
func (in *AccessGroupRule) DeepCopyInto(out *AccessGroupRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupSAMLRule ¶
type AccessGroupSAMLRule struct {
AttributeName string `json:"attributeName"`
AttributeValue string `json:"attributeValue"`
IdentityProviderID string `json:"identityProviderId"`
}
AccessGroupSAMLRule matches SAML attributes.
func (*AccessGroupSAMLRule) DeepCopy ¶
func (in *AccessGroupSAMLRule) DeepCopy() *AccessGroupSAMLRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSAMLRule.
func (*AccessGroupSAMLRule) DeepCopyInto ¶
func (in *AccessGroupSAMLRule) DeepCopyInto(out *AccessGroupSAMLRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupServiceTokenRule ¶
type AccessGroupServiceTokenRule struct {
TokenID string `json:"tokenId"`
}
AccessGroupServiceTokenRule matches a service token.
func (*AccessGroupServiceTokenRule) DeepCopy ¶
func (in *AccessGroupServiceTokenRule) DeepCopy() *AccessGroupServiceTokenRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupServiceTokenRule.
func (*AccessGroupServiceTokenRule) DeepCopyInto ¶
func (in *AccessGroupServiceTokenRule) DeepCopyInto(out *AccessGroupServiceTokenRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupSpec ¶
type AccessGroupSpec struct {
// Name of the Access Group in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Include defines rules that users must match to be included (OR logic).
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Include []AccessGroupRule `json:"include"`
// Exclude defines rules that exclude users even if they match include rules (NOT logic).
// +kubebuilder:validation:Optional
Exclude []AccessGroupRule `json:"exclude,omitempty"`
// Require defines rules that all users must match in addition to include rules (AND logic).
// +kubebuilder:validation:Optional
Require []AccessGroupRule `json:"require,omitempty"`
// IsDefault indicates whether this is the default group.
// +kubebuilder:validation:Optional
IsDefault *bool `json:"isDefault,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
AccessGroupSpec defines the desired state of AccessGroup
func (*AccessGroupSpec) DeepCopy ¶
func (in *AccessGroupSpec) DeepCopy() *AccessGroupSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupSpec.
func (*AccessGroupSpec) DeepCopyInto ¶
func (in *AccessGroupSpec) DeepCopyInto(out *AccessGroupSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessGroupStatus ¶
type AccessGroupStatus struct {
// GroupID is the Cloudflare ID of the Access Group.
// +kubebuilder:validation:Optional
GroupID string `json:"groupId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
AccessGroupStatus defines the observed state of AccessGroup
func (*AccessGroupStatus) DeepCopy ¶
func (in *AccessGroupStatus) DeepCopy() *AccessGroupStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessGroupStatus.
func (*AccessGroupStatus) DeepCopyInto ¶
func (in *AccessGroupStatus) DeepCopyInto(out *AccessGroupStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessIdentityProvider ¶
type AccessIdentityProvider struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AccessIdentityProviderSpec `json:"spec,omitempty"`
Status AccessIdentityProviderStatus `json:"status,omitempty"`
}
AccessIdentityProvider is the Schema for the accessidentityproviders API.
func (*AccessIdentityProvider) DeepCopy ¶
func (in *AccessIdentityProvider) DeepCopy() *AccessIdentityProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProvider.
func (*AccessIdentityProvider) DeepCopyInto ¶
func (in *AccessIdentityProvider) DeepCopyInto(out *AccessIdentityProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessIdentityProvider) DeepCopyObject ¶
func (in *AccessIdentityProvider) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AccessIdentityProvider) GetProviderName ¶
func (a *AccessIdentityProvider) GetProviderName() string
GetProviderName returns the name to use in Cloudflare.
type AccessIdentityProviderList ¶
type AccessIdentityProviderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AccessIdentityProvider `json:"items"`
}
AccessIdentityProviderList contains a list of AccessIdentityProvider
func (*AccessIdentityProviderList) DeepCopy ¶
func (in *AccessIdentityProviderList) DeepCopy() *AccessIdentityProviderList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderList.
func (*AccessIdentityProviderList) DeepCopyInto ¶
func (in *AccessIdentityProviderList) DeepCopyInto(out *AccessIdentityProviderList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessIdentityProviderList) DeepCopyObject ¶
func (in *AccessIdentityProviderList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AccessIdentityProviderRef ¶
type AccessIdentityProviderRef struct {
// Name is the name of the AccessIdentityProvider resource.
// +kubebuilder:validation:Required
Name string `json:"name"`
}
AccessIdentityProviderRef references an AccessIdentityProvider resource.
func (*AccessIdentityProviderRef) DeepCopy ¶
func (in *AccessIdentityProviderRef) DeepCopy() *AccessIdentityProviderRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderRef.
func (*AccessIdentityProviderRef) DeepCopyInto ¶
func (in *AccessIdentityProviderRef) DeepCopyInto(out *AccessIdentityProviderRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessIdentityProviderSpec ¶
type AccessIdentityProviderSpec struct {
// Name of the Identity Provider in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Type is the identity provider type.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=onetimepin;azureAD;saml;centrify;facebook;github;google-apps;google;linkedin;oidc;okta;onelogin;pingone;yandex
Type string `json:"type"`
// Config contains provider-specific configuration.
// +kubebuilder:validation:Optional
Config *IdentityProviderConfig `json:"config,omitempty"`
// ConfigSecretRef references a Secret containing sensitive config values.
// +kubebuilder:validation:Optional
ConfigSecretRef *SecretKeySelector `json:"configSecretRef,omitempty"`
// ScimConfig contains SCIM provisioning configuration.
// +kubebuilder:validation:Optional
ScimConfig *IdentityProviderScimConfig `json:"scimConfig,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
AccessIdentityProviderSpec defines the desired state of AccessIdentityProvider
func (*AccessIdentityProviderSpec) DeepCopy ¶
func (in *AccessIdentityProviderSpec) DeepCopy() *AccessIdentityProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderSpec.
func (*AccessIdentityProviderSpec) DeepCopyInto ¶
func (in *AccessIdentityProviderSpec) DeepCopyInto(out *AccessIdentityProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessIdentityProviderStatus ¶
type AccessIdentityProviderStatus struct {
// ProviderID is the Cloudflare ID.
// +kubebuilder:validation:Optional
ProviderID string `json:"providerId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
AccessIdentityProviderStatus defines the observed state
func (*AccessIdentityProviderStatus) DeepCopy ¶
func (in *AccessIdentityProviderStatus) DeepCopy() *AccessIdentityProviderStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessIdentityProviderStatus.
func (*AccessIdentityProviderStatus) DeepCopyInto ¶
func (in *AccessIdentityProviderStatus) DeepCopyInto(out *AccessIdentityProviderStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessInfrastructureTargetContext ¶ added in v0.21.1
type AccessInfrastructureTargetContext struct {
// TargetAttributes is a map of target attribute names to their allowed values.
// +kubebuilder:validation:Required
TargetAttributes map[string][]string `json:"targetAttributes"`
// Port is the target port.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
Port int `json:"port"`
// Protocol is the target protocol (SSH, RDP, etc.).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=SSH;RDP
Protocol string `json:"protocol"`
}
AccessInfrastructureTargetContext specifies target criteria for infrastructure applications.
func (*AccessInfrastructureTargetContext) DeepCopy ¶ added in v0.21.1
func (in *AccessInfrastructureTargetContext) DeepCopy() *AccessInfrastructureTargetContext
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessInfrastructureTargetContext.
func (*AccessInfrastructureTargetContext) DeepCopyInto ¶ added in v0.21.1
func (in *AccessInfrastructureTargetContext) DeepCopyInto(out *AccessInfrastructureTargetContext)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessLandingPageDesign ¶ added in v0.21.1
type AccessLandingPageDesign struct {
// Title is the landing page title.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Title string `json:"title,omitempty"`
// Message is the landing page message.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=1024
Message string `json:"message,omitempty"`
// ImageURL is the URL of the landing page image.
// +kubebuilder:validation:Optional
ImageURL string `json:"imageUrl,omitempty"`
// ButtonColor is the button color (hex format).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^#[0-9a-fA-F]{6}$`
ButtonColor string `json:"buttonColor,omitempty"`
// ButtonTextColor is the button text color (hex format).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^#[0-9a-fA-F]{6}$`
ButtonTextColor string `json:"buttonTextColor,omitempty"`
}
AccessLandingPageDesign represents the landing page design configuration.
func (*AccessLandingPageDesign) DeepCopy ¶ added in v0.21.1
func (in *AccessLandingPageDesign) DeepCopy() *AccessLandingPageDesign
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLandingPageDesign.
func (*AccessLandingPageDesign) DeepCopyInto ¶ added in v0.21.1
func (in *AccessLandingPageDesign) DeepCopyInto(out *AccessLandingPageDesign)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessPolicyRef ¶
type AccessPolicyRef struct {
// Name is the name of an AccessGroup resource (Kubernetes) to use as a policy.
// If specified, the controller will look up the AccessGroup CR and use its GroupID.
// Mutually exclusive with groupId and cloudflareGroupName.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=253
Name string `json:"name,omitempty"`
// GroupID is the UUID of an existing Cloudflare Access Group.
// Use this to directly reference a Cloudflare-managed Access Group
// without creating a corresponding Kubernetes AccessGroup resource.
// Mutually exclusive with name and cloudflareGroupName.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`
GroupID string `json:"groupId,omitempty"`
// CloudflareGroupName is the display name of an existing Cloudflare Access Group.
// The controller will resolve this name to a GroupID via the Cloudflare API.
// Use this when you want to reference a Cloudflare Access Group by name
// (e.g., groups created via Terraform or the Cloudflare dashboard).
// Mutually exclusive with name and groupId.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
CloudflareGroupName string `json:"cloudflareGroupName,omitempty"`
// Decision is the policy decision (allow, deny, bypass, non_identity).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=allow;deny;bypass;non_identity
// +kubebuilder:default=allow
Decision string `json:"decision,omitempty"`
// Precedence is the order of evaluation. Lower numbers are evaluated first.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
Precedence int `json:"precedence,omitempty"`
// PolicyName is the name for this policy in Cloudflare.
// If not specified, a name will be auto-generated based on the AccessApplication name and precedence.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
PolicyName string `json:"policyName,omitempty"`
// SessionDuration overrides the application's session duration for this policy.
// +kubebuilder:validation:Optional
SessionDuration string `json:"sessionDuration,omitempty"`
}
AccessPolicyRef references an access policy or defines an inline policy. Exactly one of name, groupId, or cloudflareGroupName must be specified.
func (*AccessPolicyRef) DeepCopy ¶
func (in *AccessPolicyRef) DeepCopy() *AccessPolicyRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyRef.
func (*AccessPolicyRef) DeepCopyInto ¶
func (in *AccessPolicyRef) DeepCopyInto(out *AccessPolicyRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessServiceToken ¶
type AccessServiceToken struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AccessServiceTokenSpec `json:"spec,omitempty"`
Status AccessServiceTokenStatus `json:"status,omitempty"`
}
AccessServiceToken is the Schema for the accessservicetokens API.
func (*AccessServiceToken) DeepCopy ¶
func (in *AccessServiceToken) DeepCopy() *AccessServiceToken
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceToken.
func (*AccessServiceToken) DeepCopyInto ¶
func (in *AccessServiceToken) DeepCopyInto(out *AccessServiceToken)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessServiceToken) DeepCopyObject ¶
func (in *AccessServiceToken) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AccessServiceToken) GetTokenName ¶
func (a *AccessServiceToken) GetTokenName() string
GetTokenName returns the name to use in Cloudflare.
type AccessServiceTokenList ¶
type AccessServiceTokenList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AccessServiceToken `json:"items"`
}
AccessServiceTokenList contains a list of AccessServiceToken
func (*AccessServiceTokenList) DeepCopy ¶
func (in *AccessServiceTokenList) DeepCopy() *AccessServiceTokenList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenList.
func (*AccessServiceTokenList) DeepCopyInto ¶
func (in *AccessServiceTokenList) DeepCopyInto(out *AccessServiceTokenList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessServiceTokenList) DeepCopyObject ¶
func (in *AccessServiceTokenList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AccessServiceTokenSpec ¶
type AccessServiceTokenSpec struct {
// Name of the Service Token in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Duration is the validity duration (e.g., "8760h" for 1 year, "forever").
// +kubebuilder:validation:Optional
// +kubebuilder:default="8760h"
Duration string `json:"duration,omitempty"`
// SecretRef is where to store the generated token credentials.
// +kubebuilder:validation:Required
SecretRef ServiceTokenSecretRef `json:"secretRef"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
AccessServiceTokenSpec defines the desired state of AccessServiceToken
func (*AccessServiceTokenSpec) DeepCopy ¶
func (in *AccessServiceTokenSpec) DeepCopy() *AccessServiceTokenSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenSpec.
func (*AccessServiceTokenSpec) DeepCopyInto ¶
func (in *AccessServiceTokenSpec) DeepCopyInto(out *AccessServiceTokenSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessServiceTokenStatus ¶
type AccessServiceTokenStatus struct {
// TokenID is the Cloudflare Service Token ID.
// +kubebuilder:validation:Optional
TokenID string `json:"tokenId,omitempty"`
// ClientID is the Service Token Client ID.
// +kubebuilder:validation:Optional
ClientID string `json:"clientId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// ExpiresAt is when the token expires.
// +kubebuilder:validation:Optional
ExpiresAt string `json:"expiresAt,omitempty"`
// CreatedAt is when the token was created.
// +kubebuilder:validation:Optional
CreatedAt string `json:"createdAt,omitempty"`
// UpdatedAt is when the token was last updated.
// +kubebuilder:validation:Optional
UpdatedAt string `json:"updatedAt,omitempty"`
// LastSeenAt is when the token was last used.
// +kubebuilder:validation:Optional
LastSeenAt string `json:"lastSeenAt,omitempty"`
// ClientSecretVersion is the current version of the client secret.
// +kubebuilder:validation:Optional
ClientSecretVersion int64 `json:"clientSecretVersion,omitempty"`
// SecretName is the name of the Secret containing credentials.
// +kubebuilder:validation:Optional
SecretName string `json:"secretName,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
AccessServiceTokenStatus defines the observed state
func (*AccessServiceTokenStatus) DeepCopy ¶
func (in *AccessServiceTokenStatus) DeepCopy() *AccessServiceTokenStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessServiceTokenStatus.
func (*AccessServiceTokenStatus) DeepCopyInto ¶
func (in *AccessServiceTokenStatus) DeepCopyInto(out *AccessServiceTokenStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ActivityLogSettings ¶
type ActivityLogSettings struct {
Enabled bool `json:"enabled"`
}
ActivityLogSettings for activity logging.
func (*ActivityLogSettings) DeepCopy ¶
func (in *ActivityLogSettings) DeepCopy() *ActivityLogSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActivityLogSettings.
func (*ActivityLogSettings) DeepCopyInto ¶
func (in *ActivityLogSettings) DeepCopyInto(out *ActivityLogSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AntiVirusSettings ¶
type AntiVirusSettings struct {
Enabled bool `json:"enabled"`
EnabledDownloadPhase bool `json:"enabledDownloadPhase,omitempty"`
EnabledUploadPhase bool `json:"enabledUploadPhase,omitempty"`
FailClosed bool `json:"failClosed,omitempty"`
NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}
AntiVirusSettings for AV scanning.
func (*AntiVirusSettings) DeepCopy ¶
func (in *AntiVirusSettings) DeepCopy() *AntiVirusSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntiVirusSettings.
func (*AntiVirusSettings) DeepCopyInto ¶
func (in *AntiVirusSettings) DeepCopyInto(out *AntiVirusSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuditSSHSettings ¶
type AuditSSHSettings struct {
CommandLogging bool `json:"commandLogging"`
}
AuditSSHSettings for SSH auditing.
func (*AuditSSHSettings) DeepCopy ¶
func (in *AuditSSHSettings) DeepCopy() *AuditSSHSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSSHSettings.
func (*AuditSSHSettings) DeepCopyInto ¶
func (in *AuditSSHSettings) DeepCopyInto(out *AuditSSHSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthenticatedOriginPullConfig ¶ added in v0.20.0
type AuthenticatedOriginPullConfig struct {
// Enabled enables authenticated origin pulls (mTLS)
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Enabled bool `json:"enabled,omitempty"`
// CertificateSecretRef references a Secret containing custom client certificate
// If not specified, Cloudflare's default certificate will be used
// +kubebuilder:validation:Optional
CertificateSecretRef *SecretReference `json:"certificateSecretRef,omitempty"`
}
AuthenticatedOriginPullConfig configures client certificate authentication
func (*AuthenticatedOriginPullConfig) DeepCopy ¶ added in v0.20.0
func (in *AuthenticatedOriginPullConfig) DeepCopy() *AuthenticatedOriginPullConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatedOriginPullConfig.
func (*AuthenticatedOriginPullConfig) DeepCopyInto ¶ added in v0.20.0
func (in *AuthenticatedOriginPullConfig) DeepCopyInto(out *AuthenticatedOriginPullConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AutoPopulateConfig ¶
type AutoPopulateConfig struct {
// Enabled enables automatic population from NetworkRoute resources.
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Enabled bool `json:"enabled,omitempty"`
// LabelSelector selects which NetworkRoute resources to include.
// If empty, all NetworkRoute resources are included.
// +kubebuilder:validation:Optional
LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`
// DescriptionPrefix is prepended to auto-generated descriptions.
// +kubebuilder:validation:Optional
// +kubebuilder:default="Auto-populated from NetworkRoute: "
DescriptionPrefix string `json:"descriptionPrefix,omitempty"`
}
AutoPopulateConfig configures automatic population of split tunnel entries.
func (*AutoPopulateConfig) DeepCopy ¶
func (in *AutoPopulateConfig) DeepCopy() *AutoPopulateConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoPopulateConfig.
func (*AutoPopulateConfig) DeepCopyInto ¶
func (in *AutoPopulateConfig) DeepCopyInto(out *AutoPopulateConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BISOAdminControls ¶
type BISOAdminControls struct {
DisablePrinting *bool `json:"disablePrinting,omitempty"`
DisableCopyPaste *bool `json:"disableCopyPaste,omitempty"`
DisableDownload *bool `json:"disableDownload,omitempty"`
DisableUpload *bool `json:"disableUpload,omitempty"`
DisableKeyboard *bool `json:"disableKeyboard,omitempty"`
DisableClipboardRedirection *bool `json:"disableClipboardRedirection,omitempty"`
}
BISOAdminControls for browser isolation.
func (*BISOAdminControls) DeepCopy ¶
func (in *BISOAdminControls) DeepCopy() *BISOAdminControls
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BISOAdminControls.
func (*BISOAdminControls) DeepCopyInto ¶
func (in *BISOAdminControls) DeepCopyInto(out *BISOAdminControls)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BlockPageSettings ¶
type BlockPageSettings struct {
Enabled bool `json:"enabled"`
Name string `json:"name,omitempty"`
HeaderText string `json:"headerText,omitempty"`
LogoPath string `json:"logoPath,omitempty"`
BackgroundColor string `json:"backgroundColor,omitempty"`
MailtoAddress string `json:"mailtoAddress,omitempty"`
MailtoSubject string `json:"mailtoSubject,omitempty"`
}
BlockPageSettings for block page customization.
func (*BlockPageSettings) DeepCopy ¶
func (in *BlockPageSettings) DeepCopy() *BlockPageSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockPageSettings.
func (*BlockPageSettings) DeepCopyInto ¶
func (in *BlockPageSettings) DeepCopyInto(out *BlockPageSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BodyScanningSettings ¶
type BodyScanningSettings struct {
InspectionMode string `json:"inspectionMode,omitempty"` // deep, shallow
}
BodyScanningSettings for body scanning.
func (*BodyScanningSettings) DeepCopy ¶
func (in *BodyScanningSettings) DeepCopy() *BodyScanningSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyScanningSettings.
func (*BodyScanningSettings) DeepCopyInto ¶
func (in *BodyScanningSettings) DeepCopyInto(out *BodyScanningSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BrowserIsolationSettings ¶
type BrowserIsolationSettings struct {
URLBrowserIsolationEnabled bool `json:"urlBrowserIsolationEnabled,omitempty"`
NonIdentityEnabled bool `json:"nonIdentityEnabled,omitempty"`
}
BrowserIsolationSettings for browser isolation.
func (*BrowserIsolationSettings) DeepCopy ¶
func (in *BrowserIsolationSettings) DeepCopy() *BrowserIsolationSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrowserIsolationSettings.
func (*BrowserIsolationSettings) DeepCopyInto ¶
func (in *BrowserIsolationSettings) DeepCopyInto(out *BrowserIsolationSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CacheConfig ¶ added in v0.20.0
type CacheConfig struct {
// BrowserTTL sets the browser cache TTL in seconds
// Minimum: 0 (respect origin), Maximum: 31536000 (1 year)
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=31536000
BrowserTTL *int `json:"browserTTL,omitempty"`
// DevelopmentMode temporarily bypasses cache for development
// Automatically disables after 3 hours
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
DevelopmentMode bool `json:"developmentMode,omitempty"`
// CacheLevel sets the cache level
// +kubebuilder:validation:Optional
// +kubebuilder:default=aggressive
CacheLevel CacheLevel `json:"cacheLevel,omitempty"`
// TieredCache configures tiered caching
// +kubebuilder:validation:Optional
TieredCache *TieredCacheConfig `json:"tieredCache,omitempty"`
// CacheReserve configures persistent cache storage
// +kubebuilder:validation:Optional
CacheReserve *CacheReserveConfig `json:"cacheReserve,omitempty"`
// AlwaysOnline serves stale content when origin is unavailable
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
AlwaysOnline *bool `json:"alwaysOnline,omitempty"`
// CacheByDeviceType caches content separately for mobile/desktop
// Requires Enterprise plan
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
CacheByDeviceType bool `json:"cacheByDeviceType,omitempty"`
// SortQueryStringForCache treats query strings with same parameters
// but different order as the same for caching purposes
// Requires Enterprise plan
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
SortQueryStringForCache bool `json:"sortQueryStringForCache,omitempty"`
}
CacheConfig defines caching settings for a domain
func (*CacheConfig) DeepCopy ¶ added in v0.20.0
func (in *CacheConfig) DeepCopy() *CacheConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheConfig.
func (*CacheConfig) DeepCopyInto ¶ added in v0.20.0
func (in *CacheConfig) DeepCopyInto(out *CacheConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CacheLevel ¶ added in v0.20.0
type CacheLevel string
CacheLevel represents cache level settings +kubebuilder:validation:Enum=bypass;basic;simplified;aggressive
const ( CacheLevelBypass CacheLevel = "bypass" CacheLevelBasic CacheLevel = "basic" CacheLevelSimplified CacheLevel = "simplified" CacheLevelAggressive CacheLevel = "aggressive" )
type CacheReserveConfig ¶ added in v0.20.0
type CacheReserveConfig struct {
// Enabled enables Cache Reserve
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Enabled bool `json:"enabled,omitempty"`
}
CacheReserveConfig configures Cache Reserve (persistent cache)
func (*CacheReserveConfig) DeepCopy ¶ added in v0.20.0
func (in *CacheReserveConfig) DeepCopy() *CacheReserveConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheReserveConfig.
func (*CacheReserveConfig) DeepCopyInto ¶ added in v0.20.0
func (in *CacheReserveConfig) DeepCopyInto(out *CacheReserveConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateRequestType ¶ added in v0.20.0
type CertificateRequestType string
CertificateRequestType represents the type of certificate to request +kubebuilder:validation:Enum=origin-rsa;origin-ecc
const ( // CertificateRequestTypeOriginRSA requests an RSA certificate CertificateRequestTypeOriginRSA CertificateRequestType = "origin-rsa" // CertificateRequestTypeOriginECC requests an ECC certificate CertificateRequestTypeOriginECC CertificateRequestType = "origin-ecc" )
type CertificateValidity ¶ added in v0.20.0
type CertificateValidity int
CertificateValidity represents the validity period of the certificate in days +kubebuilder:validation:Enum=7;30;90;365;730;1095;5475
const ( // CertificateValidity7Days is 7 days validity CertificateValidity7Days CertificateValidity = 7 // CertificateValidity30Days is 30 days validity CertificateValidity30Days CertificateValidity = 30 // CertificateValidity90Days is 90 days validity CertificateValidity90Days CertificateValidity = 90 // CertificateValidity1Year is 365 days validity CertificateValidity1Year CertificateValidity = 365 // CertificateValidity2Years is 730 days validity CertificateValidity2Years CertificateValidity = 730 // CertificateValidity3Years is 1095 days validity CertificateValidity3Years CertificateValidity = 1095 // CertificateValidity15Years is 5475 days validity (maximum) CertificateValidity15Years CertificateValidity = 5475 )
type CloudflareAuthType ¶ added in v0.17.0
type CloudflareAuthType string
CloudflareAuthType defines the authentication method for Cloudflare API +kubebuilder:validation:Enum=apiToken;globalAPIKey
const ( // AuthTypeAPIToken uses a scoped API Token for authentication AuthTypeAPIToken CloudflareAuthType = "apiToken" // AuthTypeGlobalAPIKey uses Global API Key + Email for authentication AuthTypeGlobalAPIKey CloudflareAuthType = "globalAPIKey" )
type CloudflareCredentials ¶ added in v0.17.0
type CloudflareCredentials struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CloudflareCredentialsSpec `json:"spec,omitempty"`
Status CloudflareCredentialsStatus `json:"status,omitempty"`
}
CloudflareCredentials is the Schema for global Cloudflare API credentials
func (*CloudflareCredentials) DeepCopy ¶ added in v0.17.0
func (in *CloudflareCredentials) DeepCopy() *CloudflareCredentials
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentials.
func (*CloudflareCredentials) DeepCopyInto ¶ added in v0.17.0
func (in *CloudflareCredentials) DeepCopyInto(out *CloudflareCredentials)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CloudflareCredentials) DeepCopyObject ¶ added in v0.17.0
func (in *CloudflareCredentials) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CloudflareCredentialsList ¶ added in v0.17.0
type CloudflareCredentialsList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []CloudflareCredentials `json:"items"`
}
CloudflareCredentialsList contains a list of CloudflareCredentials
func (*CloudflareCredentialsList) DeepCopy ¶ added in v0.17.0
func (in *CloudflareCredentialsList) DeepCopy() *CloudflareCredentialsList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsList.
func (*CloudflareCredentialsList) DeepCopyInto ¶ added in v0.17.0
func (in *CloudflareCredentialsList) DeepCopyInto(out *CloudflareCredentialsList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CloudflareCredentialsList) DeepCopyObject ¶ added in v0.17.0
func (in *CloudflareCredentialsList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CloudflareCredentialsRef ¶ added in v0.17.0
type CloudflareCredentialsRef struct {
// Name of the CloudflareCredentials resource to use
// +kubebuilder:validation:Required
Name string `json:"name"`
}
CloudflareCredentialsRef references a CloudflareCredentials resource
func (*CloudflareCredentialsRef) DeepCopy ¶ added in v0.17.0
func (in *CloudflareCredentialsRef) DeepCopy() *CloudflareCredentialsRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsRef.
func (*CloudflareCredentialsRef) DeepCopyInto ¶ added in v0.17.0
func (in *CloudflareCredentialsRef) DeepCopyInto(out *CloudflareCredentialsRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudflareCredentialsSpec ¶ added in v0.17.0
type CloudflareCredentialsSpec struct {
// AccountID is the Cloudflare Account ID
// +kubebuilder:validation:Required
AccountID string `json:"accountId"`
// AccountName is an optional human-readable account name (for reference only)
// +kubebuilder:validation:Optional
AccountName string `json:"accountName,omitempty"`
// AuthType specifies the authentication method
// +kubebuilder:validation:Required
// +kubebuilder:default:="apiToken"
AuthType CloudflareAuthType `json:"authType"`
// SecretRef references the secret containing the API credentials
// +kubebuilder:validation:Required
SecretRef SecretReference `json:"secretRef"`
// DefaultDomain is the default domain for resources using these credentials
// +kubebuilder:validation:Optional
DefaultDomain string `json:"defaultDomain,omitempty"`
// IsDefault marks this as the default credentials for resources that don't specify credentials
// Only one CloudflareCredentials can be marked as default
// +kubebuilder:validation:Optional
// +kubebuilder:default:=false
IsDefault bool `json:"isDefault,omitempty"`
}
CloudflareCredentialsSpec defines the desired state of CloudflareCredentials
func (*CloudflareCredentialsSpec) DeepCopy ¶ added in v0.17.0
func (in *CloudflareCredentialsSpec) DeepCopy() *CloudflareCredentialsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsSpec.
func (*CloudflareCredentialsSpec) DeepCopyInto ¶ added in v0.17.0
func (in *CloudflareCredentialsSpec) DeepCopyInto(out *CloudflareCredentialsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudflareCredentialsStatus ¶ added in v0.17.0
type CloudflareCredentialsStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the credentials
// +optional
State string `json:"state,omitempty"`
// Validated indicates whether the credentials have been validated
// +optional
Validated bool `json:"validated,omitempty"`
// LastValidatedTime is the last time credentials were validated
// +optional
LastValidatedTime *metav1.Time `json:"lastValidatedTime,omitempty"`
// AccountName is the account name retrieved from Cloudflare API
// +optional
AccountName string `json:"accountName,omitempty"`
}
CloudflareCredentialsStatus defines the observed state of CloudflareCredentials
func (*CloudflareCredentialsStatus) DeepCopy ¶ added in v0.17.0
func (in *CloudflareCredentialsStatus) DeepCopy() *CloudflareCredentialsStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareCredentialsStatus.
func (*CloudflareCredentialsStatus) DeepCopyInto ¶ added in v0.17.0
func (in *CloudflareCredentialsStatus) DeepCopyInto(out *CloudflareCredentialsStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudflareDetails ¶
type CloudflareDetails struct {
// +kubebuilder:validation:Optional
// CredentialsRef references a CloudflareCredentials resource for API authentication.
// When specified, this takes precedence over inline credential fields.
// This is the recommended way to configure credentials.
CredentialsRef *CloudflareCredentialsRef `json:"credentialsRef,omitempty"`
// +kubebuilder:validation:Optional
// Cloudflare Domain to which this tunnel belongs to.
// Required if not using credentialsRef with a defaultDomain.
Domain string `json:"domain,omitempty"`
// +kubebuilder:validation:Optional
// ZoneId is the Cloudflare Zone ID for DNS operations.
// If not specified, it will be looked up via CloudflareDomain or the domain field.
// Specifying this directly is useful for multi-zone scenarios.
ZoneId string `json:"zoneId,omitempty"`
// +kubebuilder:validation:Optional
// Secret containing Cloudflare API key/token (legacy, use credentialsRef instead)
Secret string `json:"secret,omitempty"`
// +kubebuilder:validation:Optional
// Account Name in Cloudflare. AccountName and AccountId cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
AccountName string `json:"accountName,omitempty"`
// +kubebuilder:validation:Optional
// Account ID in Cloudflare. AccountId and AccountName cannot be both empty. If both are provided, Account ID is used if valid, else falls back to Account Name.
AccountId string `json:"accountId,omitempty"`
// +kubebuilder:validation:Optional
// Email to use along with API Key for Delete operations for new tunnels only, or as an alternate to API Token
Email string `json:"email,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:=CLOUDFLARE_API_KEY
// Key in the secret to use for Cloudflare API Key, defaults to CLOUDFLARE_API_KEY. Needs Email also to be provided.
// For Delete operations for new tunnels only, or as an alternate to API Token
CLOUDFLARE_API_KEY string `json:"CLOUDFLARE_API_KEY,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:=CLOUDFLARE_API_TOKEN
// Key in the secret to use for Cloudflare API token, defaults to CLOUDFLARE_API_TOKEN
CLOUDFLARE_API_TOKEN string `json:"CLOUDFLARE_API_TOKEN,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
// Key in the secret to use as credentials.json for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE
CLOUDFLARE_TUNNEL_CREDENTIAL_FILE string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_FILE,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:=CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
// Key in the secret to use as tunnel secret for an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET
CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET string `json:"CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET,omitempty"`
}
CloudflareDetails spec contains all the necessary parameters needed to connect to the Cloudflare API. You can either use credentialsRef to reference a global CloudflareCredentials resource, or specify inline credentials using the legacy fields (secret, accountId, etc.)
func (*CloudflareDetails) DeepCopy ¶
func (in *CloudflareDetails) DeepCopy() *CloudflareDetails
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDetails.
func (*CloudflareDetails) DeepCopyInto ¶
func (in *CloudflareDetails) DeepCopyInto(out *CloudflareDetails)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudflareDomain ¶ added in v0.19.0
type CloudflareDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CloudflareDomainSpec `json:"spec,omitempty"`
Status CloudflareDomainStatus `json:"status,omitempty"`
}
CloudflareDomain represents a domain managed in Cloudflare. It provides zone information (Zone ID) for DNS operations across all CRDs. The controller verifies the domain exists in Cloudflare and caches the Zone ID.
DomainResolver uses CloudflareDomain resources to match hostnames to zones: - Exact match: hostname equals domain - Suffix match: hostname ends with ".domain" (longest suffix wins)
Example: For hostname "api.staging.example.com": - CloudflareDomain "example.com" matches (suffix) - CloudflareDomain "staging.example.com" matches better (longer suffix)
func (*CloudflareDomain) DeepCopy ¶ added in v0.19.0
func (in *CloudflareDomain) DeepCopy() *CloudflareDomain
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomain.
func (*CloudflareDomain) DeepCopyInto ¶ added in v0.19.0
func (in *CloudflareDomain) DeepCopyInto(out *CloudflareDomain)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CloudflareDomain) DeepCopyObject ¶ added in v0.19.0
func (in *CloudflareDomain) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CloudflareDomainList ¶ added in v0.19.0
type CloudflareDomainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []CloudflareDomain `json:"items"`
}
CloudflareDomainList contains a list of CloudflareDomain
func (*CloudflareDomainList) DeepCopy ¶ added in v0.19.0
func (in *CloudflareDomainList) DeepCopy() *CloudflareDomainList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainList.
func (*CloudflareDomainList) DeepCopyInto ¶ added in v0.19.0
func (in *CloudflareDomainList) DeepCopyInto(out *CloudflareDomainList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CloudflareDomainList) DeepCopyObject ¶ added in v0.19.0
func (in *CloudflareDomainList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CloudflareDomainSpec ¶ added in v0.19.0
type CloudflareDomainSpec struct {
// Domain is the domain name (e.g., "example.com")
// This should be the apex domain registered in Cloudflare
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$`
Domain string `json:"domain"`
// CredentialsRef references a CloudflareCredentials resource for API access.
// If not specified, the default CloudflareCredentials will be used.
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
// IsDefault marks this domain as the default for resources that don't specify a domain.
// Only one CloudflareDomain can be marked as default.
// When multiple hostnames need zone lookup, the longest suffix match is used.
// +kubebuilder:validation:Optional
// +kubebuilder:default:=false
IsDefault bool `json:"isDefault,omitempty"`
// ZoneID allows manual specification of the Cloudflare Zone ID.
// If provided, the controller will skip zone lookup and use this value directly.
// This is useful for advanced scenarios or when automatic lookup fails.
// +kubebuilder:validation:Optional
ZoneID string `json:"zoneId,omitempty"`
// SSL configures SSL/TLS settings for this domain
// +kubebuilder:validation:Optional
SSL *SSLConfig `json:"ssl,omitempty"`
// Cache configures caching settings for this domain
// +kubebuilder:validation:Optional
Cache *CacheConfig `json:"cache,omitempty"`
// Security configures security settings for this domain
// +kubebuilder:validation:Optional
Security *SecurityConfig `json:"security,omitempty"`
// Performance configures performance settings for this domain
// +kubebuilder:validation:Optional
Performance *PerformanceConfig `json:"performance,omitempty"`
}
CloudflareDomainSpec defines the desired state of CloudflareDomain
func (*CloudflareDomainSpec) DeepCopy ¶ added in v0.19.0
func (in *CloudflareDomainSpec) DeepCopy() *CloudflareDomainSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainSpec.
func (*CloudflareDomainSpec) DeepCopyInto ¶ added in v0.19.0
func (in *CloudflareDomainSpec) DeepCopyInto(out *CloudflareDomainSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudflareDomainState ¶ added in v0.19.0
type CloudflareDomainState string
CloudflareDomainState represents the state of the CloudflareDomain +kubebuilder:validation:Enum=Pending;Verifying;Ready;Error
const ( // CloudflareDomainStatePending means the domain is waiting to be verified CloudflareDomainStatePending CloudflareDomainState = "Pending" // CloudflareDomainStateVerifying means the domain is being verified with Cloudflare API CloudflareDomainStateVerifying CloudflareDomainState = "Verifying" // CloudflareDomainStateReady means the domain has been verified and is ready to use CloudflareDomainStateReady CloudflareDomainState = "Ready" // CloudflareDomainStateError means there was an error verifying the domain CloudflareDomainStateError CloudflareDomainState = "Error" )
type CloudflareDomainStatus ¶ added in v0.19.0
type CloudflareDomainStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the domain
// +optional
State CloudflareDomainState `json:"state,omitempty"`
// ZoneID is the Cloudflare Zone ID for this domain
// +optional
ZoneID string `json:"zoneId,omitempty"`
// ZoneName is the zone name as returned by Cloudflare API
// +optional
ZoneName string `json:"zoneName,omitempty"`
// AccountID is the Cloudflare Account ID associated with this zone
// +optional
AccountID string `json:"accountId,omitempty"`
// NameServers are the Cloudflare name servers for this zone
// +optional
NameServers []string `json:"nameServers,omitempty"`
// ZoneStatus is the status of the zone in Cloudflare (active, pending, etc.)
// +optional
ZoneStatus string `json:"zoneStatus,omitempty"`
// LastVerifiedTime is the last time the zone was verified with Cloudflare API
// +optional
LastVerifiedTime *metav1.Time `json:"lastVerifiedTime,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
// ConfigSyncStatus represents the sync status of zone settings
// +optional
ConfigSyncStatus *ConfigSyncStatus `json:"configSyncStatus,omitempty"`
}
CloudflareDomainStatus defines the observed state of CloudflareDomain
func (*CloudflareDomainStatus) DeepCopy ¶ added in v0.19.0
func (in *CloudflareDomainStatus) DeepCopy() *CloudflareDomainStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDomainStatus.
func (*CloudflareDomainStatus) DeepCopyInto ¶ added in v0.19.0
func (in *CloudflareDomainStatus) DeepCopyInto(out *CloudflareDomainStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterTunnel ¶
type ClusterTunnel struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TunnelSpec `json:"spec,omitempty"`
Status TunnelStatus `json:"status,omitempty"`
}
ClusterTunnel is the Schema for the clustertunnels API
func (*ClusterTunnel) DeepCopy ¶
func (in *ClusterTunnel) DeepCopy() *ClusterTunnel
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnel.
func (*ClusterTunnel) DeepCopyInto ¶
func (in *ClusterTunnel) DeepCopyInto(out *ClusterTunnel)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterTunnel) DeepCopyObject ¶
func (in *ClusterTunnel) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterTunnelList ¶
type ClusterTunnelList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterTunnel `json:"items"`
}
ClusterTunnelList contains a list of ClusterTunnel
func (*ClusterTunnelList) DeepCopy ¶
func (in *ClusterTunnelList) DeepCopy() *ClusterTunnelList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTunnelList.
func (*ClusterTunnelList) DeepCopyInto ¶
func (in *ClusterTunnelList) DeepCopyInto(out *ClusterTunnelList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterTunnelList) DeepCopyObject ¶
func (in *ClusterTunnelList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ConfigMapKeyRef ¶
type ConfigMapKeyRef struct {
// Name is the ConfigMap name.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the ConfigMap.
// +kubebuilder:validation:Required
Key string `json:"key"`
// Namespace is the ConfigMap namespace.
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
}
ConfigMapKeyRef references a key in a ConfigMap.
func (*ConfigMapKeyRef) DeepCopy ¶
func (in *ConfigMapKeyRef) DeepCopy() *ConfigMapKeyRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapKeyRef.
func (*ConfigMapKeyRef) DeepCopyInto ¶
func (in *ConfigMapKeyRef) DeepCopyInto(out *ConfigMapKeyRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigSyncState ¶ added in v0.20.0
type ConfigSyncState string
ConfigSyncState represents the sync state of a configuration section +kubebuilder:validation:Enum=Synced;Syncing;Error;Unknown
const ( ConfigSyncStateSynced ConfigSyncState = "Synced" ConfigSyncStateSyncing ConfigSyncState = "Syncing" ConfigSyncStateError ConfigSyncState = "Error" ConfigSyncStateUnknown ConfigSyncState = "Unknown" )
type ConfigSyncStatus ¶ added in v0.20.0
type ConfigSyncStatus struct {
// SSL sync status
// +kubebuilder:validation:Optional
SSL ConfigSyncState `json:"ssl,omitempty"`
// Cache sync status
// +kubebuilder:validation:Optional
Cache ConfigSyncState `json:"cache,omitempty"`
// Security sync status
// +kubebuilder:validation:Optional
Security ConfigSyncState `json:"security,omitempty"`
// Performance sync status
// +kubebuilder:validation:Optional
Performance ConfigSyncState `json:"performance,omitempty"`
// LastSyncTime is the last time any configuration was synced
// +kubebuilder:validation:Optional
LastSyncTime *string `json:"lastSyncTime,omitempty"`
// ErrorMessage contains error details if any sync failed
// +kubebuilder:validation:Optional
ErrorMessage string `json:"errorMessage,omitempty"`
}
ConfigSyncStatus represents the sync status of all configuration sections
func (*ConfigSyncStatus) DeepCopy ¶ added in v0.20.0
func (in *ConfigSyncStatus) DeepCopy() *ConfigSyncStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSyncStatus.
func (*ConfigSyncStatus) DeepCopyInto ¶ added in v0.20.0
func (in *ConfigSyncStatus) DeepCopyInto(out *ConfigSyncStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CredentialsReference ¶ added in v0.19.0
type CredentialsReference struct {
// Name of the CloudflareCredentials resource
// +kubebuilder:validation:Required
Name string `json:"name"`
}
CredentialsReference references a CloudflareCredentials resource
func (*CredentialsReference) DeepCopy ¶ added in v0.19.0
func (in *CredentialsReference) DeepCopy() *CredentialsReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsReference.
func (*CredentialsReference) DeepCopyInto ¶ added in v0.19.0
func (in *CredentialsReference) DeepCopyInto(out *CredentialsReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomCertificateSettings ¶
type CustomCertificateSettings struct {
Enabled bool `json:"enabled"`
ID string `json:"id,omitempty"`
}
CustomCertificateSettings for custom CA.
func (*CustomCertificateSettings) DeepCopy ¶
func (in *CustomCertificateSettings) DeepCopy() *CustomCertificateSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificateSettings.
func (*CustomCertificateSettings) DeepCopyInto ¶
func (in *CustomCertificateSettings) DeepCopyInto(out *CustomCertificateSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSManagementMode ¶ added in v0.18.1
type DNSManagementMode string
DNSManagementMode defines how DNS records are managed for Ingresses +kubebuilder:validation:Enum=Automatic;Manual;DNSRecord
const ( // DNSManagementAutomatic - Controller creates CNAME records directly via Cloudflare API DNSManagementAutomatic DNSManagementMode = "Automatic" // DNSManagementManual - User manages DNS records externally (compatible with external-dns) DNSManagementManual DNSManagementMode = "Manual" // DNSManagementDNSRecord - Controller creates DNSRecord CRDs for each hostname DNSManagementDNSRecord DNSManagementMode = "DNSRecord" )
type DNSRecord ¶
type DNSRecord struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DNSRecordSpec `json:"spec,omitempty"`
Status DNSRecordStatus `json:"status,omitempty"`
}
DNSRecord is the Schema for the dnsrecords API.
func (*DNSRecord) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecord.
func (*DNSRecord) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DNSRecord) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DNSRecordData ¶
type DNSRecordData struct {
// For SRV records
// +kubebuilder:validation:Optional
Service string `json:"service,omitempty"`
// +kubebuilder:validation:Optional
Proto string `json:"proto,omitempty"`
// +kubebuilder:validation:Optional
Weight int `json:"weight,omitempty"`
// +kubebuilder:validation:Optional
Port int `json:"port,omitempty"`
// +kubebuilder:validation:Optional
Target string `json:"target,omitempty"`
// For CAA records
// +kubebuilder:validation:Optional
Flags int `json:"flags,omitempty"`
// +kubebuilder:validation:Optional
Tag string `json:"tag,omitempty"`
// +kubebuilder:validation:Optional
Value string `json:"value,omitempty"`
// For CERT/SSHFP/TLSA records
// +kubebuilder:validation:Optional
Algorithm int `json:"algorithm,omitempty"`
// +kubebuilder:validation:Optional
Certificate string `json:"certificate,omitempty"`
// +kubebuilder:validation:Optional
KeyTag int `json:"keyTag,omitempty"`
// +kubebuilder:validation:Optional
Usage int `json:"usage,omitempty"`
// +kubebuilder:validation:Optional
Selector int `json:"selector,omitempty"`
// +kubebuilder:validation:Optional
MatchingType int `json:"matchingType,omitempty"`
// For LOC records
// +kubebuilder:validation:Optional
LatDegrees int `json:"latDegrees,omitempty"`
// +kubebuilder:validation:Optional
LatMinutes int `json:"latMinutes,omitempty"`
// +kubebuilder:validation:Optional
LatSeconds string `json:"latSeconds,omitempty"`
// +kubebuilder:validation:Optional
LatDirection string `json:"latDirection,omitempty"`
// +kubebuilder:validation:Optional
LongDegrees int `json:"longDegrees,omitempty"`
// +kubebuilder:validation:Optional
LongMinutes int `json:"longMinutes,omitempty"`
// +kubebuilder:validation:Optional
LongSeconds string `json:"longSeconds,omitempty"`
// +kubebuilder:validation:Optional
LongDirection string `json:"longDirection,omitempty"`
// +kubebuilder:validation:Optional
Altitude string `json:"altitude,omitempty"`
// +kubebuilder:validation:Optional
Size string `json:"size,omitempty"`
// +kubebuilder:validation:Optional
PrecisionHorz string `json:"precisionHorz,omitempty"`
// +kubebuilder:validation:Optional
PrecisionVert string `json:"precisionVert,omitempty"`
// For URI records
// +kubebuilder:validation:Optional
ContentURI string `json:"content,omitempty"`
}
DNSRecordData contains type-specific record data.
func (*DNSRecordData) DeepCopy ¶
func (in *DNSRecordData) DeepCopy() *DNSRecordData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordData.
func (*DNSRecordData) DeepCopyInto ¶
func (in *DNSRecordData) DeepCopyInto(out *DNSRecordData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSRecordList ¶
type DNSRecordList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []DNSRecord `json:"items"`
}
DNSRecordList contains a list of DNSRecord
func (*DNSRecordList) DeepCopy ¶
func (in *DNSRecordList) DeepCopy() *DNSRecordList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordList.
func (*DNSRecordList) DeepCopyInto ¶
func (in *DNSRecordList) DeepCopyInto(out *DNSRecordList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DNSRecordList) DeepCopyObject ¶
func (in *DNSRecordList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DNSRecordSpec ¶
type DNSRecordSpec struct {
// Name is the DNS record name (e.g., "www" or "www.example.com").
// +kubebuilder:validation:Required
// +kubebuilder:validation:MaxLength=255
Name string `json:"name"`
// Type is the DNS record type.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=A;AAAA;CNAME;TXT;MX;NS;SRV;CAA;CERT;DNSKEY;DS;HTTPS;LOC;NAPTR;SMIMEA;SSHFP;SVCB;TLSA;URI
Type string `json:"type"`
// Content is the record content/value.
// +kubebuilder:validation:Required
Content string `json:"content"`
// TTL is the Time To Live (1 = automatic).
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
// +kubebuilder:default=1
TTL int `json:"ttl,omitempty"`
// Proxied enables Cloudflare proxy for this record.
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Proxied bool `json:"proxied,omitempty"`
// Priority for MX/SRV records.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=65535
Priority *int `json:"priority,omitempty"`
// Comment is an optional comment.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=100
Comment string `json:"comment,omitempty"`
// Tags for the record.
// +kubebuilder:validation:Optional
Tags []string `json:"tags,omitempty"`
// Data contains additional record-specific data (for SRV, CAA, etc.).
// +kubebuilder:validation:Optional
Data *DNSRecordData `json:"data,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
DNSRecordSpec defines the desired state of DNSRecord
func (*DNSRecordSpec) DeepCopy ¶
func (in *DNSRecordSpec) DeepCopy() *DNSRecordSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordSpec.
func (*DNSRecordSpec) DeepCopyInto ¶
func (in *DNSRecordSpec) DeepCopyInto(out *DNSRecordSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSRecordStatus ¶
type DNSRecordStatus struct {
// RecordID is the Cloudflare DNS Record ID.
// +kubebuilder:validation:Optional
RecordID string `json:"recordId,omitempty"`
// ZoneID is the Cloudflare Zone ID.
// +kubebuilder:validation:Optional
ZoneID string `json:"zoneId,omitempty"`
// FQDN is the fully qualified domain name.
// +kubebuilder:validation:Optional
FQDN string `json:"fqdn,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
DNSRecordStatus defines the observed state
func (*DNSRecordStatus) DeepCopy ¶
func (in *DNSRecordStatus) DeepCopy() *DNSRecordStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSRecordStatus.
func (*DNSRecordStatus) DeepCopyInto ¶
func (in *DNSRecordStatus) DeepCopyInto(out *DNSRecordStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSResolverEntry ¶ added in v0.21.1
type DNSResolverEntry struct {
// IP is the resolver IP address.
IP string `json:"ip"`
// Port is the resolver port.
// +kubebuilder:validation:Optional
Port int `json:"port,omitempty"`
// VNetID is the virtual network ID.
// +kubebuilder:validation:Optional
VNetID string `json:"vnetId,omitempty"`
// RouteThroughPrivateNetwork routes through private network.
// +kubebuilder:validation:Optional
RouteThroughPrivateNetwork *bool `json:"routeThroughPrivateNetwork,omitempty"`
}
DNSResolverEntry for custom DNS resolver.
func (*DNSResolverEntry) DeepCopy ¶ added in v0.21.1
func (in *DNSResolverEntry) DeepCopy() *DNSResolverEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSResolverEntry.
func (*DNSResolverEntry) DeepCopyInto ¶ added in v0.21.1
func (in *DNSResolverEntry) DeepCopyInto(out *DNSResolverEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSResolversSettings ¶ added in v0.21.1
type DNSResolversSettings struct {
// IPv4 resolvers.
// +kubebuilder:validation:Optional
IPv4 []DNSResolverEntry `json:"ipv4,omitempty"`
// IPv6 resolvers.
// +kubebuilder:validation:Optional
IPv6 []DNSResolverEntry `json:"ipv6,omitempty"`
}
DNSResolversSettings contains IPv4 and IPv6 DNS resolvers.
func (*DNSResolversSettings) DeepCopy ¶ added in v0.21.1
func (in *DNSResolversSettings) DeepCopy() *DNSResolversSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSResolversSettings.
func (*DNSResolversSettings) DeepCopyInto ¶ added in v0.21.1
func (in *DNSResolversSettings) DeepCopyInto(out *DNSResolversSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DevicePostureInput ¶
type DevicePostureInput struct {
// ID is a generic identifier for integrations.
// +kubebuilder:validation:Optional
ID string `json:"id,omitempty"`
// Path is the file path to check.
// +kubebuilder:validation:Optional
Path string `json:"path,omitempty"`
// Exists checks if file exists.
// +kubebuilder:validation:Optional
Exists *bool `json:"exists,omitempty"`
// Sha256 is the expected file hash.
// +kubebuilder:validation:Optional
Sha256 string `json:"sha256,omitempty"`
// Thumbprint is the certificate thumbprint.
// +kubebuilder:validation:Optional
Thumbprint string `json:"thumbprint,omitempty"`
// Running checks if application is running.
// +kubebuilder:validation:Optional
Running *bool `json:"running,omitempty"`
// RequireAll requires all conditions to match.
// +kubebuilder:validation:Optional
RequireAll *bool `json:"requireAll,omitempty"`
// Enabled checks if feature is enabled.
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty"`
// Version is the minimum version.
// +kubebuilder:validation:Optional
Version string `json:"version,omitempty"`
// Operator is the version comparison operator.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=<;<=;>;>=;==
Operator string `json:"operator,omitempty"`
// Domain is the expected domain for domain-joined checks.
// +kubebuilder:validation:Optional
Domain string `json:"domain,omitempty"`
// ComplianceStatus is the Intune compliance status.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=compliant;noncompliant;unknown;notapplicable;ingraceperiod;error
ComplianceStatus string `json:"complianceStatus,omitempty"`
// ConnectionID is the third-party integration connection ID.
// +kubebuilder:validation:Optional
ConnectionID string `json:"connectionId,omitempty"`
// LastSeen is the maximum time since device was last seen.
// +kubebuilder:validation:Optional
LastSeen string `json:"lastSeen,omitempty"`
// EidLastSeen is for enterprise ID last seen time.
// +kubebuilder:validation:Optional
EidLastSeen string `json:"eidLastSeen,omitempty"`
// ActiveThreats is the maximum active threat count.
// +kubebuilder:validation:Optional
ActiveThreats *int `json:"activeThreats,omitempty"`
// Infected checks if device is infected.
// +kubebuilder:validation:Optional
Infected *bool `json:"infected,omitempty"`
// IsActive checks if the device is active.
// +kubebuilder:validation:Optional
IsActive *bool `json:"isActive,omitempty"`
// NetworkStatus checks for network connection.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=connected;disconnected;disconnecting;connecting
NetworkStatus string `json:"networkStatus,omitempty"`
// SensorConfig checks sensor configuration.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=active;disabled;not_configured
SensorConfig string `json:"sensorConfig,omitempty"`
// VersionOperator for CrowdStrike version checks.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=<;<=;>;>=;==
VersionOperator string `json:"versionOperator,omitempty"`
// CountOperator for count comparisons.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=<;<=;>;>=;==
CountOperator string `json:"countOperator,omitempty"`
// ScoreOperator for score comparisons.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=<;<=;>;>=;==
ScoreOperator string `json:"scoreOperator,omitempty"`
// IssueCount is the number of issues for SentinelOne.
// +kubebuilder:validation:Optional
IssueCount *int `json:"issueCount,omitempty"`
// Score for risk/posture scoring.
// +kubebuilder:validation:Optional
Score *int `json:"score,omitempty"`
// TotalScore for total risk scoring.
// +kubebuilder:validation:Optional
TotalScore *int `json:"totalScore,omitempty"`
// RiskLevel for risk assessment.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=low;medium;high;critical
RiskLevel string `json:"riskLevel,omitempty"`
// Overall risk assessment.
// +kubebuilder:validation:Optional
Overall string `json:"overall,omitempty"`
// State for device state checks.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// OperationalState for device operational state.
// +kubebuilder:validation:Optional
OperationalState string `json:"operationalState,omitempty"`
// OSDistroName is the OS distribution name.
// +kubebuilder:validation:Optional
OSDistroName string `json:"osDistroName,omitempty"`
// OSDistroRevision is the OS distribution revision.
// +kubebuilder:validation:Optional
OSDistroRevision string `json:"osDistroRevision,omitempty"`
// OSVersionExtra for additional OS version info.
// +kubebuilder:validation:Optional
OSVersionExtra string `json:"osVersionExtra,omitempty"`
// OS for operating system checks.
// +kubebuilder:validation:Optional
OS string `json:"os,omitempty"`
// OperatingSystem for operating system name.
// +kubebuilder:validation:Optional
OperatingSystem string `json:"operatingSystem,omitempty"`
// CertificateID for client certificate checks.
// +kubebuilder:validation:Optional
CertificateID string `json:"certificateId,omitempty"`
// CommonName (CN) for client certificate checks.
// +kubebuilder:validation:Optional
CommonName string `json:"commonName,omitempty"`
// Cn is an alias for CommonName.
// +kubebuilder:validation:Optional
Cn string `json:"cn,omitempty"`
// CheckPrivateKey checks if private key is present.
// +kubebuilder:validation:Optional
CheckPrivateKey *bool `json:"checkPrivateKey,omitempty"`
// ExtendedKeyUsage for certificate key usage.
// +kubebuilder:validation:Optional
ExtendedKeyUsage []string `json:"extendedKeyUsage,omitempty"`
// Locations for location-based checks.
// +kubebuilder:validation:Optional
Locations []DevicePostureLocation `json:"locations,omitempty"`
// CheckDisks specifies which disks to check encryption.
// +kubebuilder:validation:Optional
CheckDisks []string `json:"checkDisks,omitempty"`
}
DevicePostureInput contains rule-specific input.
func (*DevicePostureInput) DeepCopy ¶
func (in *DevicePostureInput) DeepCopy() *DevicePostureInput
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureInput.
func (*DevicePostureInput) DeepCopyInto ¶
func (in *DevicePostureInput) DeepCopyInto(out *DevicePostureInput)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DevicePostureLocation ¶ added in v0.21.1
type DevicePostureLocation struct {
// Paths for location paths.
// +kubebuilder:validation:Optional
Paths []string `json:"paths,omitempty"`
// TrustStores for trust store locations.
// +kubebuilder:validation:Optional
TrustStores []string `json:"trustStores,omitempty"`
}
DevicePostureLocation for location-based posture checks.
func (*DevicePostureLocation) DeepCopy ¶ added in v0.21.1
func (in *DevicePostureLocation) DeepCopy() *DevicePostureLocation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureLocation.
func (*DevicePostureLocation) DeepCopyInto ¶ added in v0.21.1
func (in *DevicePostureLocation) DeepCopyInto(out *DevicePostureLocation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DevicePostureMatch ¶
type DevicePostureMatch struct {
// Platform is the OS platform.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=windows;mac;linux;android;ios;chromeos
Platform string `json:"platform,omitempty"`
}
DevicePostureMatch defines platform matching.
func (*DevicePostureMatch) DeepCopy ¶
func (in *DevicePostureMatch) DeepCopy() *DevicePostureMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureMatch.
func (*DevicePostureMatch) DeepCopyInto ¶
func (in *DevicePostureMatch) DeepCopyInto(out *DevicePostureMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DevicePostureRule ¶
type DevicePostureRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DevicePostureRuleSpec `json:"spec,omitempty"`
Status DevicePostureRuleStatus `json:"status,omitempty"`
}
DevicePostureRule is the Schema for the deviceposturerules API.
func (*DevicePostureRule) DeepCopy ¶
func (in *DevicePostureRule) DeepCopy() *DevicePostureRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRule.
func (*DevicePostureRule) DeepCopyInto ¶
func (in *DevicePostureRule) DeepCopyInto(out *DevicePostureRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DevicePostureRule) DeepCopyObject ¶
func (in *DevicePostureRule) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*DevicePostureRule) GetRuleName ¶
func (d *DevicePostureRule) GetRuleName() string
GetRuleName returns the name to use in Cloudflare.
type DevicePostureRuleList ¶
type DevicePostureRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []DevicePostureRule `json:"items"`
}
DevicePostureRuleList contains a list of DevicePostureRule
func (*DevicePostureRuleList) DeepCopy ¶
func (in *DevicePostureRuleList) DeepCopy() *DevicePostureRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleList.
func (*DevicePostureRuleList) DeepCopyInto ¶
func (in *DevicePostureRuleList) DeepCopyInto(out *DevicePostureRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DevicePostureRuleList) DeepCopyObject ¶
func (in *DevicePostureRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DevicePostureRuleSpec ¶
type DevicePostureRuleSpec struct {
// Name of the Device Posture Rule in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Type is the posture rule type.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=file;application;serial_number;tanium;gateway;warp;disk_encryption;sentinelone;carbonblack;firewall;os_version;domain_joined;client_certificate;client_certificate_v2;unique_client_id;kolide;tanium_s2s;crowdstrike_s2s;sentinelone_s2s;intune;workspace_one;custom_s2s
Type string `json:"type"`
// Description is a human-readable description.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=1000
Description string `json:"description,omitempty"`
// Schedule determines how often the rule is evaluated.
// +kubebuilder:validation:Optional
Schedule string `json:"schedule,omitempty"`
// Expiration is when the rule expires.
// +kubebuilder:validation:Optional
Expiration string `json:"expiration,omitempty"`
// Match defines which devices this rule applies to.
// +kubebuilder:validation:Optional
Match []DevicePostureMatch `json:"match,omitempty"`
// Input contains the rule-specific configuration.
// +kubebuilder:validation:Optional
Input *DevicePostureInput `json:"input,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
DevicePostureRuleSpec defines the desired state of DevicePostureRule
func (*DevicePostureRuleSpec) DeepCopy ¶
func (in *DevicePostureRuleSpec) DeepCopy() *DevicePostureRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleSpec.
func (*DevicePostureRuleSpec) DeepCopyInto ¶
func (in *DevicePostureRuleSpec) DeepCopyInto(out *DevicePostureRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DevicePostureRuleStatus ¶
type DevicePostureRuleStatus struct {
// RuleID is the Cloudflare Device Posture Rule ID.
// +kubebuilder:validation:Optional
RuleID string `json:"ruleId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
DevicePostureRuleStatus defines the observed state
func (*DevicePostureRuleStatus) DeepCopy ¶
func (in *DevicePostureRuleStatus) DeepCopy() *DevicePostureRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicePostureRuleStatus.
func (*DevicePostureRuleStatus) DeepCopyInto ¶
func (in *DevicePostureRuleStatus) DeepCopyInto(out *DevicePostureRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DeviceSettingsPolicy ¶
type DeviceSettingsPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DeviceSettingsPolicySpec `json:"spec,omitempty"`
Status DeviceSettingsPolicyStatus `json:"status,omitempty"`
}
DeviceSettingsPolicy is the Schema for the devicesettingspolicies API. A DeviceSettingsPolicy configures WARP client device settings including split tunnel rules and fallback domains for an account.
func (*DeviceSettingsPolicy) DeepCopy ¶
func (in *DeviceSettingsPolicy) DeepCopy() *DeviceSettingsPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicy.
func (*DeviceSettingsPolicy) DeepCopyInto ¶
func (in *DeviceSettingsPolicy) DeepCopyInto(out *DeviceSettingsPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DeviceSettingsPolicy) DeepCopyObject ¶
func (in *DeviceSettingsPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DeviceSettingsPolicyList ¶
type DeviceSettingsPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []DeviceSettingsPolicy `json:"items"`
}
DeviceSettingsPolicyList contains a list of DeviceSettingsPolicy
func (*DeviceSettingsPolicyList) DeepCopy ¶
func (in *DeviceSettingsPolicyList) DeepCopy() *DeviceSettingsPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyList.
func (*DeviceSettingsPolicyList) DeepCopyInto ¶
func (in *DeviceSettingsPolicyList) DeepCopyInto(out *DeviceSettingsPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DeviceSettingsPolicyList) DeepCopyObject ¶
func (in *DeviceSettingsPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DeviceSettingsPolicySpec ¶
type DeviceSettingsPolicySpec struct {
// SplitTunnelMode determines how split tunneling is configured.
// "exclude" means traffic to listed addresses bypasses the tunnel (default WARP behavior).
// "include" means only traffic to listed addresses goes through the tunnel.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=exclude;include
// +kubebuilder:default=exclude
SplitTunnelMode string `json:"splitTunnelMode,omitempty"`
// SplitTunnelExclude lists addresses/hosts to exclude from the tunnel.
// Only used when SplitTunnelMode is "exclude".
// +kubebuilder:validation:Optional
SplitTunnelExclude []SplitTunnelEntry `json:"splitTunnelExclude,omitempty"`
// SplitTunnelInclude lists addresses/hosts to include in the tunnel.
// Only used when SplitTunnelMode is "include".
// +kubebuilder:validation:Optional
SplitTunnelInclude []SplitTunnelEntry `json:"splitTunnelInclude,omitempty"`
// FallbackDomains lists domains that should use the specified DNS servers
// instead of Gateway DNS.
// +kubebuilder:validation:Optional
FallbackDomains []FallbackDomainEntry `json:"fallbackDomains,omitempty"`
// AutoPopulateFromRoutes automatically populates split tunnel entries
// from NetworkRoute resources in the cluster.
// +kubebuilder:validation:Optional
AutoPopulateFromRoutes *AutoPopulateConfig `json:"autoPopulateFromRoutes,omitempty"`
// Cloudflare contains the Cloudflare API credentials and account information.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
DeviceSettingsPolicySpec defines the desired state of DeviceSettingsPolicy
func (*DeviceSettingsPolicySpec) DeepCopy ¶
func (in *DeviceSettingsPolicySpec) DeepCopy() *DeviceSettingsPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicySpec.
func (*DeviceSettingsPolicySpec) DeepCopyInto ¶
func (in *DeviceSettingsPolicySpec) DeepCopyInto(out *DeviceSettingsPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DeviceSettingsPolicyStatus ¶
type DeviceSettingsPolicyStatus struct {
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// SplitTunnelExcludeCount is the number of exclude entries configured.
// +kubebuilder:validation:Optional
SplitTunnelExcludeCount int `json:"splitTunnelExcludeCount,omitempty"`
// SplitTunnelIncludeCount is the number of include entries configured.
// +kubebuilder:validation:Optional
SplitTunnelIncludeCount int `json:"splitTunnelIncludeCount,omitempty"`
// FallbackDomainsCount is the number of fallback domain entries configured.
// +kubebuilder:validation:Optional
FallbackDomainsCount int `json:"fallbackDomainsCount,omitempty"`
// AutoPopulatedRoutesCount is the number of routes auto-populated from NetworkRoutes.
// +kubebuilder:validation:Optional
AutoPopulatedRoutesCount int `json:"autoPopulatedRoutesCount,omitempty"`
// State indicates the current state of the policy.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations of the DeviceSettingsPolicy's state.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed by the controller.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
DeviceSettingsPolicyStatus defines the observed state of DeviceSettingsPolicy
func (*DeviceSettingsPolicyStatus) DeepCopy ¶
func (in *DeviceSettingsPolicyStatus) DeepCopy() *DeviceSettingsPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceSettingsPolicyStatus.
func (*DeviceSettingsPolicyStatus) DeepCopyInto ¶
func (in *DeviceSettingsPolicyStatus) DeepCopyInto(out *DeviceSettingsPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DomainConfiguration ¶ added in v0.20.0
type DomainConfiguration struct {
// AutoRenew enables automatic domain renewal
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
AutoRenew bool `json:"autoRenew,omitempty"`
// Privacy enables WHOIS privacy protection
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Privacy bool `json:"privacy,omitempty"`
// Locked prevents unauthorized transfers
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Locked bool `json:"locked,omitempty"`
// NameServers specifies custom nameservers (optional)
// If not specified, Cloudflare nameservers will be used
// +kubebuilder:validation:Optional
NameServers []string `json:"nameServers,omitempty"`
}
DomainConfiguration contains domain configuration settings
func (*DomainConfiguration) DeepCopy ¶ added in v0.20.0
func (in *DomainConfiguration) DeepCopy() *DomainConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainConfiguration.
func (*DomainConfiguration) DeepCopyInto ¶ added in v0.20.0
func (in *DomainConfiguration) DeepCopyInto(out *DomainConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DomainRegistration ¶ added in v0.20.0
type DomainRegistration struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DomainRegistrationSpec `json:"spec,omitempty"`
Status DomainRegistrationStatus `json:"status,omitempty"`
}
DomainRegistration manages Cloudflare Registrar domain settings. This CRD allows you to configure settings for domains registered with Cloudflare Registrar, including auto-renewal, WHOIS privacy, and transfer lock settings.
Note: This CRD manages existing domains registered with Cloudflare. Domain registration itself must be done through the Cloudflare dashboard or API directly due to payment and verification requirements.
Enterprise Feature: Some advanced features like registry lock require an Enterprise plan.
func (*DomainRegistration) DeepCopy ¶ added in v0.20.0
func (in *DomainRegistration) DeepCopy() *DomainRegistration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistration.
func (*DomainRegistration) DeepCopyInto ¶ added in v0.20.0
func (in *DomainRegistration) DeepCopyInto(out *DomainRegistration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DomainRegistration) DeepCopyObject ¶ added in v0.20.0
func (in *DomainRegistration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DomainRegistrationList ¶ added in v0.20.0
type DomainRegistrationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []DomainRegistration `json:"items"`
}
DomainRegistrationList contains a list of DomainRegistration
func (*DomainRegistrationList) DeepCopy ¶ added in v0.20.0
func (in *DomainRegistrationList) DeepCopy() *DomainRegistrationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationList.
func (*DomainRegistrationList) DeepCopyInto ¶ added in v0.20.0
func (in *DomainRegistrationList) DeepCopyInto(out *DomainRegistrationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DomainRegistrationList) DeepCopyObject ¶ added in v0.20.0
func (in *DomainRegistrationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DomainRegistrationSpec ¶ added in v0.20.0
type DomainRegistrationSpec struct {
// DomainName is the domain name to manage
// This domain must already be registered with Cloudflare Registrar
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.[a-zA-Z]{2,}$`
DomainName string `json:"domainName"`
// Configuration contains domain settings
// +kubebuilder:validation:Optional
Configuration *DomainConfiguration `json:"configuration,omitempty"`
// RegistrantContact contains the registrant contact information
// If not specified, existing contact information will be preserved
// +kubebuilder:validation:Optional
RegistrantContact *RegistrantContact `json:"registrantContact,omitempty"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
DomainRegistrationSpec defines the desired state of DomainRegistration
func (*DomainRegistrationSpec) DeepCopy ¶ added in v0.20.0
func (in *DomainRegistrationSpec) DeepCopy() *DomainRegistrationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationSpec.
func (*DomainRegistrationSpec) DeepCopyInto ¶ added in v0.20.0
func (in *DomainRegistrationSpec) DeepCopyInto(out *DomainRegistrationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DomainRegistrationState ¶ added in v0.20.0
type DomainRegistrationState string
DomainRegistrationState represents the state of the domain registration +kubebuilder:validation:Enum=Pending;Syncing;Active;TransferPending;Expired;Error
const ( // DomainRegistrationStatePending means the domain is waiting to be synced DomainRegistrationStatePending DomainRegistrationState = "Pending" // DomainRegistrationStateSyncing means the domain settings are being synced DomainRegistrationStateSyncing DomainRegistrationState = "Syncing" // DomainRegistrationStateActive means the domain is registered and active DomainRegistrationStateActive DomainRegistrationState = "Active" // DomainRegistrationStateTransferPending means a transfer is in progress DomainRegistrationStateTransferPending DomainRegistrationState = "TransferPending" // DomainRegistrationStateExpired means the domain has expired DomainRegistrationStateExpired DomainRegistrationState = "Expired" // DomainRegistrationStateError means there was an error with the domain DomainRegistrationStateError DomainRegistrationState = "Error" )
type DomainRegistrationStatus ¶ added in v0.20.0
type DomainRegistrationStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the domain
// +optional
State DomainRegistrationState `json:"state,omitempty"`
// DomainID is the Cloudflare domain ID
// +optional
DomainID string `json:"domainId,omitempty"`
// CurrentRegistrar is the current registrar name
// +optional
CurrentRegistrar string `json:"currentRegistrar,omitempty"`
// RegistryStatuses contains the registry status codes
// +optional
RegistryStatuses string `json:"registryStatuses,omitempty"`
// ExpiresAt is when the domain registration expires
// +optional
ExpiresAt *metav1.Time `json:"expiresAt,omitempty"`
// CreatedAt is when the domain was registered
// +optional
CreatedAt *metav1.Time `json:"createdAt,omitempty"`
// AutoRenew indicates if auto-renewal is enabled
// +optional
AutoRenew bool `json:"autoRenew,omitempty"`
// Privacy indicates if WHOIS privacy is enabled
// +optional
Privacy bool `json:"privacy,omitempty"`
// Locked indicates if the domain is locked
// +optional
Locked bool `json:"locked,omitempty"`
// TransferInStatus contains transfer status if applicable
// +optional
TransferInStatus string `json:"transferInStatus,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
DomainRegistrationStatus defines the observed state of DomainRegistration
func (*DomainRegistrationStatus) DeepCopy ¶ added in v0.20.0
func (in *DomainRegistrationStatus) DeepCopy() *DomainRegistrationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainRegistrationStatus.
func (*DomainRegistrationStatus) DeepCopyInto ¶ added in v0.20.0
func (in *DomainRegistrationStatus) DeepCopyInto(out *DomainRegistrationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressSettings ¶
type EgressSettings struct {
IPv4 string `json:"ipv4,omitempty"`
IPv6 string `json:"ipv6,omitempty"`
IPv4Fallback string `json:"ipv4Fallback,omitempty"`
}
EgressSettings for egress action.
func (*EgressSettings) DeepCopy ¶
func (in *EgressSettings) DeepCopy() *EgressSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSettings.
func (*EgressSettings) DeepCopyInto ¶
func (in *EgressSettings) DeepCopyInto(out *EgressSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExistingTunnel ¶
type ExistingTunnel struct {
// +kubebuilder:validation:Optional
// Existing Tunnel ID to run on. Tunnel ID and Tunnel Name cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
Id string `json:"id,omitempty"`
// +kubebuilder:validation:Optional
// Existing Tunnel name to run on. Tunnel Name and Tunnel ID cannot be both empty. If both are provided, ID is used if valid, else falls back to Name.
Name string `json:"name,omitempty"`
}
ExistingTunnel spec needs either a Tunnel Id or a Name to find it on Cloudflare.
func (*ExistingTunnel) DeepCopy ¶
func (in *ExistingTunnel) DeepCopy() *ExistingTunnel
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExistingTunnel.
func (*ExistingTunnel) DeepCopyInto ¶
func (in *ExistingTunnel) DeepCopyInto(out *ExistingTunnel)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FIPSSettings ¶
type FIPSSettings struct {
TLS bool `json:"tls,omitempty"`
}
FIPSSettings for FIPS compliance.
func (*FIPSSettings) DeepCopy ¶
func (in *FIPSSettings) DeepCopy() *FIPSSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FIPSSettings.
func (*FIPSSettings) DeepCopyInto ¶
func (in *FIPSSettings) DeepCopyInto(out *FIPSSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FallbackDomainEntry ¶
type FallbackDomainEntry struct {
// Suffix is the domain suffix to match (e.g., "internal.company.com").
// +kubebuilder:validation:Required
Suffix string `json:"suffix"`
// Description is an optional description for this entry.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=200
Description string `json:"description,omitempty"`
// DNSServer is a list of DNS server IPs to use for this domain.
// +kubebuilder:validation:Optional
DNSServer []string `json:"dnsServer,omitempty"`
}
FallbackDomainEntry represents a fallback domain configuration.
func (*FallbackDomainEntry) DeepCopy ¶
func (in *FallbackDomainEntry) DeepCopy() *FallbackDomainEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FallbackDomainEntry.
func (*FallbackDomainEntry) DeepCopyInto ¶
func (in *FallbackDomainEntry) DeepCopyInto(out *FallbackDomainEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FeatureToggle ¶ added in v0.20.0
type FeatureToggle string
FeatureToggle represents on/off toggle settings +kubebuilder:validation:Enum=on;off
const ( FeatureOn FeatureToggle = "on" FeatureOff FeatureToggle = "off" )
type GatewayConfiguration ¶
type GatewayConfiguration struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GatewayConfigurationSpec `json:"spec,omitempty"`
Status GatewayConfigurationStatus `json:"status,omitempty"`
}
GatewayConfiguration is the Schema for the gatewayconfigurations API.
func (*GatewayConfiguration) DeepCopy ¶
func (in *GatewayConfiguration) DeepCopy() *GatewayConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfiguration.
func (*GatewayConfiguration) DeepCopyInto ¶
func (in *GatewayConfiguration) DeepCopyInto(out *GatewayConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayConfiguration) DeepCopyObject ¶
func (in *GatewayConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GatewayConfigurationList ¶
type GatewayConfigurationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []GatewayConfiguration `json:"items"`
}
GatewayConfigurationList contains a list of GatewayConfiguration
func (*GatewayConfigurationList) DeepCopy ¶
func (in *GatewayConfigurationList) DeepCopy() *GatewayConfigurationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationList.
func (*GatewayConfigurationList) DeepCopyInto ¶
func (in *GatewayConfigurationList) DeepCopyInto(out *GatewayConfigurationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayConfigurationList) DeepCopyObject ¶
func (in *GatewayConfigurationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GatewayConfigurationSpec ¶
type GatewayConfigurationSpec struct {
// Settings contains the Gateway configuration settings.
// +kubebuilder:validation:Required
Settings GatewaySettings `json:"settings"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
GatewayConfigurationSpec defines the desired state of GatewayConfiguration
func (*GatewayConfigurationSpec) DeepCopy ¶
func (in *GatewayConfigurationSpec) DeepCopy() *GatewayConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationSpec.
func (*GatewayConfigurationSpec) DeepCopyInto ¶
func (in *GatewayConfigurationSpec) DeepCopyInto(out *GatewayConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayConfigurationStatus ¶
type GatewayConfigurationStatus struct {
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
GatewayConfigurationStatus defines the observed state
func (*GatewayConfigurationStatus) DeepCopy ¶
func (in *GatewayConfigurationStatus) DeepCopy() *GatewayConfigurationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfigurationStatus.
func (*GatewayConfigurationStatus) DeepCopyInto ¶
func (in *GatewayConfigurationStatus) DeepCopyInto(out *GatewayConfigurationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayList ¶
type GatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GatewayListSpec `json:"spec,omitempty"`
Status GatewayListStatus `json:"status,omitempty"`
}
GatewayList is the Schema for the gatewaylists API.
func (*GatewayList) DeepCopy ¶
func (in *GatewayList) DeepCopy() *GatewayList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList.
func (*GatewayList) DeepCopyInto ¶
func (in *GatewayList) DeepCopyInto(out *GatewayList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayList) DeepCopyObject ¶
func (in *GatewayList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*GatewayList) GetGatewayListName ¶
func (g *GatewayList) GetGatewayListName() string
GetGatewayListName returns the name to use in Cloudflare.
type GatewayListItem ¶
type GatewayListItem struct {
// Value is the list entry value.
// +kubebuilder:validation:Required
Value string `json:"value"`
// Description is an optional description for this item.
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
}
GatewayListItem represents a single list item.
func (*GatewayListItem) DeepCopy ¶
func (in *GatewayListItem) DeepCopy() *GatewayListItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListItem.
func (*GatewayListItem) DeepCopyInto ¶
func (in *GatewayListItem) DeepCopyInto(out *GatewayListItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayListList ¶
type GatewayListList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []GatewayList `json:"items"`
}
GatewayListList contains a list of GatewayList
func (*GatewayListList) DeepCopy ¶
func (in *GatewayListList) DeepCopy() *GatewayListList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListList.
func (*GatewayListList) DeepCopyInto ¶
func (in *GatewayListList) DeepCopyInto(out *GatewayListList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayListList) DeepCopyObject ¶
func (in *GatewayListList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GatewayListSpec ¶
type GatewayListSpec struct {
// Name of the Gateway List in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Description is a human-readable description.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=1000
Description string `json:"description,omitempty"`
// Type is the list type.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=SERIAL;URL;DOMAIN;EMAIL;IP
Type string `json:"type"`
// Items are the list entries.
// +kubebuilder:validation:Optional
Items []GatewayListItem `json:"items,omitempty"`
// ItemsFromConfigMap references a ConfigMap containing list items.
// +kubebuilder:validation:Optional
ItemsFromConfigMap *ConfigMapKeyRef `json:"itemsFromConfigMap,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
GatewayListSpec defines the desired state of GatewayList
func (*GatewayListSpec) DeepCopy ¶
func (in *GatewayListSpec) DeepCopy() *GatewayListSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListSpec.
func (*GatewayListSpec) DeepCopyInto ¶
func (in *GatewayListSpec) DeepCopyInto(out *GatewayListSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayListStatus ¶
type GatewayListStatus struct {
// ListID is the Cloudflare Gateway List ID.
// +kubebuilder:validation:Optional
ListID string `json:"listId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// ItemCount is the number of items in the list.
// +kubebuilder:validation:Optional
ItemCount int `json:"itemCount,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
GatewayListStatus defines the observed state
func (*GatewayListStatus) DeepCopy ¶
func (in *GatewayListStatus) DeepCopy() *GatewayListStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayListStatus.
func (*GatewayListStatus) DeepCopyInto ¶
func (in *GatewayListStatus) DeepCopyInto(out *GatewayListStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayRule ¶
type GatewayRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GatewayRuleSpec `json:"spec,omitempty"`
Status GatewayRuleStatus `json:"status,omitempty"`
}
GatewayRule is the Schema for the gatewayrules API.
func (*GatewayRule) DeepCopy ¶
func (in *GatewayRule) DeepCopy() *GatewayRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRule.
func (*GatewayRule) DeepCopyInto ¶
func (in *GatewayRule) DeepCopyInto(out *GatewayRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayRule) DeepCopyObject ¶
func (in *GatewayRule) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*GatewayRule) GetGatewayRuleName ¶
func (g *GatewayRule) GetGatewayRuleName() string
GetGatewayRuleName returns the name to use in Cloudflare.
type GatewayRuleExpiration ¶ added in v0.21.1
type GatewayRuleExpiration struct {
// ExpiresAt is when the rule expires (RFC3339 format).
// +kubebuilder:validation:Optional
ExpiresAt string `json:"expiresAt,omitempty"`
// Duration is the default expiration duration (e.g., "1h", "24h").
// +kubebuilder:validation:Optional
Duration string `json:"duration,omitempty"`
}
GatewayRuleExpiration defines when a DNS rule expires.
func (*GatewayRuleExpiration) DeepCopy ¶ added in v0.21.1
func (in *GatewayRuleExpiration) DeepCopy() *GatewayRuleExpiration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleExpiration.
func (*GatewayRuleExpiration) DeepCopyInto ¶ added in v0.21.1
func (in *GatewayRuleExpiration) DeepCopyInto(out *GatewayRuleExpiration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayRuleList ¶
type GatewayRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []GatewayRule `json:"items"`
}
GatewayRuleList contains a list of GatewayRule
func (*GatewayRuleList) DeepCopy ¶
func (in *GatewayRuleList) DeepCopy() *GatewayRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleList.
func (*GatewayRuleList) DeepCopyInto ¶
func (in *GatewayRuleList) DeepCopyInto(out *GatewayRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayRuleList) DeepCopyObject ¶
func (in *GatewayRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GatewayRuleSchedule ¶ added in v0.21.1
type GatewayRuleSchedule struct {
// TimeZone is the time zone for the schedule (e.g., "America/New_York").
// +kubebuilder:validation:Optional
TimeZone string `json:"timeZone,omitempty"`
// Mon is the schedule for Monday (e.g., "09:00-17:00").
// +kubebuilder:validation:Optional
Mon string `json:"mon,omitempty"`
// Tue is the schedule for Tuesday.
// +kubebuilder:validation:Optional
Tue string `json:"tue,omitempty"`
// Wed is the schedule for Wednesday.
// +kubebuilder:validation:Optional
Wed string `json:"wed,omitempty"`
// Thu is the schedule for Thursday.
// +kubebuilder:validation:Optional
Thu string `json:"thu,omitempty"`
// Fri is the schedule for Friday.
// +kubebuilder:validation:Optional
Fri string `json:"fri,omitempty"`
// Sat is the schedule for Saturday.
// +kubebuilder:validation:Optional
Sat string `json:"sat,omitempty"`
// Sun is the schedule for Sunday.
// +kubebuilder:validation:Optional
Sun string `json:"sun,omitempty"`
}
GatewayRuleSchedule defines when a rule is active.
func (*GatewayRuleSchedule) DeepCopy ¶ added in v0.21.1
func (in *GatewayRuleSchedule) DeepCopy() *GatewayRuleSchedule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSchedule.
func (*GatewayRuleSchedule) DeepCopyInto ¶ added in v0.21.1
func (in *GatewayRuleSchedule) DeepCopyInto(out *GatewayRuleSchedule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayRuleSettings ¶
type GatewayRuleSettings struct {
// BlockPageEnabled enables custom block page.
// +kubebuilder:validation:Optional
BlockPageEnabled *bool `json:"blockPageEnabled,omitempty"`
// BlockReason is shown on the block page.
// +kubebuilder:validation:Optional
BlockReason string `json:"blockReason,omitempty"`
// OverrideIPs for DNS override action.
// +kubebuilder:validation:Optional
OverrideIPs []string `json:"overrideIps,omitempty"`
// OverrideHost for DNS override action.
// +kubebuilder:validation:Optional
OverrideHost string `json:"overrideHost,omitempty"`
// L4Override for L4 override action.
// +kubebuilder:validation:Optional
L4Override *L4OverrideSettings `json:"l4Override,omitempty"`
// BISOAdminControls for browser isolation.
// +kubebuilder:validation:Optional
BISOAdminControls *BISOAdminControls `json:"bisoAdminControls,omitempty"`
// CheckSession enables session check.
// +kubebuilder:validation:Optional
CheckSession *SessionSettings `json:"checkSession,omitempty"`
// AddHeaders adds headers to requests.
// +kubebuilder:validation:Optional
AddHeaders map[string]string `json:"addHeaders,omitempty"`
// InsecureDisableDNSSECValidation disables DNSSEC validation.
// +kubebuilder:validation:Optional
InsecureDisableDNSSECValidation *bool `json:"insecureDisableDnssecValidation,omitempty"`
// EgressSettings for egress action.
// +kubebuilder:validation:Optional
Egress *EgressSettings `json:"egress,omitempty"`
// PayloadLog configures logging.
// +kubebuilder:validation:Optional
PayloadLog *PayloadLogSettings `json:"payloadLog,omitempty"`
// UntrustedCertificateAction for TLS inspection.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=pass_through;block;error
UntrustedCertificateAction string `json:"untrustedCertificateAction,omitempty"`
// AuditSSH enables SSH command logging.
// +kubebuilder:validation:Optional
AuditSSH *AuditSSHSettings `json:"auditSsh,omitempty"`
// ResolveDNSInternally enables internal DNS resolution with view_id.
// +kubebuilder:validation:Optional
ResolveDNSInternally *ResolveDNSInternallySettings `json:"resolveDnsInternally,omitempty"`
// ResolveDNSThroughCloudflare sends DNS to 1.1.1.1.
// +kubebuilder:validation:Optional
ResolveDNSThroughCloudflare *bool `json:"resolveDnsThroughCloudflare,omitempty"`
// DNSResolvers contains custom DNS resolver settings.
// +kubebuilder:validation:Optional
DNSResolvers *DNSResolversSettings `json:"dnsResolvers,omitempty"`
// NotificationSettings for alerts.
// +kubebuilder:validation:Optional
NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
// AllowChildBypass allows child MSP accounts to bypass.
// +kubebuilder:validation:Optional
AllowChildBypass *bool `json:"allowChildBypass,omitempty"`
// BypassParentRule allows bypassing parent MSP rules.
// +kubebuilder:validation:Optional
BypassParentRule *bool `json:"bypassParentRule,omitempty"`
// IgnoreCNAMECategoryMatches ignores category at CNAME domains.
// +kubebuilder:validation:Optional
IgnoreCNAMECategoryMatches *bool `json:"ignoreCnameCategoryMatches,omitempty"`
// IPCategories enables IPs in DNS resolver category blocks.
// +kubebuilder:validation:Optional
IPCategories *bool `json:"ipCategories,omitempty"`
// IPIndicatorFeeds includes IPs in indicator feed blocks.
// +kubebuilder:validation:Optional
IPIndicatorFeeds *bool `json:"ipIndicatorFeeds,omitempty"`
// Quarantine settings for quarantine action.
// +kubebuilder:validation:Optional
Quarantine *QuarantineSettings `json:"quarantine,omitempty"`
}
GatewayRuleSettings contains action-specific settings.
func (*GatewayRuleSettings) DeepCopy ¶
func (in *GatewayRuleSettings) DeepCopy() *GatewayRuleSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSettings.
func (*GatewayRuleSettings) DeepCopyInto ¶
func (in *GatewayRuleSettings) DeepCopyInto(out *GatewayRuleSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayRuleSpec ¶
type GatewayRuleSpec struct {
// Name of the Gateway Rule in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Description is a human-readable description.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=1000
Description string `json:"description,omitempty"`
// Precedence determines the order of rule evaluation (lower = earlier).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Minimum=0
Precedence int `json:"precedence"`
// Enabled controls whether the rule is active.
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// Action is what happens when the rule matches.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=on;off;allow;block;scan;noscan;safesearch;ytrestricted;isolate;noisolate;override;l4_override;egress;resolve;quarantine
Action string `json:"action"`
// Filters specifies which types of traffic this rule applies to.
// +kubebuilder:validation:Optional
Filters []string `json:"filters,omitempty"`
// Traffic is the wirefilter expression for traffic matching.
// +kubebuilder:validation:Optional
Traffic string `json:"traffic,omitempty"`
// Identity is the wirefilter expression for identity matching.
// +kubebuilder:validation:Optional
Identity string `json:"identity,omitempty"`
// DevicePosture is the wirefilter expression for device posture matching.
// +kubebuilder:validation:Optional
DevicePosture string `json:"devicePosture,omitempty"`
// RuleSettings contains action-specific settings.
// +kubebuilder:validation:Optional
RuleSettings *GatewayRuleSettings `json:"ruleSettings,omitempty"`
// Schedule defines when the rule is active.
// +kubebuilder:validation:Optional
Schedule *GatewayRuleSchedule `json:"schedule,omitempty"`
// Expiration defines when the rule expires (for DNS policies).
// +kubebuilder:validation:Optional
Expiration *GatewayRuleExpiration `json:"expiration,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
GatewayRuleSpec defines the desired state of GatewayRule
func (*GatewayRuleSpec) DeepCopy ¶
func (in *GatewayRuleSpec) DeepCopy() *GatewayRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleSpec.
func (*GatewayRuleSpec) DeepCopyInto ¶
func (in *GatewayRuleSpec) DeepCopyInto(out *GatewayRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayRuleStatus ¶
type GatewayRuleStatus struct {
// RuleID is the Cloudflare Gateway Rule ID.
// +kubebuilder:validation:Optional
RuleID string `json:"ruleId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
GatewayRuleStatus defines the observed state
func (*GatewayRuleStatus) DeepCopy ¶
func (in *GatewayRuleStatus) DeepCopy() *GatewayRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayRuleStatus.
func (*GatewayRuleStatus) DeepCopyInto ¶
func (in *GatewayRuleStatus) DeepCopyInto(out *GatewayRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewaySettings ¶
type GatewaySettings struct {
// TLSDecrypt enables TLS decryption.
// +kubebuilder:validation:Optional
TLSDecrypt *TLSDecryptSettings `json:"tlsDecrypt,omitempty"`
// ActivityLog configures activity logging.
// +kubebuilder:validation:Optional
ActivityLog *ActivityLogSettings `json:"activityLog,omitempty"`
// AntiVirus configures AV scanning.
// +kubebuilder:validation:Optional
AntiVirus *AntiVirusSettings `json:"antiVirus,omitempty"`
// BlockPage configures the block page.
// +kubebuilder:validation:Optional
BlockPage *BlockPageSettings `json:"blockPage,omitempty"`
// BodyScanning configures body scanning.
// +kubebuilder:validation:Optional
BodyScanning *BodyScanningSettings `json:"bodyScanning,omitempty"`
// BrowserIsolation configures browser isolation.
// +kubebuilder:validation:Optional
BrowserIsolation *BrowserIsolationSettings `json:"browserIsolation,omitempty"`
// FIPS enables FIPS mode.
// +kubebuilder:validation:Optional
FIPS *FIPSSettings `json:"fips,omitempty"`
// ProtocolDetection enables protocol detection.
// +kubebuilder:validation:Optional
ProtocolDetection *ProtocolDetectionSettings `json:"protocolDetection,omitempty"`
// CustomCertificate configures custom root CA.
// +kubebuilder:validation:Optional
CustomCertificate *CustomCertificateSettings `json:"customCertificate,omitempty"`
// NonIdentityBrowserIsolation configures non-identity isolation.
// +kubebuilder:validation:Optional
NonIdentityBrowserIsolation *NonIdentityBrowserIsolationSettings `json:"nonIdentityBrowserIsolation,omitempty"`
}
GatewaySettings contains Gateway configuration.
func (*GatewaySettings) DeepCopy ¶
func (in *GatewaySettings) DeepCopy() *GatewaySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewaySettings.
func (*GatewaySettings) DeepCopyInto ¶
func (in *GatewaySettings) DeepCopyInto(out *GatewaySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderModification ¶ added in v0.20.0
type HeaderModification struct {
// Name is the header name
// +kubebuilder:validation:Required
Name string `json:"name"`
// Operation is the operation to perform
// +kubebuilder:validation:Required
Operation HeaderOperation `json:"operation"`
// Value is the static header value (for set/add operations)
// +kubebuilder:validation:Optional
Value string `json:"value,omitempty"`
// Expression is a dynamic expression for the value
// Example: ip.geoip.country
// +kubebuilder:validation:Optional
Expression string `json:"expression,omitempty"`
}
HeaderModification defines a header modification
func (*HeaderModification) DeepCopy ¶ added in v0.20.0
func (in *HeaderModification) DeepCopy() *HeaderModification
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderModification.
func (*HeaderModification) DeepCopyInto ¶ added in v0.20.0
func (in *HeaderModification) DeepCopyInto(out *HeaderModification)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderOperation ¶ added in v0.20.0
type HeaderOperation string
HeaderOperation represents the operation to perform on a header +kubebuilder:validation:Enum=set;add;remove
const ( // HeaderOperationSet sets the header value (overwrites if exists) HeaderOperationSet HeaderOperation = "set" // HeaderOperationAdd adds a value to the header (preserves existing) HeaderOperationAdd HeaderOperation = "add" // HeaderOperationRemove removes the header HeaderOperationRemove HeaderOperation = "remove" )
type HybridAndImplicitOptions ¶ added in v0.21.1
type HybridAndImplicitOptions struct {
// ReturnIDTokenFromAuthorizationEndpoint indicates whether to return an ID token
// from the authorization endpoint.
// +kubebuilder:validation:Optional
ReturnIDTokenFromAuthorizationEndpoint *bool `json:"returnIdTokenFromAuthorizationEndpoint,omitempty"`
// ReturnAccessTokenFromAuthorizationEndpoint indicates whether to return an access token
// from the authorization endpoint.
// +kubebuilder:validation:Optional
ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"returnAccessTokenFromAuthorizationEndpoint,omitempty"`
}
HybridAndImplicitOptions configures hybrid and implicit flow options.
func (*HybridAndImplicitOptions) DeepCopy ¶ added in v0.21.1
func (in *HybridAndImplicitOptions) DeepCopy() *HybridAndImplicitOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HybridAndImplicitOptions.
func (*HybridAndImplicitOptions) DeepCopyInto ¶ added in v0.21.1
func (in *HybridAndImplicitOptions) DeepCopyInto(out *HybridAndImplicitOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IdentityProviderConfig ¶
type IdentityProviderConfig struct {
// ClientID is the OAuth client ID.
// +kubebuilder:validation:Optional
ClientID string `json:"clientId,omitempty"`
// ClientSecret is the OAuth client secret (use ConfigSecretRef for sensitive values).
// +kubebuilder:validation:Optional
ClientSecret string `json:"clientSecret,omitempty"`
// AppsDomain is the Google Workspace domain.
// +kubebuilder:validation:Optional
AppsDomain string `json:"appsDomain,omitempty"`
// AuthURL is the authorization URL (OIDC/OAuth).
// +kubebuilder:validation:Optional
AuthURL string `json:"authUrl,omitempty"`
// TokenURL is the token endpoint URL.
// +kubebuilder:validation:Optional
TokenURL string `json:"tokenUrl,omitempty"`
// CertsURL is the JWKS endpoint URL.
// +kubebuilder:validation:Optional
CertsURL string `json:"certsUrl,omitempty"`
// Scopes are the OAuth scopes to request.
// +kubebuilder:validation:Optional
Scopes []string `json:"scopes,omitempty"`
// Attributes are custom attributes to include in tokens.
// +kubebuilder:validation:Optional
Attributes []string `json:"attributes,omitempty"`
// IdPPublicCert is the IdP's public certificate for SAML (single cert).
// +kubebuilder:validation:Optional
IdPPublicCert string `json:"idpPublicCert,omitempty"`
// IdPPublicCerts are the IdP's public certificates for SAML (multiple certs).
//
// Deprecated: Use IdPPublicCert instead.
// +kubebuilder:validation:Optional
IdPPublicCerts []string `json:"idpPublicCerts,omitempty"`
// IssuerURL is the OIDC issuer URL.
// +kubebuilder:validation:Optional
IssuerURL string `json:"issuerUrl,omitempty"`
// SSOTargetURL is the SAML SSO URL.
// +kubebuilder:validation:Optional
SSOTargetURL string `json:"ssoTargetUrl,omitempty"`
// SignRequest enables SAML request signing.
// +kubebuilder:validation:Optional
SignRequest *bool `json:"signRequest,omitempty"`
// EmailClaimName is the claim containing the user's email.
// +kubebuilder:validation:Optional
EmailClaimName string `json:"emailClaimName,omitempty"`
// DirectoryID is the Azure AD directory ID.
// +kubebuilder:validation:Optional
DirectoryID string `json:"directoryId,omitempty"`
// SupportGroups enables group sync.
// +kubebuilder:validation:Optional
SupportGroups *bool `json:"supportGroups,omitempty"`
// PKCEEnabled enables PKCE.
// +kubebuilder:validation:Optional
PKCEEnabled *bool `json:"pkceEnabled,omitempty"`
// ConditionalAccessEnabled enables Azure AD conditional access.
// +kubebuilder:validation:Optional
ConditionalAccessEnabled *bool `json:"conditionalAccessEnabled,omitempty"`
// Claims are custom OIDC claims to include.
// +kubebuilder:validation:Optional
Claims []string `json:"claims,omitempty"`
// EmailAttributeName is the SAML attribute containing email.
// +kubebuilder:validation:Optional
EmailAttributeName string `json:"emailAttributeName,omitempty"`
// HeaderAttributes are SAML attributes to pass as headers.
// +kubebuilder:validation:Optional
HeaderAttributes []SAMLHeaderAttribute `json:"headerAttributes,omitempty"`
// APIToken is the API token (GitHub, etc).
// +kubebuilder:validation:Optional
APIToken string `json:"apiToken,omitempty"`
// OktaAccount is the Okta organization URL.
// +kubebuilder:validation:Optional
OktaAccount string `json:"oktaAccount,omitempty"`
// OktaAuthorizationServerID is the Okta authorization server ID.
// +kubebuilder:validation:Optional
OktaAuthorizationServerID string `json:"oktaAuthorizationServerId,omitempty"`
// OneloginAccount is the OneLogin subdomain.
// +kubebuilder:validation:Optional
OneloginAccount string `json:"oneloginAccount,omitempty"`
// PingEnvID is the PingOne environment ID.
// +kubebuilder:validation:Optional
PingEnvID string `json:"pingEnvId,omitempty"`
// CentrifyAccount is the Centrify account.
// +kubebuilder:validation:Optional
CentrifyAccount string `json:"centrifyAccount,omitempty"`
// CentrifyAppID is the Centrify app ID.
// +kubebuilder:validation:Optional
CentrifyAppID string `json:"centrifyAppId,omitempty"`
// RedirectURL is the callback URL.
// +kubebuilder:validation:Optional
RedirectURL string `json:"redirectUrl,omitempty"`
}
IdentityProviderConfig contains provider configuration.
func (*IdentityProviderConfig) DeepCopy ¶
func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig.
func (*IdentityProviderConfig) DeepCopyInto ¶
func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IdentityProviderScimConfig ¶ added in v0.21.1
type IdentityProviderScimConfig struct {
// Enabled enables SCIM provisioning.
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty"`
// Secret is the SCIM secret (should use a Secret reference in production).
// +kubebuilder:validation:Optional
Secret string `json:"secret,omitempty"`
// UserDeprovision enables automatic user deprovisioning.
// +kubebuilder:validation:Optional
UserDeprovision *bool `json:"userDeprovision,omitempty"`
// SeatDeprovision enables automatic seat deprovisioning.
// +kubebuilder:validation:Optional
SeatDeprovision *bool `json:"seatDeprovision,omitempty"`
// GroupMemberDeprovision enables automatic group member deprovisioning.
// +kubebuilder:validation:Optional
GroupMemberDeprovision *bool `json:"groupMemberDeprovision,omitempty"`
// IdentityUpdateBehavior controls how identity updates are handled.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=automatic;reauth;no_action
IdentityUpdateBehavior string `json:"identityUpdateBehavior,omitempty"`
}
IdentityProviderScimConfig contains SCIM provisioning configuration.
func (*IdentityProviderScimConfig) DeepCopy ¶ added in v0.21.1
func (in *IdentityProviderScimConfig) DeepCopy() *IdentityProviderScimConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderScimConfig.
func (*IdentityProviderScimConfig) DeepCopyInto ¶ added in v0.21.1
func (in *IdentityProviderScimConfig) DeepCopyInto(out *IdentityProviderScimConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type L4OverrideSettings ¶
L4OverrideSettings for L4 override.
func (*L4OverrideSettings) DeepCopy ¶
func (in *L4OverrideSettings) DeepCopy() *L4OverrideSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4OverrideSettings.
func (*L4OverrideSettings) DeepCopyInto ¶
func (in *L4OverrideSettings) DeepCopyInto(out *L4OverrideSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MinifyConfig ¶ added in v0.20.0
type MinifyConfig struct {
// HTML enables HTML minification
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
HTML bool `json:"html,omitempty"`
// CSS enables CSS minification
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
CSS bool `json:"css,omitempty"`
// JavaScript enables JavaScript minification
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
JavaScript bool `json:"javascript,omitempty"`
}
MinifyConfig configures code minification
func (*MinifyConfig) DeepCopy ¶ added in v0.20.0
func (in *MinifyConfig) DeepCopy() *MinifyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MinifyConfig.
func (*MinifyConfig) DeepCopyInto ¶ added in v0.20.0
func (in *MinifyConfig) DeepCopyInto(out *MinifyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkRoute ¶
type NetworkRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec NetworkRouteSpec `json:"spec,omitempty"`
Status NetworkRouteStatus `json:"status,omitempty"`
}
NetworkRoute is the Schema for the networkroutes API. A NetworkRoute defines a CIDR range to be routed through a Cloudflare Tunnel, enabling private network access via WARP clients.
func (*NetworkRoute) DeepCopy ¶
func (in *NetworkRoute) DeepCopy() *NetworkRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRoute.
func (*NetworkRoute) DeepCopyInto ¶
func (in *NetworkRoute) DeepCopyInto(out *NetworkRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkRoute) DeepCopyObject ¶
func (in *NetworkRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkRouteList ¶
type NetworkRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []NetworkRoute `json:"items"`
}
NetworkRouteList contains a list of NetworkRoute
func (*NetworkRouteList) DeepCopy ¶
func (in *NetworkRouteList) DeepCopy() *NetworkRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteList.
func (*NetworkRouteList) DeepCopyInto ¶
func (in *NetworkRouteList) DeepCopyInto(out *NetworkRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkRouteList) DeepCopyObject ¶
func (in *NetworkRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkRouteSpec ¶
type NetworkRouteSpec struct {
// Network is the CIDR notation for the IP range to route (e.g., "10.0.0.0/8").
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
Network string `json:"network"`
// TunnelRef references the Tunnel or ClusterTunnel that will handle this route.
// +kubebuilder:validation:Required
TunnelRef TunnelRef `json:"tunnelRef"`
// VirtualNetworkRef references the VirtualNetwork for this route.
// If not specified, the default Virtual Network will be used.
// +kubebuilder:validation:Optional
VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`
// Comment is an optional description for the route.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=500
Comment string `json:"comment,omitempty"`
// Cloudflare contains the Cloudflare API credentials and account information.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
NetworkRouteSpec defines the desired state of NetworkRoute
func (*NetworkRouteSpec) DeepCopy ¶
func (in *NetworkRouteSpec) DeepCopy() *NetworkRouteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteSpec.
func (*NetworkRouteSpec) DeepCopyInto ¶
func (in *NetworkRouteSpec) DeepCopyInto(out *NetworkRouteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkRouteStatus ¶
type NetworkRouteStatus struct {
// Network is the CIDR from the route in Cloudflare.
// +kubebuilder:validation:Optional
Network string `json:"network,omitempty"`
// TunnelID is the Cloudflare Tunnel ID this route points to.
// +kubebuilder:validation:Optional
TunnelID string `json:"tunnelId,omitempty"`
// TunnelName is the name of the Tunnel in Cloudflare.
// +kubebuilder:validation:Optional
TunnelName string `json:"tunnelName,omitempty"`
// VirtualNetworkID is the Cloudflare Virtual Network ID.
// +kubebuilder:validation:Optional
VirtualNetworkID string `json:"virtualNetworkId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state of the route.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations of the NetworkRoute's state.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed by the controller.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
NetworkRouteStatus defines the observed state of NetworkRoute
func (*NetworkRouteStatus) DeepCopy ¶
func (in *NetworkRouteStatus) DeepCopy() *NetworkRouteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRouteStatus.
func (*NetworkRouteStatus) DeepCopyInto ¶
func (in *NetworkRouteStatus) DeepCopyInto(out *NetworkRouteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NewTunnel ¶
type NewTunnel struct {
// +kubebuilder:validation:Required
// Tunnel name to create on Cloudflare.
Name string `json:"name,omitempty"`
}
NewTunnel spec needs a name to create a Tunnel on Cloudflare.
func (*NewTunnel) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NewTunnel.
func (*NewTunnel) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NonIdentityBrowserIsolationSettings ¶
type NonIdentityBrowserIsolationSettings struct {
Enabled bool `json:"enabled"`
}
NonIdentityBrowserIsolationSettings for non-identity isolation.
func (*NonIdentityBrowserIsolationSettings) DeepCopy ¶
func (in *NonIdentityBrowserIsolationSettings) DeepCopy() *NonIdentityBrowserIsolationSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonIdentityBrowserIsolationSettings.
func (*NonIdentityBrowserIsolationSettings) DeepCopyInto ¶
func (in *NonIdentityBrowserIsolationSettings) DeepCopyInto(out *NonIdentityBrowserIsolationSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NotificationSettings ¶
type NotificationSettings struct {
Enabled bool `json:"enabled"`
Message string `json:"message,omitempty"`
SupportURL string `json:"supportUrl,omitempty"`
}
NotificationSettings for alerts.
func (*NotificationSettings) DeepCopy ¶
func (in *NotificationSettings) DeepCopy() *NotificationSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotificationSettings.
func (*NotificationSettings) DeepCopyInto ¶
func (in *NotificationSettings) DeepCopyInto(out *NotificationSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCClaimConfig ¶ added in v0.21.1
type OIDCClaimConfig struct {
// Name is the claim name.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Source specifies the source of the claim value.
// +kubebuilder:validation:Required
Source OIDCClaimSource `json:"source"`
// Required indicates if this claim is required.
// +kubebuilder:validation:Optional
Required bool `json:"required,omitempty"`
// Scope is the scope for this claim.
// +kubebuilder:validation:Optional
Scope string `json:"scope,omitempty"`
}
OIDCClaimConfig represents a custom OIDC claim.
func (*OIDCClaimConfig) DeepCopy ¶ added in v0.21.1
func (in *OIDCClaimConfig) DeepCopy() *OIDCClaimConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClaimConfig.
func (*OIDCClaimConfig) DeepCopyInto ¶ added in v0.21.1
func (in *OIDCClaimConfig) DeepCopyInto(out *OIDCClaimConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCClaimSource ¶ added in v0.21.1
type OIDCClaimSource struct {
// Name is the name of the source attribute.
// +kubebuilder:validation:Required
Name string `json:"name"`
// NameByIDP is a map of IdP name to claim name.
// +kubebuilder:validation:Optional
NameByIDP map[string]string `json:"nameByIdp,omitempty"`
}
OIDCClaimSource specifies the source of an OIDC claim.
func (*OIDCClaimSource) DeepCopy ¶ added in v0.21.1
func (in *OIDCClaimSource) DeepCopy() *OIDCClaimSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClaimSource.
func (*OIDCClaimSource) DeepCopyInto ¶ added in v0.21.1
func (in *OIDCClaimSource) DeepCopyInto(out *OIDCClaimSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OriginCACertificate ¶ added in v0.20.0
type OriginCACertificate struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec OriginCACertificateSpec `json:"spec,omitempty"`
Status OriginCACertificateStatus `json:"status,omitempty"`
}
OriginCACertificate manages Cloudflare Origin CA certificates. These certificates are trusted by Cloudflare's edge servers and can be used for SSL/TLS encryption between Cloudflare and your origin server.
The controller can optionally sync the certificate to a Kubernetes Secret in cert-manager compatible format for use with Ingress or other TLS consumers.
func (*OriginCACertificate) DeepCopy ¶ added in v0.20.0
func (in *OriginCACertificate) DeepCopy() *OriginCACertificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificate.
func (*OriginCACertificate) DeepCopyInto ¶ added in v0.20.0
func (in *OriginCACertificate) DeepCopyInto(out *OriginCACertificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OriginCACertificate) DeepCopyObject ¶ added in v0.20.0
func (in *OriginCACertificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OriginCACertificateList ¶ added in v0.20.0
type OriginCACertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OriginCACertificate `json:"items"`
}
OriginCACertificateList contains a list of OriginCACertificate
func (*OriginCACertificateList) DeepCopy ¶ added in v0.20.0
func (in *OriginCACertificateList) DeepCopy() *OriginCACertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateList.
func (*OriginCACertificateList) DeepCopyInto ¶ added in v0.20.0
func (in *OriginCACertificateList) DeepCopyInto(out *OriginCACertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OriginCACertificateList) DeepCopyObject ¶ added in v0.20.0
func (in *OriginCACertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OriginCACertificateSpec ¶ added in v0.20.0
type OriginCACertificateSpec struct {
// Hostnames are the domain names the certificate should be valid for
// Supports wildcards (e.g., "*.example.com")
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Hostnames []string `json:"hostnames"`
// RequestType specifies the certificate type (RSA or ECC)
// +kubebuilder:validation:Optional
// +kubebuilder:default=origin-rsa
RequestType CertificateRequestType `json:"requestType,omitempty"`
// Validity specifies the certificate validity period in days
// +kubebuilder:validation:Optional
// +kubebuilder:default=5475
Validity CertificateValidity `json:"validity,omitempty"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
// PrivateKey configures the private key generation or reference
// +kubebuilder:validation:Optional
PrivateKey *PrivateKeySpec `json:"privateKey,omitempty"`
// SecretSync configures syncing the certificate to a Kubernetes Secret
// +kubebuilder:validation:Optional
SecretSync *SecretSyncConfig `json:"secretSync,omitempty"`
// Renewal configures automatic certificate renewal
// +kubebuilder:validation:Optional
Renewal *RenewalConfig `json:"renewal,omitempty"`
// CSR is an optional Certificate Signing Request
// If provided, the controller will use this CSR instead of generating one
// +kubebuilder:validation:Optional
CSR string `json:"csr,omitempty"`
}
OriginCACertificateSpec defines the desired state of OriginCACertificate
func (*OriginCACertificateSpec) DeepCopy ¶ added in v0.20.0
func (in *OriginCACertificateSpec) DeepCopy() *OriginCACertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateSpec.
func (*OriginCACertificateSpec) DeepCopyInto ¶ added in v0.20.0
func (in *OriginCACertificateSpec) DeepCopyInto(out *OriginCACertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OriginCACertificateState ¶ added in v0.20.0
type OriginCACertificateState string
OriginCACertificateState represents the state of the certificate +kubebuilder:validation:Enum=Pending;Issuing;Ready;Renewing;Error;Revoked
const ( // OriginCACertificateStatePending means the certificate is waiting to be issued OriginCACertificateStatePending OriginCACertificateState = "Pending" // OriginCACertificateStateIssuing means the certificate is being issued OriginCACertificateStateIssuing OriginCACertificateState = "Issuing" // OriginCACertificateStateReady means the certificate is issued and ready OriginCACertificateStateReady OriginCACertificateState = "Ready" // OriginCACertificateStateRenewing means the certificate is being renewed OriginCACertificateStateRenewing OriginCACertificateState = "Renewing" // OriginCACertificateStateError means there was an error with the certificate OriginCACertificateStateError OriginCACertificateState = "Error" // OriginCACertificateStateRevoked means the certificate has been revoked OriginCACertificateStateRevoked OriginCACertificateState = "Revoked" )
type OriginCACertificateStatus ¶ added in v0.20.0
type OriginCACertificateStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the certificate
// +optional
State OriginCACertificateState `json:"state,omitempty"`
// CertificateID is the Cloudflare certificate ID
// +optional
CertificateID string `json:"certificateId,omitempty"`
// Certificate is the PEM-encoded certificate (public key)
// +optional
Certificate string `json:"certificate,omitempty"`
// ExpiresAt is the certificate expiration time
// +optional
ExpiresAt *metav1.Time `json:"expiresAt,omitempty"`
// IssuedAt is the time the certificate was issued
// +optional
IssuedAt *metav1.Time `json:"issuedAt,omitempty"`
// RevokedAt is the time the certificate was revoked (if revoked)
// +optional
RevokedAt *metav1.Time `json:"revokedAt,omitempty"`
// RenewalTime is the next scheduled renewal time
// +optional
RenewalTime *metav1.Time `json:"renewalTime,omitempty"`
// SecretName is the name of the synced Secret
// +optional
SecretName string `json:"secretName,omitempty"`
// SecretNamespace is the namespace of the synced Secret
// +optional
SecretNamespace string `json:"secretNamespace,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
OriginCACertificateStatus defines the observed state of OriginCACertificate
func (*OriginCACertificateStatus) DeepCopy ¶ added in v0.20.0
func (in *OriginCACertificateStatus) DeepCopy() *OriginCACertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginCACertificateStatus.
func (*OriginCACertificateStatus) DeepCopyInto ¶ added in v0.20.0
func (in *OriginCACertificateStatus) DeepCopyInto(out *OriginCACertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OriginRequestSpec ¶ added in v0.18.1
type OriginRequestSpec struct {
// NoTLSVerify disables TLS verification for HTTPS origins
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
NoTLSVerify bool `json:"noTlsVerify,omitempty"`
// HTTP2Origin enables HTTP/2 to origin (origin must be HTTPS)
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
HTTP2Origin bool `json:"http2Origin,omitempty"`
// ConnectTimeout for establishing connection to origin (e.g., "30s")
// +kubebuilder:validation:Optional
ConnectTimeout string `json:"connectTimeout,omitempty"`
// TLSTimeout for TLS handshake with origin (e.g., "10s")
// +kubebuilder:validation:Optional
TLSTimeout string `json:"tlsTimeout,omitempty"`
// KeepAliveTimeout for idle connections to origin (e.g., "90s")
// +kubebuilder:validation:Optional
KeepAliveTimeout string `json:"keepAliveTimeout,omitempty"`
// KeepAliveConnections is the maximum number of idle connections to keep open
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
KeepAliveConnections *int `json:"keepAliveConnections,omitempty"`
// CAPool is the name of a Secret containing CA certificate (tls.crt) for backend verification
// +kubebuilder:validation:Optional
CAPool string `json:"caPool,omitempty"`
// OriginServerName overrides the hostname used for TLS verification
// +kubebuilder:validation:Optional
OriginServerName string `json:"originServerName,omitempty"`
// HTTPHostHeader overrides the Host header sent to origin
// +kubebuilder:validation:Optional
HTTPHostHeader string `json:"httpHostHeader,omitempty"`
// ProxyAddress for bastion/SOCKS mode
// +kubebuilder:validation:Optional
ProxyAddress string `json:"proxyAddress,omitempty"`
// ProxyPort for bastion/SOCKS mode
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
ProxyPort *uint16 `json:"proxyPort,omitempty"`
// ProxyType specifies the proxy type: "" (none) or "socks"
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum="";socks
ProxyType string `json:"proxyType,omitempty"`
// DisableChunkedEncoding disables chunked transfer encoding for HTTP requests
// +kubebuilder:validation:Optional
DisableChunkedEncoding *bool `json:"disableChunkedEncoding,omitempty"`
// BastionMode enables bastion mode for the tunnel
// +kubebuilder:validation:Optional
BastionMode *bool `json:"bastionMode,omitempty"`
}
OriginRequestSpec defines origin request configuration for backend connections
func (*OriginRequestSpec) DeepCopy ¶ added in v0.18.1
func (in *OriginRequestSpec) DeepCopy() *OriginRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginRequestSpec.
func (*OriginRequestSpec) DeepCopyInto ¶ added in v0.18.1
func (in *OriginRequestSpec) DeepCopyInto(out *OriginRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PayloadLogSettings ¶
type PayloadLogSettings struct {
Enabled bool `json:"enabled"`
}
PayloadLogSettings for logging.
func (*PayloadLogSettings) DeepCopy ¶
func (in *PayloadLogSettings) DeepCopy() *PayloadLogSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PayloadLogSettings.
func (*PayloadLogSettings) DeepCopyInto ¶
func (in *PayloadLogSettings) DeepCopyInto(out *PayloadLogSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PerformanceConfig ¶ added in v0.20.0
type PerformanceConfig struct {
// Brotli enables Brotli compression
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Brotli *bool `json:"brotli,omitempty"`
// HTTP2 enables HTTP/2 support
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
HTTP2 *bool `json:"http2,omitempty"`
// HTTP3 enables HTTP/3 (QUIC) support
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
HTTP3 *bool `json:"http3,omitempty"`
// ZeroRTT enables 0-RTT Connection Resumption
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
ZeroRTT *bool `json:"zeroRTT,omitempty"`
// Minify configures code minification
// +kubebuilder:validation:Optional
Minify *MinifyConfig `json:"minify,omitempty"`
// Polish configures image optimization mode
// Requires Pro plan or higher
// +kubebuilder:validation:Optional
// +kubebuilder:default=off
Polish PolishMode `json:"polish,omitempty"`
// WebP enables WebP image conversion
// Requires Pro plan or higher
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
WebP bool `json:"webp,omitempty"`
// Mirage enables mobile image optimization
// Requires Pro plan or higher
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Mirage bool `json:"mirage,omitempty"`
// EarlyHints enables 103 Early Hints
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
EarlyHints *bool `json:"earlyHints,omitempty"`
// RocketLoader optimizes JavaScript loading
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
RocketLoader bool `json:"rocketLoader,omitempty"`
// PrefetchPreload enables prefetch and preload
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
PrefetchPreload *bool `json:"prefetchPreload,omitempty"`
// IPGeolocation adds visitor's country to request headers
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
IPGeolocation *bool `json:"ipGeolocation,omitempty"`
// Websockets enables WebSocket support
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Websockets *bool `json:"websockets,omitempty"`
}
PerformanceConfig defines performance settings for a domain
func (*PerformanceConfig) DeepCopy ¶ added in v0.20.0
func (in *PerformanceConfig) DeepCopy() *PerformanceConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceConfig.
func (*PerformanceConfig) DeepCopyInto ¶ added in v0.20.0
func (in *PerformanceConfig) DeepCopyInto(out *PerformanceConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolishMode ¶ added in v0.20.0
type PolishMode string
PolishMode represents image optimization mode +kubebuilder:validation:Enum=off;lossless;lossy
const ( PolishModeOff PolishMode = "off" PolishModeLossless PolishMode = "lossless" PolishModeLossy PolishMode = "lossy" )
type PrivateKeySpec ¶ added in v0.20.0
type PrivateKeySpec struct {
// Algorithm specifies the private key algorithm
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=RSA;ECDSA
// +kubebuilder:default=RSA
Algorithm string `json:"algorithm,omitempty"`
// Size specifies the key size in bits (for RSA) or curve (for ECDSA)
// For RSA: 2048, 4096. For ECDSA: 256, 384
// +kubebuilder:validation:Optional
// +kubebuilder:default=2048
Size int `json:"size,omitempty"`
// SecretRef references an existing Secret containing the private key
// If specified, the controller will use this key instead of generating one
// The Secret must contain a "private-key" or "tls.key" key
// +kubebuilder:validation:Optional
SecretRef *SecretKeyReference `json:"secretRef,omitempty"`
}
PrivateKeySpec configures how the private key is handled
func (*PrivateKeySpec) DeepCopy ¶ added in v0.20.0
func (in *PrivateKeySpec) DeepCopy() *PrivateKeySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateKeySpec.
func (*PrivateKeySpec) DeepCopyInto ¶ added in v0.20.0
func (in *PrivateKeySpec) DeepCopyInto(out *PrivateKeySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrivateService ¶
type PrivateService struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec PrivateServiceSpec `json:"spec,omitempty"`
Status PrivateServiceStatus `json:"status,omitempty"`
}
PrivateService is the Schema for the privateservices API. A PrivateService exposes a Kubernetes Service privately through a Cloudflare Tunnel, making it accessible only to authenticated WARP clients.
func (*PrivateService) DeepCopy ¶
func (in *PrivateService) DeepCopy() *PrivateService
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateService.
func (*PrivateService) DeepCopyInto ¶
func (in *PrivateService) DeepCopyInto(out *PrivateService)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PrivateService) DeepCopyObject ¶
func (in *PrivateService) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PrivateServiceList ¶
type PrivateServiceList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []PrivateService `json:"items"`
}
PrivateServiceList contains a list of PrivateService
func (*PrivateServiceList) DeepCopy ¶
func (in *PrivateServiceList) DeepCopy() *PrivateServiceList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceList.
func (*PrivateServiceList) DeepCopyInto ¶
func (in *PrivateServiceList) DeepCopyInto(out *PrivateServiceList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PrivateServiceList) DeepCopyObject ¶
func (in *PrivateServiceList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PrivateServiceSpec ¶
type PrivateServiceSpec struct {
// ServiceRef references the Kubernetes Service to expose privately.
// The Service must be in the same namespace as the PrivateService.
// +kubebuilder:validation:Required
ServiceRef ServiceRef `json:"serviceRef"`
// TunnelRef references the Tunnel or ClusterTunnel that will handle this private service.
// +kubebuilder:validation:Required
TunnelRef TunnelRef `json:"tunnelRef"`
// VirtualNetworkRef references the VirtualNetwork for this private service.
// If not specified, the default Virtual Network will be used.
// +kubebuilder:validation:Optional
VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`
// Protocol specifies the protocol to use for the private service.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=tcp;udp
// +kubebuilder:default=tcp
Protocol string `json:"protocol,omitempty"`
// Comment is an optional description for the private service.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=500
Comment string `json:"comment,omitempty"`
// Cloudflare contains the Cloudflare API credentials and account information.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
PrivateServiceSpec defines the desired state of PrivateService
func (*PrivateServiceSpec) DeepCopy ¶
func (in *PrivateServiceSpec) DeepCopy() *PrivateServiceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceSpec.
func (*PrivateServiceSpec) DeepCopyInto ¶
func (in *PrivateServiceSpec) DeepCopyInto(out *PrivateServiceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrivateServiceStatus ¶
type PrivateServiceStatus struct {
// Network is the CIDR that was created for this private service.
// +kubebuilder:validation:Optional
Network string `json:"network,omitempty"`
// ServiceIP is the ClusterIP of the referenced Service.
// +kubebuilder:validation:Optional
ServiceIP string `json:"serviceIP,omitempty"`
// TunnelID is the Cloudflare Tunnel ID this service routes through.
// +kubebuilder:validation:Optional
TunnelID string `json:"tunnelId,omitempty"`
// TunnelName is the name of the Tunnel in Cloudflare.
// +kubebuilder:validation:Optional
TunnelName string `json:"tunnelName,omitempty"`
// VirtualNetworkID is the Cloudflare Virtual Network ID.
// +kubebuilder:validation:Optional
VirtualNetworkID string `json:"virtualNetworkId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// State indicates the current state of the private service.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations of the PrivateService's state.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed by the controller.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
PrivateServiceStatus defines the observed state of PrivateService
func (*PrivateServiceStatus) DeepCopy ¶
func (in *PrivateServiceStatus) DeepCopy() *PrivateServiceStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceStatus.
func (*PrivateServiceStatus) DeepCopyInto ¶
func (in *PrivateServiceStatus) DeepCopyInto(out *PrivateServiceStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProtocolDetectionSettings ¶
type ProtocolDetectionSettings struct {
Enabled bool `json:"enabled"`
}
ProtocolDetectionSettings for protocol detection.
func (*ProtocolDetectionSettings) DeepCopy ¶
func (in *ProtocolDetectionSettings) DeepCopy() *ProtocolDetectionSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProtocolDetectionSettings.
func (*ProtocolDetectionSettings) DeepCopyInto ¶
func (in *ProtocolDetectionSettings) DeepCopyInto(out *ProtocolDetectionSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProtocolType ¶ added in v0.21.4
type ProtocolType string
ProtocolType defines the backend protocol type +kubebuilder:validation:Enum=http;https;tcp;udp;ssh;rdp;smb;bastion;wss;ws
const ( ProtocolHTTP ProtocolType = "http" ProtocolHTTPS ProtocolType = "https" ProtocolTCP ProtocolType = "tcp" ProtocolUDP ProtocolType = "udp" ProtocolSSH ProtocolType = "ssh" ProtocolRDP ProtocolType = "rdp" ProtocolSMB ProtocolType = "smb" ProtocolBastion ProtocolType = "bastion" ProtocolWSS ProtocolType = "wss" ProtocolWS ProtocolType = "ws" )
type QuarantineSettings ¶ added in v0.21.1
type QuarantineSettings struct {
// FileTypes to quarantine.
// +kubebuilder:validation:Optional
FileTypes []string `json:"fileTypes,omitempty"`
}
QuarantineSettings for quarantine action.
func (*QuarantineSettings) DeepCopy ¶ added in v0.21.1
func (in *QuarantineSettings) DeepCopy() *QuarantineSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuarantineSettings.
func (*QuarantineSettings) DeepCopyInto ¶ added in v0.21.1
func (in *QuarantineSettings) DeepCopyInto(out *QuarantineSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2Bucket ¶ added in v0.20.0
type R2Bucket struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec R2BucketSpec `json:"spec,omitempty"`
Status R2BucketStatus `json:"status,omitempty"`
}
R2Bucket manages a Cloudflare R2 storage bucket. R2 is Cloudflare's S3-compatible object storage service.
The controller creates and manages R2 buckets in your Cloudflare account.
func (*R2Bucket) DeepCopy ¶ added in v0.20.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2Bucket.
func (*R2Bucket) DeepCopyInto ¶ added in v0.20.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2Bucket) DeepCopyObject ¶ added in v0.20.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketDomain ¶ added in v0.20.0
type R2BucketDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec R2BucketDomainSpec `json:"spec,omitempty"`
Status R2BucketDomainStatus `json:"status,omitempty"`
}
R2BucketDomain is the Schema for the r2bucketdomains API It configures a custom domain for an R2 storage bucket
func (*R2BucketDomain) DeepCopy ¶ added in v0.20.0
func (in *R2BucketDomain) DeepCopy() *R2BucketDomain
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomain.
func (*R2BucketDomain) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketDomain) DeepCopyInto(out *R2BucketDomain)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2BucketDomain) DeepCopyObject ¶ added in v0.20.0
func (in *R2BucketDomain) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketDomainList ¶ added in v0.20.0
type R2BucketDomainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []R2BucketDomain `json:"items"`
}
R2BucketDomainList contains a list of R2BucketDomain
func (*R2BucketDomainList) DeepCopy ¶ added in v0.20.0
func (in *R2BucketDomainList) DeepCopy() *R2BucketDomainList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainList.
func (*R2BucketDomainList) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketDomainList) DeepCopyInto(out *R2BucketDomainList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2BucketDomainList) DeepCopyObject ¶ added in v0.20.0
func (in *R2BucketDomainList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketDomainMinTLS ¶ added in v0.20.0
type R2BucketDomainMinTLS string
R2BucketDomainMinTLS represents the minimum TLS version +kubebuilder:validation:Enum="1.0";"1.1";"1.2";"1.3"
const ( // R2BucketDomainMinTLS10 is TLS 1.0 R2BucketDomainMinTLS10 R2BucketDomainMinTLS = "1.0" // R2BucketDomainMinTLS11 is TLS 1.1 R2BucketDomainMinTLS11 R2BucketDomainMinTLS = "1.1" // R2BucketDomainMinTLS12 is TLS 1.2 R2BucketDomainMinTLS12 R2BucketDomainMinTLS = "1.2" // R2BucketDomainMinTLS13 is TLS 1.3 R2BucketDomainMinTLS13 R2BucketDomainMinTLS = "1.3" )
type R2BucketDomainSpec ¶ added in v0.20.0
type R2BucketDomainSpec struct {
// BucketName is the name of the R2 bucket to attach the domain to
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=3
BucketName string `json:"bucketName"`
// Domain is the custom domain name to attach to the bucket
// The domain must belong to a zone in the same Cloudflare account
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$`
Domain string `json:"domain"`
// ZoneID is the Cloudflare zone ID for the domain
// If not specified, it will be looked up automatically
// +kubebuilder:validation:Optional
ZoneID string `json:"zoneId,omitempty"`
// MinTLS sets the minimum TLS version for the custom domain
// +kubebuilder:validation:Optional
// +kubebuilder:default="1.2"
MinTLS R2BucketDomainMinTLS `json:"minTls,omitempty"`
// EnablePublicAccess enables public access to the bucket via this domain
// When true, the bucket contents can be accessed without authentication
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
EnablePublicAccess bool `json:"enablePublicAccess,omitempty"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
R2BucketDomainSpec defines the desired state of R2BucketDomain
func (*R2BucketDomainSpec) DeepCopy ¶ added in v0.20.0
func (in *R2BucketDomainSpec) DeepCopy() *R2BucketDomainSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainSpec.
func (*R2BucketDomainSpec) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketDomainSpec) DeepCopyInto(out *R2BucketDomainSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2BucketDomainState ¶ added in v0.20.0
type R2BucketDomainState string
R2BucketDomainState represents the state of the R2 bucket domain +kubebuilder:validation:Enum=Pending;Initializing;Active;Error
const ( // R2BucketDomainStatePending means the domain is waiting to be configured R2BucketDomainStatePending R2BucketDomainState = "Pending" // R2BucketDomainStateInitializing means the domain is being configured R2BucketDomainStateInitializing R2BucketDomainState = "Initializing" // R2BucketDomainStateActive means the domain is active and serving content R2BucketDomainStateActive R2BucketDomainState = "Active" // R2BucketDomainStateError means there was an error configuring the domain R2BucketDomainStateError R2BucketDomainState = "Error" )
type R2BucketDomainStatus ¶ added in v0.20.0
type R2BucketDomainStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the domain
// +optional
State R2BucketDomainState `json:"state,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
// DomainID is the Cloudflare domain configuration ID
// +optional
DomainID string `json:"domainId,omitempty"`
// ZoneID is the resolved zone ID for the domain
// +optional
ZoneID string `json:"zoneId,omitempty"`
// Enabled indicates if the domain is enabled
// +optional
Enabled bool `json:"enabled,omitempty"`
// MinTLS is the configured minimum TLS version
// +optional
MinTLS string `json:"minTls,omitempty"`
// PublicAccessEnabled indicates if public access is enabled
// +optional
PublicAccessEnabled bool `json:"publicAccessEnabled,omitempty"`
// URL is the full URL to access the bucket via this domain
// +optional
URL string `json:"url,omitempty"`
}
R2BucketDomainStatus defines the observed state of R2BucketDomain
func (*R2BucketDomainStatus) DeepCopy ¶ added in v0.20.0
func (in *R2BucketDomainStatus) DeepCopy() *R2BucketDomainStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketDomainStatus.
func (*R2BucketDomainStatus) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketDomainStatus) DeepCopyInto(out *R2BucketDomainStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2BucketList ¶ added in v0.20.0
type R2BucketList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []R2Bucket `json:"items"`
}
R2BucketList contains a list of R2Bucket
func (*R2BucketList) DeepCopy ¶ added in v0.20.0
func (in *R2BucketList) DeepCopy() *R2BucketList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketList.
func (*R2BucketList) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketList) DeepCopyInto(out *R2BucketList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2BucketList) DeepCopyObject ¶ added in v0.20.0
func (in *R2BucketList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketNotification ¶ added in v0.20.0
type R2BucketNotification struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec R2BucketNotificationSpec `json:"spec,omitempty"`
Status R2BucketNotificationStatus `json:"status,omitempty"`
}
R2BucketNotification configures event notifications for an R2 bucket. Events are sent to a Cloudflare Queue when objects are created or deleted.
func (*R2BucketNotification) DeepCopy ¶ added in v0.20.0
func (in *R2BucketNotification) DeepCopy() *R2BucketNotification
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotification.
func (*R2BucketNotification) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketNotification) DeepCopyInto(out *R2BucketNotification)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2BucketNotification) DeepCopyObject ¶ added in v0.20.0
func (in *R2BucketNotification) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketNotificationList ¶ added in v0.20.0
type R2BucketNotificationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []R2BucketNotification `json:"items"`
}
R2BucketNotificationList contains a list of R2BucketNotification
func (*R2BucketNotificationList) DeepCopy ¶ added in v0.20.0
func (in *R2BucketNotificationList) DeepCopy() *R2BucketNotificationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationList.
func (*R2BucketNotificationList) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketNotificationList) DeepCopyInto(out *R2BucketNotificationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*R2BucketNotificationList) DeepCopyObject ¶ added in v0.20.0
func (in *R2BucketNotificationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type R2BucketNotificationSpec ¶ added in v0.20.0
type R2BucketNotificationSpec struct {
// BucketName is the name of the R2 bucket to configure notifications for
// +kubebuilder:validation:Required
BucketName string `json:"bucketName"`
// QueueName is the name of the Cloudflare Queue to send notifications to
// +kubebuilder:validation:Required
QueueName string `json:"queueName"`
// Rules defines the notification rules
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Rules []R2NotificationRule `json:"rules"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
R2BucketNotificationSpec defines the desired state of R2BucketNotification
func (*R2BucketNotificationSpec) DeepCopy ¶ added in v0.20.0
func (in *R2BucketNotificationSpec) DeepCopy() *R2BucketNotificationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationSpec.
func (*R2BucketNotificationSpec) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketNotificationSpec) DeepCopyInto(out *R2BucketNotificationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2BucketNotificationStatus ¶ added in v0.20.0
type R2BucketNotificationStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the notification
// +optional
State R2NotificationState `json:"state,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
// QueueID is the Cloudflare Queue ID
// +optional
QueueID string `json:"queueId,omitempty"`
// RuleCount is the number of notification rules configured
// +optional
RuleCount int `json:"ruleCount,omitempty"`
}
R2BucketNotificationStatus defines the observed state of R2BucketNotification
func (*R2BucketNotificationStatus) DeepCopy ¶ added in v0.20.0
func (in *R2BucketNotificationStatus) DeepCopy() *R2BucketNotificationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketNotificationStatus.
func (*R2BucketNotificationStatus) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketNotificationStatus) DeepCopyInto(out *R2BucketNotificationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2BucketSpec ¶ added in v0.20.0
type R2BucketSpec struct {
// Name is the name of the R2 bucket in Cloudflare
// If not specified, defaults to the Kubernetes resource name
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$`
Name string `json:"name,omitempty"`
// LocationHint specifies the preferred location for the bucket
// Cloudflare will attempt to place the bucket in this location,
// but may use a different location if unavailable
// +kubebuilder:validation:Optional
LocationHint R2LocationHint `json:"locationHint,omitempty"`
// CORS defines the Cross-Origin Resource Sharing rules for the bucket
// +kubebuilder:validation:Optional
CORS []R2CORSRule `json:"cors,omitempty"`
// Lifecycle defines the object lifecycle rules for the bucket
// +kubebuilder:validation:Optional
Lifecycle []R2LifecycleRule `json:"lifecycle,omitempty"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
// DeletionPolicy specifies what happens when the Kubernetes resource is deleted
// Delete: The R2 bucket will be deleted from Cloudflare
// Orphan: The R2 bucket will be left in Cloudflare
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=Delete;Orphan
// +kubebuilder:default=Delete
DeletionPolicy string `json:"deletionPolicy,omitempty"`
}
R2BucketSpec defines the desired state of R2Bucket
func (*R2BucketSpec) DeepCopy ¶ added in v0.20.0
func (in *R2BucketSpec) DeepCopy() *R2BucketSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketSpec.
func (*R2BucketSpec) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketSpec) DeepCopyInto(out *R2BucketSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2BucketState ¶ added in v0.20.0
type R2BucketState string
R2BucketState represents the state of the R2 bucket +kubebuilder:validation:Enum=Pending;Creating;Ready;Deleting;Error
const ( // R2BucketStatePending means the bucket is waiting to be created R2BucketStatePending R2BucketState = "Pending" // R2BucketStateCreating means the bucket is being created R2BucketStateCreating R2BucketState = "Creating" // R2BucketStateReady means the bucket is created and ready R2BucketStateReady R2BucketState = "Ready" // R2BucketStateDeleting means the bucket is being deleted R2BucketStateDeleting R2BucketState = "Deleting" // R2BucketStateError means there was an error with the bucket R2BucketStateError R2BucketState = "Error" )
type R2BucketStatus ¶ added in v0.20.0
type R2BucketStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the bucket
// +optional
State R2BucketState `json:"state,omitempty"`
// BucketName is the actual name of the bucket in Cloudflare
// +optional
BucketName string `json:"bucketName,omitempty"`
// Location is the actual location where the bucket was created
// +optional
Location string `json:"location,omitempty"`
// CreatedAt is the time the bucket was created in Cloudflare
// +optional
CreatedAt *metav1.Time `json:"createdAt,omitempty"`
// CORSRulesCount is the number of CORS rules configured
// +optional
CORSRulesCount int `json:"corsRulesCount,omitempty"`
// LifecycleRulesCount is the number of lifecycle rules configured
// +optional
LifecycleRulesCount int `json:"lifecycleRulesCount,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
R2BucketStatus defines the observed state of R2Bucket
func (*R2BucketStatus) DeepCopy ¶ added in v0.20.0
func (in *R2BucketStatus) DeepCopy() *R2BucketStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2BucketStatus.
func (*R2BucketStatus) DeepCopyInto ¶ added in v0.20.0
func (in *R2BucketStatus) DeepCopyInto(out *R2BucketStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2CORSRule ¶ added in v0.20.0
type R2CORSRule struct {
// ID is an optional identifier for the rule
// +kubebuilder:validation:Optional
ID string `json:"id,omitempty"`
// AllowedOrigins is a list of origins that are allowed
// Use "*" to allow all origins
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
AllowedOrigins []string `json:"allowedOrigins"`
// AllowedMethods is a list of HTTP methods that are allowed
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
AllowedMethods []string `json:"allowedMethods"`
// AllowedHeaders is a list of headers that are allowed in requests
// +kubebuilder:validation:Optional
AllowedHeaders []string `json:"allowedHeaders,omitempty"`
// ExposeHeaders is a list of headers that can be exposed to the browser
// +kubebuilder:validation:Optional
ExposeHeaders []string `json:"exposeHeaders,omitempty"`
// MaxAgeSeconds is the number of seconds the browser can cache the preflight response
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
MaxAgeSeconds *int `json:"maxAgeSeconds,omitempty"`
}
R2CORSRule defines a CORS rule for the bucket
func (*R2CORSRule) DeepCopy ¶ added in v0.20.0
func (in *R2CORSRule) DeepCopy() *R2CORSRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2CORSRule.
func (*R2CORSRule) DeepCopyInto ¶ added in v0.20.0
func (in *R2CORSRule) DeepCopyInto(out *R2CORSRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2EventType ¶ added in v0.20.0
type R2EventType string
R2EventType represents the type of R2 event to notify on +kubebuilder:validation:Enum=object-create;object-delete
const ( // R2EventTypeObjectCreate triggers on object creation R2EventTypeObjectCreate R2EventType = "object-create" // R2EventTypeObjectDelete triggers on object deletion R2EventTypeObjectDelete R2EventType = "object-delete" )
type R2LifecycleAbortUpload ¶ added in v0.20.0
type R2LifecycleAbortUpload struct {
// DaysAfterInitiation is the number of days after which incomplete uploads are aborted
// +kubebuilder:validation:Required
// +kubebuilder:validation:Minimum=1
DaysAfterInitiation int `json:"daysAfterInitiation"`
}
R2LifecycleAbortUpload defines abort incomplete upload settings
func (*R2LifecycleAbortUpload) DeepCopy ¶ added in v0.20.0
func (in *R2LifecycleAbortUpload) DeepCopy() *R2LifecycleAbortUpload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleAbortUpload.
func (*R2LifecycleAbortUpload) DeepCopyInto ¶ added in v0.20.0
func (in *R2LifecycleAbortUpload) DeepCopyInto(out *R2LifecycleAbortUpload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2LifecycleExpiration ¶ added in v0.20.0
type R2LifecycleExpiration struct {
// Days is the number of days after object creation when the object expires
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
Days *int `json:"days,omitempty"`
// Date is the specific date when objects expire (ISO 8601 format)
// +kubebuilder:validation:Optional
Date string `json:"date,omitempty"`
}
R2LifecycleExpiration defines expiration settings
func (*R2LifecycleExpiration) DeepCopy ¶ added in v0.20.0
func (in *R2LifecycleExpiration) DeepCopy() *R2LifecycleExpiration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleExpiration.
func (*R2LifecycleExpiration) DeepCopyInto ¶ added in v0.20.0
func (in *R2LifecycleExpiration) DeepCopyInto(out *R2LifecycleExpiration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2LifecycleRule ¶ added in v0.20.0
type R2LifecycleRule struct {
// ID is a unique identifier for the rule
// +kubebuilder:validation:Required
ID string `json:"id"`
// Enabled indicates if this rule is active
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// Prefix limits the rule to objects with this key prefix
// +kubebuilder:validation:Optional
Prefix string `json:"prefix,omitempty"`
// Expiration defines when objects should be deleted
// +kubebuilder:validation:Optional
Expiration *R2LifecycleExpiration `json:"expiration,omitempty"`
// AbortIncompleteMultipartUpload defines when to abort incomplete multipart uploads
// +kubebuilder:validation:Optional
AbortIncompleteMultipartUpload *R2LifecycleAbortUpload `json:"abortIncompleteMultipartUpload,omitempty"`
}
R2LifecycleRule defines a lifecycle rule for the bucket
func (*R2LifecycleRule) DeepCopy ¶ added in v0.20.0
func (in *R2LifecycleRule) DeepCopy() *R2LifecycleRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2LifecycleRule.
func (*R2LifecycleRule) DeepCopyInto ¶ added in v0.20.0
func (in *R2LifecycleRule) DeepCopyInto(out *R2LifecycleRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2LocationHint ¶ added in v0.20.0
type R2LocationHint string
R2LocationHint specifies the location hint for the bucket +kubebuilder:validation:Enum=apac;eeur;enam;weur;wnam
const ( // R2LocationAPAC is Asia-Pacific R2LocationAPAC R2LocationHint = "apac" // R2LocationEEUR is Eastern Europe R2LocationEEUR R2LocationHint = "eeur" // R2LocationENAM is Eastern North America R2LocationENAM R2LocationHint = "enam" // R2LocationWEUR is Western Europe R2LocationWEUR R2LocationHint = "weur" // R2LocationWNAM is Western North America R2LocationWNAM R2LocationHint = "wnam" )
type R2NotificationRule ¶ added in v0.20.0
type R2NotificationRule struct {
// EventTypes is the list of event types to notify on
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
EventTypes []R2EventType `json:"eventTypes"`
// Prefix filters events to objects with keys starting with this prefix
// +kubebuilder:validation:Optional
Prefix string `json:"prefix,omitempty"`
// Suffix filters events to objects with keys ending with this suffix
// +kubebuilder:validation:Optional
Suffix string `json:"suffix,omitempty"`
// Description is a human-readable description of this rule
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
}
R2NotificationRule defines a notification rule
func (*R2NotificationRule) DeepCopy ¶ added in v0.20.0
func (in *R2NotificationRule) DeepCopy() *R2NotificationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new R2NotificationRule.
func (*R2NotificationRule) DeepCopyInto ¶ added in v0.20.0
func (in *R2NotificationRule) DeepCopyInto(out *R2NotificationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type R2NotificationState ¶ added in v0.20.0
type R2NotificationState string
R2NotificationState represents the state of the notification rule +kubebuilder:validation:Enum=Pending;Active;Error
const ( // R2NotificationStatePending means the notification is waiting to be configured R2NotificationStatePending R2NotificationState = "Pending" // R2NotificationStateActive means the notification is active R2NotificationStateActive R2NotificationState = "Active" // R2NotificationStateError means there was an error configuring the notification R2NotificationStateError R2NotificationState = "Error" )
type RedirectRule ¶ added in v0.20.0
type RedirectRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec RedirectRuleSpec `json:"spec,omitempty"`
Status RedirectRuleStatus `json:"status,omitempty"`
}
RedirectRule manages Cloudflare Redirect Rules (Single Redirects). Redirect Rules allow you to create URL redirects with static or dynamic targets.
Two syntaxes are supported: - Rules: Expression-based rules for complex redirect logic - WildcardRules: Wildcard pattern rules for simpler use cases
This is a simplified interface over ZoneRuleset for redirect use cases.
func (*RedirectRule) DeepCopy ¶ added in v0.20.0
func (in *RedirectRule) DeepCopy() *RedirectRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRule.
func (*RedirectRule) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectRule) DeepCopyInto(out *RedirectRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RedirectRule) DeepCopyObject ¶ added in v0.20.0
func (in *RedirectRule) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RedirectRuleDefinition ¶ added in v0.20.0
type RedirectRuleDefinition struct {
// Name is a human-readable name for the rule
// +kubebuilder:validation:Required
Name string `json:"name"`
// Expression is the filter expression (Cloudflare Rules language)
// Example: (http.request.uri.path eq "/old-path")
// +kubebuilder:validation:Required
Expression string `json:"expression"`
// Enabled controls whether the rule is active
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// Target defines where to redirect
// +kubebuilder:validation:Required
Target RedirectTarget `json:"target"`
// StatusCode is the HTTP redirect status code
// +kubebuilder:validation:Optional
// +kubebuilder:default=302
StatusCode RedirectStatusCode `json:"statusCode,omitempty"`
// PreserveQueryString keeps the original query string in the redirect
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
PreserveQueryString bool `json:"preserveQueryString,omitempty"`
}
RedirectRuleDefinition defines a single redirect rule
func (*RedirectRuleDefinition) DeepCopy ¶ added in v0.20.0
func (in *RedirectRuleDefinition) DeepCopy() *RedirectRuleDefinition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleDefinition.
func (*RedirectRuleDefinition) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectRuleDefinition) DeepCopyInto(out *RedirectRuleDefinition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RedirectRuleList ¶ added in v0.20.0
type RedirectRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []RedirectRule `json:"items"`
}
RedirectRuleList contains a list of RedirectRule
func (*RedirectRuleList) DeepCopy ¶ added in v0.20.0
func (in *RedirectRuleList) DeepCopy() *RedirectRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleList.
func (*RedirectRuleList) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectRuleList) DeepCopyInto(out *RedirectRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RedirectRuleList) DeepCopyObject ¶ added in v0.20.0
func (in *RedirectRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RedirectRuleSpec ¶ added in v0.20.0
type RedirectRuleSpec struct {
// Zone is the zone name (domain) to apply rules to
// +kubebuilder:validation:Required
Zone string `json:"zone"`
// Description is a human-readable description of the redirect rules
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
// Rules are expression-based redirect rules
// Use this for complex redirect logic
// +kubebuilder:validation:Optional
Rules []RedirectRuleDefinition `json:"rules,omitempty"`
// WildcardRules are wildcard-based redirect rules
// Use this for simpler pattern-based redirects
// +kubebuilder:validation:Optional
WildcardRules []WildcardRedirectRule `json:"wildcardRules,omitempty"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
RedirectRuleSpec defines the desired state of RedirectRule
func (*RedirectRuleSpec) DeepCopy ¶ added in v0.20.0
func (in *RedirectRuleSpec) DeepCopy() *RedirectRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleSpec.
func (*RedirectRuleSpec) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectRuleSpec) DeepCopyInto(out *RedirectRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RedirectRuleState ¶ added in v0.20.0
type RedirectRuleState string
RedirectRuleState represents the state of the redirect rule +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error
const ( // RedirectRuleStatePending means the rule is waiting to be synced RedirectRuleStatePending RedirectRuleState = "Pending" // RedirectRuleStateSyncing means the rule is being synced RedirectRuleStateSyncing RedirectRuleState = "Syncing" // RedirectRuleStateReady means the rule is synced and ready RedirectRuleStateReady RedirectRuleState = "Ready" // RedirectRuleStateError means there was an error with the rule RedirectRuleStateError RedirectRuleState = "Error" )
type RedirectRuleStatus ¶ added in v0.20.0
type RedirectRuleStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the rule
// +optional
State RedirectRuleState `json:"state,omitempty"`
// RulesetID is the Cloudflare ruleset ID
// +optional
RulesetID string `json:"rulesetId,omitempty"`
// ZoneID is the Cloudflare zone ID
// +optional
ZoneID string `json:"zoneId,omitempty"`
// RuleCount is the total number of redirect rules
// +optional
RuleCount int `json:"ruleCount,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
RedirectRuleStatus defines the observed state of RedirectRule
func (*RedirectRuleStatus) DeepCopy ¶ added in v0.20.0
func (in *RedirectRuleStatus) DeepCopy() *RedirectRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectRuleStatus.
func (*RedirectRuleStatus) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectRuleStatus) DeepCopyInto(out *RedirectRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RedirectStatusCode ¶ added in v0.20.0
type RedirectStatusCode int
RedirectStatusCode represents valid HTTP redirect status codes +kubebuilder:validation:Enum=301;302;307;308
const ( // RedirectStatusMovedPermanently (301) - Permanent redirect RedirectStatusMovedPermanently RedirectStatusCode = 301 // RedirectStatusFound (302) - Temporary redirect (commonly used) RedirectStatusFound RedirectStatusCode = 302 // RedirectStatusTemporaryRedirect (307) - Temporary redirect, preserve method RedirectStatusTemporaryRedirect RedirectStatusCode = 307 // RedirectStatusPermanentRedirect (308) - Permanent redirect, preserve method RedirectStatusPermanentRedirect RedirectStatusCode = 308 )
type RedirectTarget ¶ added in v0.20.0
type RedirectTarget struct {
// URL is a static target URL
// Example: https://example.com/new-path
// +kubebuilder:validation:Optional
URL string `json:"url,omitempty"`
// Expression is a dynamic expression for the target URL
// Example: concat("https://", http.host, "/new", http.request.uri.path)
// +kubebuilder:validation:Optional
Expression string `json:"expression,omitempty"`
}
RedirectTarget defines the redirect destination
func (*RedirectTarget) DeepCopy ¶ added in v0.20.0
func (in *RedirectTarget) DeepCopy() *RedirectTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedirectTarget.
func (*RedirectTarget) DeepCopyInto ¶ added in v0.20.0
func (in *RedirectTarget) DeepCopyInto(out *RedirectTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RefreshTokenOptions ¶ added in v0.21.1
type RefreshTokenOptions struct {
// Lifetime is the lifetime of the refresh token.
// +kubebuilder:validation:Optional
Lifetime string `json:"lifetime,omitempty"`
}
RefreshTokenOptions configures refresh token behavior.
func (*RefreshTokenOptions) DeepCopy ¶ added in v0.21.1
func (in *RefreshTokenOptions) DeepCopy() *RefreshTokenOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RefreshTokenOptions.
func (*RefreshTokenOptions) DeepCopyInto ¶ added in v0.21.1
func (in *RefreshTokenOptions) DeepCopyInto(out *RefreshTokenOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistrantContact ¶ added in v0.20.0
type RegistrantContact struct {
// FirstName is the registrant's first name
// +kubebuilder:validation:Required
FirstName string `json:"firstName"`
// LastName is the registrant's last name
// +kubebuilder:validation:Required
LastName string `json:"lastName"`
// Organization is the registrant's organization (optional)
// +kubebuilder:validation:Optional
Organization string `json:"organization,omitempty"`
// Address is the street address
// +kubebuilder:validation:Required
Address string `json:"address"`
// Address2 is the secondary address line (optional)
// +kubebuilder:validation:Optional
Address2 string `json:"address2,omitempty"`
// City is the city
// +kubebuilder:validation:Required
City string `json:"city"`
// State is the state/province
// +kubebuilder:validation:Required
State string `json:"state"`
// Zip is the postal/zip code
// +kubebuilder:validation:Required
Zip string `json:"zip"`
// Country is the two-letter country code (ISO 3166-1 alpha-2)
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^[A-Z]{2}$`
Country string `json:"country"`
// Phone is the phone number in E.164 format
// +kubebuilder:validation:Required
Phone string `json:"phone"`
// Email is the contact email address
// +kubebuilder:validation:Required
Email string `json:"email"`
// Fax is the fax number (optional)
// +kubebuilder:validation:Optional
Fax string `json:"fax,omitempty"`
}
RegistrantContact contains the registrant contact information
func (*RegistrantContact) DeepCopy ¶ added in v0.20.0
func (in *RegistrantContact) DeepCopy() *RegistrantContact
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrantContact.
func (*RegistrantContact) DeepCopyInto ¶ added in v0.20.0
func (in *RegistrantContact) DeepCopyInto(out *RegistrantContact)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RenewalConfig ¶ added in v0.20.0
type RenewalConfig struct {
// Enabled enables automatic renewal
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// RenewBeforeDays specifies how many days before expiration to renew
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=365
// +kubebuilder:default=30
RenewBeforeDays int `json:"renewBeforeDays,omitempty"`
}
RenewalConfig configures automatic certificate renewal
func (*RenewalConfig) DeepCopy ¶ added in v0.20.0
func (in *RenewalConfig) DeepCopy() *RenewalConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RenewalConfig.
func (*RenewalConfig) DeepCopyInto ¶ added in v0.20.0
func (in *RenewalConfig) DeepCopyInto(out *RenewalConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResolveDNSInternallySettings ¶ added in v0.21.1
type ResolveDNSInternallySettings struct {
// ViewID is the DNS view ID for internal resolution.
// +kubebuilder:validation:Optional
ViewID string `json:"viewId,omitempty"`
// Fallback determines behavior when internal resolution fails.
// +kubebuilder:validation:Optional
Fallback *bool `json:"fallback,omitempty"`
}
ResolveDNSInternallySettings for internal DNS resolution.
func (*ResolveDNSInternallySettings) DeepCopy ¶ added in v0.21.1
func (in *ResolveDNSInternallySettings) DeepCopy() *ResolveDNSInternallySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolveDNSInternallySettings.
func (*ResolveDNSInternallySettings) DeepCopyInto ¶ added in v0.21.1
func (in *ResolveDNSInternallySettings) DeepCopyInto(out *ResolveDNSInternallySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResolvedPolicyStatus ¶ added in v0.18.0
type ResolvedPolicyStatus struct {
// Precedence is the policy precedence (order of evaluation).
Precedence int `json:"precedence"`
// PolicyID is the Cloudflare policy ID.
// +kubebuilder:validation:Optional
PolicyID string `json:"policyId,omitempty"`
// GroupID is the resolved Cloudflare Access Group ID.
// +kubebuilder:validation:Optional
GroupID string `json:"groupId,omitempty"`
// GroupName is the name of the Access Group (for display purposes).
// +kubebuilder:validation:Optional
GroupName string `json:"groupName,omitempty"`
// Source indicates how the group was resolved.
// Possible values: k8s, groupId, cloudflareGroupName
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=k8s;groupId;cloudflareGroupName
Source string `json:"source,omitempty"`
// Decision is the policy decision (allow, deny, bypass, non_identity).
// +kubebuilder:validation:Optional
Decision string `json:"decision,omitempty"`
}
ResolvedPolicyStatus contains resolved policy information for debugging and status tracking.
func (*ResolvedPolicyStatus) DeepCopy ¶ added in v0.18.0
func (in *ResolvedPolicyStatus) DeepCopy() *ResolvedPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolvedPolicyStatus.
func (*ResolvedPolicyStatus) DeepCopyInto ¶ added in v0.18.0
func (in *ResolvedPolicyStatus) DeepCopyInto(out *ResolvedPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceRequirements ¶
type ResourceRequirements struct {
// Limits describes max allowed resources.
// +kubebuilder:validation:Optional
Limits map[string]string `json:"limits,omitempty"`
// Requests describes minimum required resources.
// +kubebuilder:validation:Optional
Requests map[string]string `json:"requests,omitempty"`
}
ResourceRequirements describes compute resources.
func (*ResourceRequirements) DeepCopy ¶
func (in *ResourceRequirements) DeepCopy() *ResourceRequirements
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.
func (*ResourceRequirements) DeepCopyInto ¶
func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RewriteValue ¶ added in v0.20.0
type RewriteValue struct {
// Static is a literal value
// +kubebuilder:validation:Optional
Static string `json:"static,omitempty"`
// Expression is a dynamic expression using Cloudflare Rules language
// Example: concat("/api/v2", http.request.uri.path)
// +kubebuilder:validation:Optional
Expression string `json:"expression,omitempty"`
}
RewriteValue defines a rewrite value (static or dynamic)
func (*RewriteValue) DeepCopy ¶ added in v0.20.0
func (in *RewriteValue) DeepCopy() *RewriteValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RewriteValue.
func (*RewriteValue) DeepCopyInto ¶ added in v0.20.0
func (in *RewriteValue) DeepCopyInto(out *RewriteValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCacheKey ¶ added in v0.20.0
type RulesetCacheKey struct {
// IgnoreQueryStringsOrder ignores query string order
// +kubebuilder:validation:Optional
IgnoreQueryStringsOrder *bool `json:"ignoreQueryStringsOrder,omitempty"`
// CacheDeceptionArmor enables cache deception armor
// +kubebuilder:validation:Optional
CacheDeceptionArmor *bool `json:"cacheDeceptionArmor,omitempty"`
// QueryString customizes query string handling
// +kubebuilder:validation:Optional
QueryString *RulesetQueryStringCacheKey `json:"queryString,omitempty"`
// Header customizes header-based cache key
// +kubebuilder:validation:Optional
Header *RulesetHeaderCacheKey `json:"header,omitempty"`
// Cookie customizes cookie-based cache key
// +kubebuilder:validation:Optional
Cookie *RulesetCookieCacheKey `json:"cookie,omitempty"`
// User customizes user-based cache key
// +kubebuilder:validation:Optional
User *RulesetUserCacheKey `json:"user,omitempty"`
// Host customizes host-based cache key
// +kubebuilder:validation:Optional
Host *RulesetHostCacheKey `json:"host,omitempty"`
}
RulesetCacheKey defines cache key customization
func (*RulesetCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetCacheKey) DeepCopy() *RulesetCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheKey.
func (*RulesetCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCacheKey) DeepCopyInto(out *RulesetCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCacheSettings ¶ added in v0.20.0
type RulesetCacheSettings struct {
// Cache enables or disables caching
// +kubebuilder:validation:Optional
Cache *bool `json:"cache,omitempty"`
// EdgeTTL sets the edge cache TTL
// +kubebuilder:validation:Optional
EdgeTTL *RulesetCacheTTL `json:"edgeTtl,omitempty"`
// BrowserTTL sets the browser cache TTL
// +kubebuilder:validation:Optional
BrowserTTL *RulesetCacheTTL `json:"browserTtl,omitempty"`
// CacheKey customizes the cache key
// +kubebuilder:validation:Optional
CacheKey *RulesetCacheKey `json:"cacheKey,omitempty"`
// RespectStrongETags respects strong ETags
// +kubebuilder:validation:Optional
RespectStrongETags *bool `json:"respectStrongEtags,omitempty"`
// OriginErrorPagePassthru passes through origin error pages
// +kubebuilder:validation:Optional
OriginErrorPagePassthru *bool `json:"originErrorPagePassthru,omitempty"`
}
RulesetCacheSettings defines cache settings
func (*RulesetCacheSettings) DeepCopy ¶ added in v0.20.0
func (in *RulesetCacheSettings) DeepCopy() *RulesetCacheSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheSettings.
func (*RulesetCacheSettings) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCacheSettings) DeepCopyInto(out *RulesetCacheSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCacheTTL ¶ added in v0.20.0
type RulesetCacheTTL struct {
// Mode is the TTL mode (respect_origin, bypass_by_default, override_origin)
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=respect_origin;bypass_by_default;override_origin
Mode string `json:"mode,omitempty"`
// Default is the default TTL in seconds
// +kubebuilder:validation:Optional
Default *int `json:"default,omitempty"`
// StatusCodeTTL sets TTL based on status codes
// +kubebuilder:validation:Optional
StatusCodeTTL []RulesetStatusCodeTTL `json:"statusCodeTtl,omitempty"`
}
RulesetCacheTTL defines cache TTL settings
func (*RulesetCacheTTL) DeepCopy ¶ added in v0.20.0
func (in *RulesetCacheTTL) DeepCopy() *RulesetCacheTTL
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCacheTTL.
func (*RulesetCacheTTL) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCacheTTL) DeepCopyInto(out *RulesetCacheTTL)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCompressionAlgorithm ¶ added in v0.20.0
type RulesetCompressionAlgorithm struct {
// Name is the algorithm name (gzip, brotli, auto, none)
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=gzip;brotli;auto;none
Name string `json:"name"`
}
RulesetCompressionAlgorithm defines a compression algorithm
func (*RulesetCompressionAlgorithm) DeepCopy ¶ added in v0.20.0
func (in *RulesetCompressionAlgorithm) DeepCopy() *RulesetCompressionAlgorithm
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCompressionAlgorithm.
func (*RulesetCompressionAlgorithm) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCompressionAlgorithm) DeepCopyInto(out *RulesetCompressionAlgorithm)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCookieCacheKey ¶ added in v0.20.0
type RulesetCookieCacheKey struct {
// Include includes cookies
// +kubebuilder:validation:Optional
Include []string `json:"include,omitempty"`
// CheckPresence checks for cookie presence
// +kubebuilder:validation:Optional
CheckPresence []string `json:"checkPresence,omitempty"`
}
RulesetCookieCacheKey defines cookie-based cache key settings
func (*RulesetCookieCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetCookieCacheKey) DeepCopy() *RulesetCookieCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCookieCacheKey.
func (*RulesetCookieCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCookieCacheKey) DeepCopyInto(out *RulesetCookieCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetCustomResponse ¶ added in v0.20.0
type RulesetCustomResponse struct {
// StatusCode is the HTTP status code
// +kubebuilder:validation:Optional
StatusCode int `json:"statusCode,omitempty"`
// ContentType is the response content type
// +kubebuilder:validation:Optional
ContentType string `json:"contentType,omitempty"`
// Content is the response body
// +kubebuilder:validation:Optional
Content string `json:"content,omitempty"`
}
RulesetCustomResponse defines custom error response
func (*RulesetCustomResponse) DeepCopy ¶ added in v0.20.0
func (in *RulesetCustomResponse) DeepCopy() *RulesetCustomResponse
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetCustomResponse.
func (*RulesetCustomResponse) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetCustomResponse) DeepCopyInto(out *RulesetCustomResponse)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetHeaderAction ¶ added in v0.20.0
type RulesetHeaderAction struct {
// Operation is the header operation (set, add, remove)
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=set;add;remove
Operation string `json:"operation"`
// Value is the header value (for set/add operations)
// +kubebuilder:validation:Optional
Value string `json:"value,omitempty"`
// Expression is a dynamic expression for the value
// +kubebuilder:validation:Optional
Expression string `json:"expression,omitempty"`
}
RulesetHeaderAction defines a header modification action
func (*RulesetHeaderAction) DeepCopy ¶ added in v0.20.0
func (in *RulesetHeaderAction) DeepCopy() *RulesetHeaderAction
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHeaderAction.
func (*RulesetHeaderAction) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetHeaderAction) DeepCopyInto(out *RulesetHeaderAction)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetHeaderCacheKey ¶ added in v0.20.0
type RulesetHeaderCacheKey struct {
// Include includes headers
// +kubebuilder:validation:Optional
Include []string `json:"include,omitempty"`
// CheckPresence checks for header presence
// +kubebuilder:validation:Optional
CheckPresence []string `json:"checkPresence,omitempty"`
// ExcludeOrigin excludes origin headers
// +kubebuilder:validation:Optional
ExcludeOrigin *bool `json:"excludeOrigin,omitempty"`
}
RulesetHeaderCacheKey defines header-based cache key settings
func (*RulesetHeaderCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetHeaderCacheKey) DeepCopy() *RulesetHeaderCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHeaderCacheKey.
func (*RulesetHeaderCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetHeaderCacheKey) DeepCopyInto(out *RulesetHeaderCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetHostCacheKey ¶ added in v0.20.0
type RulesetHostCacheKey struct {
// Resolved uses the resolved host
// +kubebuilder:validation:Optional
Resolved *bool `json:"resolved,omitempty"`
}
RulesetHostCacheKey defines host-based cache key settings
func (*RulesetHostCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetHostCacheKey) DeepCopy() *RulesetHostCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetHostCacheKey.
func (*RulesetHostCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetHostCacheKey) DeepCopyInto(out *RulesetHostCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetOrigin ¶ added in v0.20.0
type RulesetOrigin struct {
// Host overrides the Host header
// +kubebuilder:validation:Optional
Host string `json:"host,omitempty"`
// Port overrides the port
// +kubebuilder:validation:Optional
Port int `json:"port,omitempty"`
}
RulesetOrigin defines origin override parameters
func (*RulesetOrigin) DeepCopy ¶ added in v0.20.0
func (in *RulesetOrigin) DeepCopy() *RulesetOrigin
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetOrigin.
func (*RulesetOrigin) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetOrigin) DeepCopyInto(out *RulesetOrigin)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetPhase ¶ added in v0.20.0
type RulesetPhase string
RulesetPhase represents the phase/entry point of the ruleset +kubebuilder:validation:Enum=http_request_transform;http_request_late_transform;http_request_origin;http_request_redirect;http_request_dynamic_redirect;http_request_cache_settings;http_config_settings;http_custom_errors;http_response_headers_transform;http_response_compression;http_ratelimit;http_request_firewall_custom;http_request_firewall_managed;http_response_firewall_managed
const ( // RulesetPhaseHTTPRequestTransform is for URL Rewrite Rules (transform requests) RulesetPhaseHTTPRequestTransform RulesetPhase = "http_request_transform" // RulesetPhaseHTTPRequestLateTransform is for HTTP Request Header Modification Rules RulesetPhaseHTTPRequestLateTransform RulesetPhase = "http_request_late_transform" // RulesetPhaseHTTPRequestOrigin is for Origin Rules RulesetPhaseHTTPRequestOrigin RulesetPhase = "http_request_origin" // RulesetPhaseHTTPRequestRedirect is for Single Redirects RulesetPhaseHTTPRequestRedirect RulesetPhase = "http_request_redirect" // RulesetPhaseHTTPRequestDynamicRedirect is for Dynamic Redirects / Bulk Redirects RulesetPhaseHTTPRequestDynamicRedirect RulesetPhase = "http_request_dynamic_redirect" // RulesetPhaseHTTPRequestCacheSettings is for Cache Rules RulesetPhaseHTTPRequestCacheSettings RulesetPhase = "http_request_cache_settings" // RulesetPhaseHTTPConfigSettings is for Configuration Rules RulesetPhaseHTTPConfigSettings RulesetPhase = "http_config_settings" // RulesetPhaseHTTPCustomErrors is for Custom Error Responses RulesetPhaseHTTPCustomErrors RulesetPhase = "http_custom_errors" // RulesetPhaseHTTPResponseHeadersTransform is for HTTP Response Header Modification Rules RulesetPhaseHTTPResponseHeadersTransform RulesetPhase = "http_response_headers_transform" // RulesetPhaseHTTPResponseCompression is for Compression Rules RulesetPhaseHTTPResponseCompression RulesetPhase = "http_response_compression" // RulesetPhaseHTTPRateLimit is for Rate Limiting Rules RulesetPhaseHTTPRateLimit RulesetPhase = "http_ratelimit" // RulesetPhaseHTTPRequestFirewallCustom is for Custom Firewall Rules (WAF) RulesetPhaseHTTPRequestFirewallCustom RulesetPhase = "http_request_firewall_custom" // RulesetPhaseHTTPRequestFirewallManaged is for Managed Firewall Rules (WAF) RulesetPhaseHTTPRequestFirewallManaged RulesetPhase = "http_request_firewall_managed" // RulesetPhaseHTTPResponseFirewallManaged is for Response Firewall Rules RulesetPhaseHTTPResponseFirewallManaged RulesetPhase = "http_response_firewall_managed" )
type RulesetQueryStringCacheKey ¶ added in v0.20.0
type RulesetQueryStringCacheKey struct {
// Exclude excludes query parameters
// +kubebuilder:validation:Optional
Exclude *RulesetQueryStringList `json:"exclude,omitempty"`
// Include includes query parameters
// +kubebuilder:validation:Optional
Include *RulesetQueryStringList `json:"include,omitempty"`
}
RulesetQueryStringCacheKey defines query string cache key settings
func (*RulesetQueryStringCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetQueryStringCacheKey) DeepCopy() *RulesetQueryStringCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetQueryStringCacheKey.
func (*RulesetQueryStringCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetQueryStringCacheKey) DeepCopyInto(out *RulesetQueryStringCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetQueryStringList ¶ added in v0.20.0
type RulesetQueryStringList struct {
// List is a list of query parameter names
// +kubebuilder:validation:Optional
List []string `json:"list,omitempty"`
// All includes/excludes all query parameters
// +kubebuilder:validation:Optional
All *bool `json:"all,omitempty"`
}
RulesetQueryStringList defines a list of query parameters
func (*RulesetQueryStringList) DeepCopy ¶ added in v0.20.0
func (in *RulesetQueryStringList) DeepCopy() *RulesetQueryStringList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetQueryStringList.
func (*RulesetQueryStringList) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetQueryStringList) DeepCopyInto(out *RulesetQueryStringList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetRedirect ¶ added in v0.20.0
type RulesetRedirect struct {
// SourceURL is the URL pattern to match
// +kubebuilder:validation:Optional
SourceURL string `json:"sourceUrl,omitempty"`
// TargetURL is the redirect destination
// +kubebuilder:validation:Optional
TargetURL *RulesetRewriteValue `json:"targetUrl,omitempty"`
// StatusCode is the HTTP status code (301, 302, 307, 308)
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=301;302;307;308
StatusCode int `json:"statusCode,omitempty"`
// PreserveQueryString preserves the original query string
// +kubebuilder:validation:Optional
PreserveQueryString bool `json:"preserveQueryString,omitempty"`
// IncludeSubdomains applies to subdomains
// +kubebuilder:validation:Optional
IncludeSubdomains bool `json:"includeSubdomains,omitempty"`
// SubpathMatching enables subpath matching
// +kubebuilder:validation:Optional
SubpathMatching bool `json:"subpathMatching,omitempty"`
}
RulesetRedirect defines redirect parameters
func (*RulesetRedirect) DeepCopy ¶ added in v0.20.0
func (in *RulesetRedirect) DeepCopy() *RulesetRedirect
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRedirect.
func (*RulesetRedirect) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetRedirect) DeepCopyInto(out *RulesetRedirect)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetRewriteValue ¶ added in v0.20.0
type RulesetRewriteValue struct {
// Value is a static value
// +kubebuilder:validation:Optional
Value string `json:"value,omitempty"`
// Expression is a dynamic expression
// +kubebuilder:validation:Optional
Expression string `json:"expression,omitempty"`
}
RulesetRewriteValue defines a rewrite value
func (*RulesetRewriteValue) DeepCopy ¶ added in v0.20.0
func (in *RulesetRewriteValue) DeepCopy() *RulesetRewriteValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRewriteValue.
func (*RulesetRewriteValue) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetRewriteValue) DeepCopyInto(out *RulesetRewriteValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetRule ¶ added in v0.20.0
type RulesetRule struct {
// Description is a human-readable description of the rule
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
// Expression is the filter expression (Cloudflare Rules language)
// +kubebuilder:validation:Required
Expression string `json:"expression"`
// Action is the action to take when the expression matches
// +kubebuilder:validation:Required
Action RulesetRuleAction `json:"action"`
// ActionParameters contains parameters for the action
// +kubebuilder:validation:Optional
ActionParameters *RulesetRuleActionParameters `json:"actionParameters,omitempty"`
// Enabled controls whether the rule is active
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// Ref is a reference ID for the rule (for ordering)
// +kubebuilder:validation:Optional
Ref string `json:"ref,omitempty"`
// RateLimit defines rate limiting parameters (for http_ratelimit phase)
// +kubebuilder:validation:Optional
RateLimit *RulesetRuleRateLimit `json:"rateLimit,omitempty"`
}
RulesetRule defines a single rule in the ruleset
func (*RulesetRule) DeepCopy ¶ added in v0.20.0
func (in *RulesetRule) DeepCopy() *RulesetRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRule.
func (*RulesetRule) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetRule) DeepCopyInto(out *RulesetRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetRuleAction ¶ added in v0.20.0
type RulesetRuleAction string
RulesetRuleAction represents the action to take when a rule matches +kubebuilder:validation:Enum=block;challenge;js_challenge;managed_challenge;log;skip;rewrite;redirect;route;score;execute;set_config;set_cache_settings;serve_error;compress_response
const ( // RulesetRuleActionBlock blocks the request RulesetRuleActionBlock RulesetRuleAction = "block" // RulesetRuleActionChallenge presents a CAPTCHA challenge RulesetRuleActionChallenge RulesetRuleAction = "challenge" // RulesetRuleActionJSChallenge presents a JavaScript challenge RulesetRuleActionJSChallenge RulesetRuleAction = "js_challenge" // RulesetRuleActionManagedChallenge presents a managed challenge RulesetRuleActionManagedChallenge RulesetRuleAction = "managed_challenge" // RulesetRuleActionLog logs the request RulesetRuleActionLog RulesetRuleAction = "log" // RulesetRuleActionSkip skips remaining rules RulesetRuleActionSkip RulesetRuleAction = "skip" // RulesetRuleActionRewrite rewrites the request RulesetRuleActionRewrite RulesetRuleAction = "rewrite" // RulesetRuleActionRedirect redirects the request RulesetRuleActionRedirect RulesetRuleAction = "redirect" // RulesetRuleActionRoute routes the request RulesetRuleActionRoute RulesetRuleAction = "route" // RulesetRuleActionScore scores the request RulesetRuleActionScore RulesetRuleAction = "score" // RulesetRuleActionExecute executes another ruleset RulesetRuleActionExecute RulesetRuleAction = "execute" // RulesetRuleActionSetConfig sets configuration RulesetRuleActionSetConfig RulesetRuleAction = "set_config" // RulesetRuleActionSetCacheSettings sets cache settings RulesetRuleActionSetCacheSettings RulesetRuleAction = "set_cache_settings" // RulesetRuleActionServeError serves an error page RulesetRuleActionServeError RulesetRuleAction = "serve_error" // RulesetRuleActionCompressResponse compresses the response RulesetRuleActionCompressResponse RulesetRuleAction = "compress_response" )
type RulesetRuleActionParameters ¶ added in v0.20.0
type RulesetRuleActionParameters struct {
// URI contains URL rewrite parameters
// +kubebuilder:validation:Optional
URI *RulesetURIRewrite `json:"uri,omitempty"`
// Headers contains header modification parameters
// +kubebuilder:validation:Optional
Headers map[string]RulesetHeaderAction `json:"headers,omitempty"`
// Redirect contains redirect parameters
// +kubebuilder:validation:Optional
Redirect *RulesetRedirect `json:"redirect,omitempty"`
// Origin contains origin override parameters
// +kubebuilder:validation:Optional
Origin *RulesetOrigin `json:"origin,omitempty"`
// Cache contains cache settings
// +kubebuilder:validation:Optional
Cache *RulesetCacheSettings `json:"cache,omitempty"`
// Products lists products to skip (for skip action)
// +kubebuilder:validation:Optional
Products []string `json:"products,omitempty"`
// Ruleset is the ID of ruleset to execute (for execute action)
// +kubebuilder:validation:Optional
Ruleset string `json:"ruleset,omitempty"`
// Phases lists phases to skip (for skip action)
// +kubebuilder:validation:Optional
Phases []string `json:"phases,omitempty"`
// Rules lists rule IDs to skip (for skip action)
// +kubebuilder:validation:Optional
Rules map[string][]string `json:"rules,omitempty"`
// Response contains custom error response parameters
// +kubebuilder:validation:Optional
Response *RulesetCustomResponse `json:"response,omitempty"`
// Algorithms contains compression algorithms
// +kubebuilder:validation:Optional
Algorithms []RulesetCompressionAlgorithm `json:"algorithms,omitempty"`
}
RulesetRuleActionParameters contains parameters for rule actions
func (*RulesetRuleActionParameters) DeepCopy ¶ added in v0.20.0
func (in *RulesetRuleActionParameters) DeepCopy() *RulesetRuleActionParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRuleActionParameters.
func (*RulesetRuleActionParameters) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetRuleActionParameters) DeepCopyInto(out *RulesetRuleActionParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetRuleRateLimit ¶ added in v0.20.0
type RulesetRuleRateLimit struct {
// Characteristics defines what to count for rate limiting
// +kubebuilder:validation:Optional
Characteristics []string `json:"characteristics,omitempty"`
// Period is the period in seconds
// +kubebuilder:validation:Optional
Period int `json:"period,omitempty"`
// RequestsPerPeriod is the request limit
// +kubebuilder:validation:Optional
RequestsPerPeriod int `json:"requestsPerPeriod,omitempty"`
// MitigationTimeout is the block duration in seconds
// +kubebuilder:validation:Optional
MitigationTimeout int `json:"mitigationTimeout,omitempty"`
// CountingExpression is the expression for counting
// +kubebuilder:validation:Optional
CountingExpression string `json:"countingExpression,omitempty"`
// RequestsToOrigin counts only requests to origin
// +kubebuilder:validation:Optional
RequestsToOrigin *bool `json:"requestsToOrigin,omitempty"`
// ScorePerPeriod is the score limit (for complexity-based limiting)
// +kubebuilder:validation:Optional
ScorePerPeriod int `json:"scorePerPeriod,omitempty"`
// ScoreResponseHeaderName is the header for score reporting
// +kubebuilder:validation:Optional
ScoreResponseHeaderName string `json:"scoreResponseHeaderName,omitempty"`
}
RulesetRuleRateLimit defines rate limiting parameters
func (*RulesetRuleRateLimit) DeepCopy ¶ added in v0.20.0
func (in *RulesetRuleRateLimit) DeepCopy() *RulesetRuleRateLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRuleRateLimit.
func (*RulesetRuleRateLimit) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetRuleRateLimit) DeepCopyInto(out *RulesetRuleRateLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetStatusCodeRange ¶ added in v0.20.0
type RulesetStatusCodeRange struct {
// From is the start of the range
From int `json:"from"`
// To is the end of the range
To int `json:"to"`
}
RulesetStatusCodeRange defines a range of status codes
func (*RulesetStatusCodeRange) DeepCopy ¶ added in v0.20.0
func (in *RulesetStatusCodeRange) DeepCopy() *RulesetStatusCodeRange
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetStatusCodeRange.
func (*RulesetStatusCodeRange) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetStatusCodeRange) DeepCopyInto(out *RulesetStatusCodeRange)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetStatusCodeTTL ¶ added in v0.20.0
type RulesetStatusCodeTTL struct {
// StatusCodeRange is the status code range (e.g., "200-299")
// +kubebuilder:validation:Optional
StatusCodeRange *RulesetStatusCodeRange `json:"statusCodeRange,omitempty"`
// StatusCodeValue is a single status code
// +kubebuilder:validation:Optional
StatusCodeValue *int `json:"statusCodeValue,omitempty"`
// Value is the TTL value in seconds
// +kubebuilder:validation:Required
Value int `json:"value"`
}
RulesetStatusCodeTTL defines TTL for specific status codes
func (*RulesetStatusCodeTTL) DeepCopy ¶ added in v0.20.0
func (in *RulesetStatusCodeTTL) DeepCopy() *RulesetStatusCodeTTL
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetStatusCodeTTL.
func (*RulesetStatusCodeTTL) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetStatusCodeTTL) DeepCopyInto(out *RulesetStatusCodeTTL)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetURIRewrite ¶ added in v0.20.0
type RulesetURIRewrite struct {
// Path is the new path (can use expressions)
// +kubebuilder:validation:Optional
Path *RulesetRewriteValue `json:"path,omitempty"`
// Query is the new query string (can use expressions)
// +kubebuilder:validation:Optional
Query *RulesetRewriteValue `json:"query,omitempty"`
}
RulesetURIRewrite defines URL rewrite parameters
func (*RulesetURIRewrite) DeepCopy ¶ added in v0.20.0
func (in *RulesetURIRewrite) DeepCopy() *RulesetURIRewrite
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetURIRewrite.
func (*RulesetURIRewrite) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetURIRewrite) DeepCopyInto(out *RulesetURIRewrite)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RulesetUserCacheKey ¶ added in v0.20.0
type RulesetUserCacheKey struct {
// DeviceType includes device type
// +kubebuilder:validation:Optional
DeviceType *bool `json:"deviceType,omitempty"`
// Geo includes geolocation
// +kubebuilder:validation:Optional
Geo *bool `json:"geo,omitempty"`
// Lang includes language
// +kubebuilder:validation:Optional
Lang *bool `json:"lang,omitempty"`
}
RulesetUserCacheKey defines user-based cache key settings
func (*RulesetUserCacheKey) DeepCopy ¶ added in v0.20.0
func (in *RulesetUserCacheKey) DeepCopy() *RulesetUserCacheKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetUserCacheKey.
func (*RulesetUserCacheKey) DeepCopyInto ¶ added in v0.20.0
func (in *RulesetUserCacheKey) DeepCopyInto(out *RulesetUserCacheKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SAMLAttributeConfig ¶ added in v0.21.1
type SAMLAttributeConfig struct {
// Name is the attribute name.
// +kubebuilder:validation:Required
Name string `json:"name"`
// NameFormat is the attribute name format.
// +kubebuilder:validation:Optional
NameFormat string `json:"nameFormat,omitempty"`
// Source specifies the source of the attribute value.
// +kubebuilder:validation:Required
Source SAMLAttributeSource `json:"source"`
// FriendlyName is the friendly name of the attribute.
// +kubebuilder:validation:Optional
FriendlyName string `json:"friendlyName,omitempty"`
// Required indicates if this attribute is required.
// +kubebuilder:validation:Optional
Required bool `json:"required,omitempty"`
}
SAMLAttributeConfig represents a custom SAML attribute.
func (*SAMLAttributeConfig) DeepCopy ¶ added in v0.21.1
func (in *SAMLAttributeConfig) DeepCopy() *SAMLAttributeConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLAttributeConfig.
func (*SAMLAttributeConfig) DeepCopyInto ¶ added in v0.21.1
func (in *SAMLAttributeConfig) DeepCopyInto(out *SAMLAttributeConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SAMLAttributeSource ¶ added in v0.21.1
type SAMLAttributeSource struct {
// Name is the name of the source attribute.
// +kubebuilder:validation:Required
Name string `json:"name"`
// NameByIDP is a map of IdP name to attribute name.
// +kubebuilder:validation:Optional
NameByIDP map[string]string `json:"nameByIdp,omitempty"`
}
SAMLAttributeSource specifies the source of a SAML attribute.
func (*SAMLAttributeSource) DeepCopy ¶ added in v0.21.1
func (in *SAMLAttributeSource) DeepCopy() *SAMLAttributeSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLAttributeSource.
func (*SAMLAttributeSource) DeepCopyInto ¶ added in v0.21.1
func (in *SAMLAttributeSource) DeepCopyInto(out *SAMLAttributeSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SAMLHeaderAttribute ¶
type SAMLHeaderAttribute struct {
// AttributeName is the SAML attribute name.
AttributeName string `json:"attributeName"`
// HeaderName is the HTTP header name.
HeaderName string `json:"headerName"`
// Required indicates if this attribute is required.
// +kubebuilder:validation:Optional
Required bool `json:"required,omitempty"`
}
SAMLHeaderAttribute defines a SAML attribute to header mapping.
func (*SAMLHeaderAttribute) DeepCopy ¶
func (in *SAMLHeaderAttribute) DeepCopy() *SAMLHeaderAttribute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLHeaderAttribute.
func (*SAMLHeaderAttribute) DeepCopyInto ¶
func (in *SAMLHeaderAttribute) DeepCopyInto(out *SAMLHeaderAttribute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SCIMAuthentication ¶ added in v0.21.1
type SCIMAuthentication struct {
// Scheme is the authentication scheme (httpbasic, oauthbearertoken, oauth2).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=httpbasic;oauthbearertoken;oauth2
Scheme string `json:"scheme"`
// User is the username for HTTP basic authentication.
// +kubebuilder:validation:Optional
User string `json:"user,omitempty"`
// Password is the password for HTTP basic authentication.
// Should be stored in a Secret and referenced.
// +kubebuilder:validation:Optional
Password string `json:"password,omitempty"`
// Token is the bearer token for OAuth bearer token authentication.
// Should be stored in a Secret and referenced.
// +kubebuilder:validation:Optional
Token string `json:"token,omitempty"`
// ClientID is the OAuth client ID.
// +kubebuilder:validation:Optional
ClientID string `json:"clientId,omitempty"`
// ClientSecret is the OAuth client secret.
// Should be stored in a Secret and referenced.
// +kubebuilder:validation:Optional
ClientSecret string `json:"clientSecret,omitempty"`
// AuthorizationURL is the OAuth authorization URL.
// +kubebuilder:validation:Optional
AuthorizationURL string `json:"authorizationUrl,omitempty"`
// TokenURL is the OAuth token URL.
// +kubebuilder:validation:Optional
TokenURL string `json:"tokenUrl,omitempty"`
// Scopes is a list of OAuth scopes.
// +kubebuilder:validation:Optional
Scopes []string `json:"scopes,omitempty"`
}
SCIMAuthentication represents SCIM authentication configuration.
func (*SCIMAuthentication) DeepCopy ¶ added in v0.21.1
func (in *SCIMAuthentication) DeepCopy() *SCIMAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SCIMAuthentication.
func (*SCIMAuthentication) DeepCopyInto ¶ added in v0.21.1
func (in *SCIMAuthentication) DeepCopyInto(out *SCIMAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SCIMMapping ¶ added in v0.21.1
type SCIMMapping struct {
// Schema is the SCIM schema (e.g., "urn:ietf:params:scim:schemas:core:2.0:User").
// +kubebuilder:validation:Required
Schema string `json:"schema"`
// Enabled enables this mapping.
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty"`
// Filter is a SCIM filter expression.
// +kubebuilder:validation:Optional
Filter string `json:"filter,omitempty"`
// TransformJsonata is a JSONata expression for transforming the mapping.
// +kubebuilder:validation:Optional
TransformJsonata string `json:"transformJsonata,omitempty"`
// Operations configures which SCIM operations are supported.
// +kubebuilder:validation:Optional
Operations *SCIMMappingOperations `json:"operations,omitempty"`
// Strictness specifies how strictly to enforce the schema.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=strict;loose
Strictness string `json:"strictness,omitempty"`
}
SCIMMapping represents a SCIM attribute mapping.
func (*SCIMMapping) DeepCopy ¶ added in v0.21.1
func (in *SCIMMapping) DeepCopy() *SCIMMapping
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SCIMMapping.
func (*SCIMMapping) DeepCopyInto ¶ added in v0.21.1
func (in *SCIMMapping) DeepCopyInto(out *SCIMMapping)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SCIMMappingOperations ¶ added in v0.21.1
type SCIMMappingOperations struct {
// Create enables the create operation.
// +kubebuilder:validation:Optional
Create *bool `json:"create,omitempty"`
// Update enables the update operation.
// +kubebuilder:validation:Optional
Update *bool `json:"update,omitempty"`
// Delete enables the delete operation.
// +kubebuilder:validation:Optional
Delete *bool `json:"delete,omitempty"`
}
SCIMMappingOperations specifies which SCIM operations are supported.
func (*SCIMMappingOperations) DeepCopy ¶ added in v0.21.1
func (in *SCIMMappingOperations) DeepCopy() *SCIMMappingOperations
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SCIMMappingOperations.
func (*SCIMMappingOperations) DeepCopyInto ¶ added in v0.21.1
func (in *SCIMMappingOperations) DeepCopyInto(out *SCIMMappingOperations)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SSLConfig ¶ added in v0.20.0
type SSLConfig struct {
// Mode sets the SSL/TLS encryption mode
// - off: No encryption (not recommended)
// - flexible: Encrypts traffic between browser and Cloudflare only
// - full: Encrypts end-to-end, using a self-signed cert on the origin
// - strict/full_strict: Encrypts end-to-end, requires valid origin cert
// +kubebuilder:validation:Optional
// +kubebuilder:default=full
Mode SSLMode `json:"mode,omitempty"`
// MinTLSVersion sets the minimum TLS version
// +kubebuilder:validation:Optional
// +kubebuilder:default="1.2"
MinTLSVersion TLSVersion `json:"minTLSVersion,omitempty"`
// TLS13 enables TLS 1.3 support
// +kubebuilder:validation:Optional
// +kubebuilder:default=on
TLS13 FeatureToggle `json:"tls13,omitempty"`
// AlwaysUseHTTPS redirects all HTTP requests to HTTPS
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
AlwaysUseHTTPS *bool `json:"alwaysUseHttps,omitempty"`
// AutomaticHTTPSRewrites rewrites HTTP links to HTTPS in HTML content
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
AutomaticHTTPSRewrites *bool `json:"automaticHttpsRewrites,omitempty"`
// OpportunisticEncryption enables opportunistic encryption
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
OpportunisticEncryption *bool `json:"opportunisticEncryption,omitempty"`
// AuthenticatedOriginPull configures mTLS between Cloudflare and origin
// +kubebuilder:validation:Optional
AuthenticatedOriginPull *AuthenticatedOriginPullConfig `json:"authenticatedOriginPull,omitempty"`
}
SSLConfig defines SSL/TLS settings for a domain
func (*SSLConfig) DeepCopy ¶ added in v0.20.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfig.
func (*SSLConfig) DeepCopyInto ¶ added in v0.20.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SSLMode ¶ added in v0.20.0
type SSLMode string
SSLMode represents the SSL/TLS encryption mode +kubebuilder:validation:Enum=off;flexible;full;strict;full_strict
type SaasApplicationConfig ¶ added in v0.21.1
type SaasApplicationConfig struct {
// AuthType specifies the authentication type (saml or oidc).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=saml;oidc
AuthType string `json:"authType"`
// ConsumerServiceURL is the SAML consumer service URL.
// +kubebuilder:validation:Optional
ConsumerServiceURL string `json:"consumerServiceUrl,omitempty"`
// SPEntityID is the SAML service provider entity ID.
// +kubebuilder:validation:Optional
SPEntityID string `json:"spEntityId,omitempty"`
// NameIDFormat is the SAML name ID format.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=id;email
NameIDFormat string `json:"nameIdFormat,omitempty"`
// DefaultRelayState is the default relay state for SAML.
// +kubebuilder:validation:Optional
DefaultRelayState string `json:"defaultRelayState,omitempty"`
// CustomAttributes defines custom SAML attributes.
// +kubebuilder:validation:Optional
CustomAttributes []SAMLAttributeConfig `json:"customAttributes,omitempty"`
// NameIDTransformJsonata is a JSONata expression for transforming the name ID.
// +kubebuilder:validation:Optional
NameIDTransformJsonata string `json:"nameIdTransformJsonata,omitempty"`
// SamlAttributeTransformJsonata is a JSONata expression for transforming SAML attributes.
// +kubebuilder:validation:Optional
SamlAttributeTransformJsonata string `json:"samlAttributeTransformJsonata,omitempty"`
// RedirectURIs is a list of allowed redirect URIs for OIDC.
// +kubebuilder:validation:Optional
RedirectURIs []string `json:"redirectUris,omitempty"`
// GrantTypes is a list of allowed grant types for OIDC.
// +kubebuilder:validation:Optional
GrantTypes []string `json:"grantTypes,omitempty"`
// Scopes is a list of allowed scopes for OIDC.
// +kubebuilder:validation:Optional
Scopes []string `json:"scopes,omitempty"`
// AppLauncherURL is the URL to launch the app from the app launcher.
// +kubebuilder:validation:Optional
AppLauncherURL string `json:"appLauncherUrl,omitempty"`
// GroupFilterRegex is a regex for filtering groups in OIDC claims.
// +kubebuilder:validation:Optional
GroupFilterRegex string `json:"groupFilterRegex,omitempty"`
// CustomClaims defines custom OIDC claims.
// +kubebuilder:validation:Optional
CustomClaims []OIDCClaimConfig `json:"customClaims,omitempty"`
// AllowPKCEWithoutClientSecret allows PKCE without a client secret.
// +kubebuilder:validation:Optional
AllowPKCEWithoutClientSecret *bool `json:"allowPkceWithoutClientSecret,omitempty"`
// AccessTokenLifetime is the lifetime of the access token.
// +kubebuilder:validation:Optional
AccessTokenLifetime string `json:"accessTokenLifetime,omitempty"`
// RefreshTokenOptions configures refresh token behavior.
// +kubebuilder:validation:Optional
RefreshTokenOptions *RefreshTokenOptions `json:"refreshTokenOptions,omitempty"`
// HybridAndImplicitOptions configures hybrid and implicit flow options.
// +kubebuilder:validation:Optional
HybridAndImplicitOptions *HybridAndImplicitOptions `json:"hybridAndImplicitOptions,omitempty"`
}
SaasApplicationConfig represents the SaaS application configuration.
func (*SaasApplicationConfig) DeepCopy ¶ added in v0.21.1
func (in *SaasApplicationConfig) DeepCopy() *SaasApplicationConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SaasApplicationConfig.
func (*SaasApplicationConfig) DeepCopyInto ¶ added in v0.21.1
func (in *SaasApplicationConfig) DeepCopyInto(out *SaasApplicationConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretKeyReference ¶ added in v0.20.0
type SecretKeyReference struct {
// Name of the Secret
// +kubebuilder:validation:Required
Name string `json:"name"`
// Namespace of the Secret
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
// Key is the key in the Secret data
// +kubebuilder:validation:Optional
// +kubebuilder:default=tls.key
Key string `json:"key,omitempty"`
}
SecretKeyReference references a specific key in a Secret
func (*SecretKeyReference) DeepCopy ¶ added in v0.20.0
func (in *SecretKeyReference) DeepCopy() *SecretKeyReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReference.
func (*SecretKeyReference) DeepCopyInto ¶ added in v0.20.0
func (in *SecretKeyReference) DeepCopyInto(out *SecretKeyReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretKeySelector ¶
type SecretKeySelector struct {
// Name is the name of the Secret.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the Secret.
// +kubebuilder:validation:Required
Key string `json:"key"`
// Namespace is the namespace of the Secret.
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
}
SecretKeySelector selects a key from a Secret.
func (*SecretKeySelector) DeepCopy ¶
func (in *SecretKeySelector) DeepCopy() *SecretKeySelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
func (*SecretKeySelector) DeepCopyInto ¶
func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretReference ¶ added in v0.17.0
type SecretReference struct {
// Name of the secret
// +kubebuilder:validation:Required
Name string `json:"name"`
// Namespace of the secret. Defaults to "cloudflare-operator-system"
// +kubebuilder:validation:Optional
// +kubebuilder:default:="cloudflare-operator-system"
Namespace string `json:"namespace,omitempty"`
// Key in the secret for API Token (used when authType is apiToken)
// +kubebuilder:validation:Optional
// +kubebuilder:default:="CLOUDFLARE_API_TOKEN"
APITokenKey string `json:"apiTokenKey,omitempty"`
// Key in the secret for Global API Key (used when authType is globalAPIKey)
// +kubebuilder:validation:Optional
// +kubebuilder:default:="CLOUDFLARE_API_KEY"
APIKeyKey string `json:"apiKeyKey,omitempty"`
// Key in the secret for Email (used when authType is globalAPIKey)
// +kubebuilder:validation:Optional
// +kubebuilder:default:="CLOUDFLARE_EMAIL"
EmailKey string `json:"emailKey,omitempty"`
}
SecretReference contains information about the secret location
func (*SecretReference) DeepCopy ¶ added in v0.17.0
func (in *SecretReference) DeepCopy() *SecretReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.
func (*SecretReference) DeepCopyInto ¶ added in v0.17.0
func (in *SecretReference) DeepCopyInto(out *SecretReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretSyncConfig ¶ added in v0.20.0
type SecretSyncConfig struct {
// Enabled enables syncing the certificate to a Kubernetes Secret
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// SecretName is the name of the Secret to create/update
// If not specified, defaults to the OriginCACertificate name
// +kubebuilder:validation:Optional
SecretName string `json:"secretName,omitempty"`
// Namespace is the namespace for the Secret
// If not specified, defaults to the OriginCACertificate's namespace (for namespaced)
// or "cloudflare-operator-system" (for cluster-scoped)
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
// CertManagerCompatible creates the Secret in cert-manager compatible format
// When true, uses "tls.crt" and "tls.key" keys with kubernetes.io/tls type
// When false, uses "certificate" and "private-key" keys with Opaque type
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
CertManagerCompatible bool `json:"certManagerCompatible,omitempty"`
// IncludeCA includes the Cloudflare Origin CA root certificate in the Secret
// This is useful for clients that need to verify the certificate chain
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
IncludeCA bool `json:"includeCA,omitempty"`
}
SecretSyncConfig configures how the certificate is synced to a Kubernetes Secret
func (*SecretSyncConfig) DeepCopy ¶ added in v0.20.0
func (in *SecretSyncConfig) DeepCopy() *SecretSyncConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSyncConfig.
func (*SecretSyncConfig) DeepCopyInto ¶ added in v0.20.0
func (in *SecretSyncConfig) DeepCopyInto(out *SecretSyncConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecurityConfig ¶ added in v0.20.0
type SecurityConfig struct {
// Level sets the security level
// +kubebuilder:validation:Optional
// +kubebuilder:default=medium
Level SecurityLevel `json:"level,omitempty"`
// BrowserCheck enables browser integrity check
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
BrowserCheck *bool `json:"browserCheck,omitempty"`
// EmailObfuscation hides email addresses from bots
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
EmailObfuscation *bool `json:"emailObfuscation,omitempty"`
// ServerSideExclude enables server-side excludes
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
ServerSideExclude *bool `json:"serverSideExclude,omitempty"`
// HotlinkProtection prevents hotlinking of images
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
HotlinkProtection bool `json:"hotlinkProtection,omitempty"`
// ChallengePassage sets how long a visitor can access the site
// after completing a challenge (in seconds)
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=300
// +kubebuilder:validation:Maximum=31536000
// +kubebuilder:default=1800
ChallengePassage *int `json:"challengePassage,omitempty"`
// WAF configures Web Application Firewall
// +kubebuilder:validation:Optional
WAF *WAFConfig `json:"waf,omitempty"`
}
SecurityConfig defines security settings for a domain
func (*SecurityConfig) DeepCopy ¶ added in v0.20.0
func (in *SecurityConfig) DeepCopy() *SecurityConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityConfig.
func (*SecurityConfig) DeepCopyInto ¶ added in v0.20.0
func (in *SecurityConfig) DeepCopyInto(out *SecurityConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecurityLevel ¶ added in v0.20.0
type SecurityLevel string
SecurityLevel represents security level settings +kubebuilder:validation:Enum=off;essentially_off;low;medium;high;under_attack
const ( SecurityLevelOff SecurityLevel = "off" SecurityLevelEssentiallyOff SecurityLevel = "essentially_off" SecurityLevelLow SecurityLevel = "low" SecurityLevelMedium SecurityLevel = "medium" SecurityLevelHigh SecurityLevel = "high" SecurityLevelUnderAttack SecurityLevel = "under_attack" )
type ServiceRef ¶
type ServiceRef struct {
// Name is the name of the Service.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Port is the port of the Service to expose.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
Port int32 `json:"port"`
}
ServiceRef references a Kubernetes Service.
func (*ServiceRef) DeepCopy ¶
func (in *ServiceRef) DeepCopy() *ServiceRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRef.
func (*ServiceRef) DeepCopyInto ¶
func (in *ServiceRef) DeepCopyInto(out *ServiceRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceTokenSecretRef ¶
type ServiceTokenSecretRef struct {
// Name is the name of the Secret to create/update.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Namespace is the namespace for the Secret.
// +kubebuilder:validation:Required
Namespace string `json:"namespace"`
// ClientIDKey is the key for the Client ID.
// +kubebuilder:validation:Optional
// +kubebuilder:default="CF_ACCESS_CLIENT_ID"
ClientIDKey string `json:"clientIdKey,omitempty"`
// ClientSecretKey is the key for the Client Secret.
// +kubebuilder:validation:Optional
// +kubebuilder:default="CF_ACCESS_CLIENT_SECRET"
ClientSecretKey string `json:"clientSecretKey,omitempty"`
}
ServiceTokenSecretRef defines where to store token credentials.
func (*ServiceTokenSecretRef) DeepCopy ¶
func (in *ServiceTokenSecretRef) DeepCopy() *ServiceTokenSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceTokenSecretRef.
func (*ServiceTokenSecretRef) DeepCopyInto ¶
func (in *ServiceTokenSecretRef) DeepCopyInto(out *ServiceTokenSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SessionSettings ¶
SessionSettings for session checks.
func (*SessionSettings) DeepCopy ¶
func (in *SessionSettings) DeepCopy() *SessionSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionSettings.
func (*SessionSettings) DeepCopyInto ¶
func (in *SessionSettings) DeepCopyInto(out *SessionSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SplitTunnelEntry ¶
type SplitTunnelEntry struct {
// Address is a CIDR notation for IP addresses to match.
// Either Address or Host must be specified.
// +kubebuilder:validation:Optional
Address string `json:"address,omitempty"`
// Host is a domain name to match.
// Either Address or Host must be specified.
// +kubebuilder:validation:Optional
Host string `json:"host,omitempty"`
// Description is an optional description for this entry.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=200
Description string `json:"description,omitempty"`
}
SplitTunnelEntry represents a single split tunnel entry.
func (*SplitTunnelEntry) DeepCopy ¶
func (in *SplitTunnelEntry) DeepCopy() *SplitTunnelEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SplitTunnelEntry.
func (*SplitTunnelEntry) DeepCopyInto ¶
func (in *SplitTunnelEntry) DeepCopyInto(out *SplitTunnelEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSDecryptSettings ¶
type TLSDecryptSettings struct {
Enabled bool `json:"enabled"`
}
TLSDecryptSettings for TLS decryption.
func (*TLSDecryptSettings) DeepCopy ¶
func (in *TLSDecryptSettings) DeepCopy() *TLSDecryptSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSDecryptSettings.
func (*TLSDecryptSettings) DeepCopyInto ¶
func (in *TLSDecryptSettings) DeepCopyInto(out *TLSDecryptSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSVersion ¶ added in v0.20.0
type TLSVersion string
TLSVersion represents supported TLS versions +kubebuilder:validation:Enum="1.0";"1.1";"1.2";"1.3"
const ( TLSVersion10 TLSVersion = "1.0" TLSVersion11 TLSVersion = "1.1" TLSVersion12 TLSVersion = "1.2" TLSVersion13 TLSVersion = "1.3" )
type TieredCacheConfig ¶ added in v0.20.0
type TieredCacheConfig struct {
// Enabled enables tiered caching
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// Topology sets the tiered cache topology
// - smart: Dynamically selects the best upper tier
// - generic: Uses regional hub data centers
// +kubebuilder:validation:Optional
// +kubebuilder:default=smart
Topology TieredCacheTopology `json:"topology,omitempty"`
}
TieredCacheConfig configures tiered caching
func (*TieredCacheConfig) DeepCopy ¶ added in v0.20.0
func (in *TieredCacheConfig) DeepCopy() *TieredCacheConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TieredCacheConfig.
func (*TieredCacheConfig) DeepCopyInto ¶ added in v0.20.0
func (in *TieredCacheConfig) DeepCopyInto(out *TieredCacheConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TieredCacheTopology ¶ added in v0.20.0
type TieredCacheTopology string
TieredCacheTopology represents tiered cache topology +kubebuilder:validation:Enum=smart;generic
const ( TieredCacheSmart TieredCacheTopology = "smart" TieredCacheGeneric TieredCacheTopology = "generic" )
type Toleration ¶
type Toleration struct {
// Key is the taint key.
// +kubebuilder:validation:Optional
Key string `json:"key,omitempty"`
// Operator represents the relationship.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=Exists;Equal
Operator string `json:"operator,omitempty"`
// Value is the taint value.
// +kubebuilder:validation:Optional
Value string `json:"value,omitempty"`
// Effect indicates the taint effect.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=NoSchedule;PreferNoSchedule;NoExecute
Effect string `json:"effect,omitempty"`
// TolerationSeconds for NoExecute effect.
// +kubebuilder:validation:Optional
TolerationSeconds *int64 `json:"tolerationSeconds,omitempty"`
}
Toleration for pod scheduling.
func (*Toleration) DeepCopy ¶
func (in *Toleration) DeepCopy() *Toleration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Toleration.
func (*Toleration) DeepCopyInto ¶
func (in *Toleration) DeepCopyInto(out *Toleration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TransformRule ¶ added in v0.20.0
type TransformRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TransformRuleSpec `json:"spec,omitempty"`
Status TransformRuleStatus `json:"status,omitempty"`
}
TransformRule manages Cloudflare Transform Rules. Transform Rules allow you to modify HTTP requests and responses: - URL Rewrites: Change the URL path and/or query string - Request Headers: Add, modify, or remove HTTP request headers - Response Headers: Add, modify, or remove HTTP response headers
This is a simplified interface over ZoneRuleset for common transform use cases.
func (*TransformRule) DeepCopy ¶ added in v0.20.0
func (in *TransformRule) DeepCopy() *TransformRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRule.
func (*TransformRule) DeepCopyInto ¶ added in v0.20.0
func (in *TransformRule) DeepCopyInto(out *TransformRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TransformRule) DeepCopyObject ¶ added in v0.20.0
func (in *TransformRule) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TransformRuleDefinition ¶ added in v0.20.0
type TransformRuleDefinition struct {
// Name is a human-readable name for the rule
// +kubebuilder:validation:Required
Name string `json:"name"`
// Expression is the filter expression (Cloudflare Rules language)
// Example: (http.host eq "example.com")
// +kubebuilder:validation:Required
Expression string `json:"expression"`
// Enabled controls whether the rule is active
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// URLRewrite contains URL rewrite configuration
// Only used when type is url_rewrite
// +kubebuilder:validation:Optional
URLRewrite *URLRewriteConfig `json:"urlRewrite,omitempty"`
// Headers contains header modification configuration
// Only used when type is request_header or response_header
// +kubebuilder:validation:Optional
Headers []HeaderModification `json:"headers,omitempty"`
}
TransformRuleDefinition defines a single transform rule
func (*TransformRuleDefinition) DeepCopy ¶ added in v0.20.0
func (in *TransformRuleDefinition) DeepCopy() *TransformRuleDefinition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleDefinition.
func (*TransformRuleDefinition) DeepCopyInto ¶ added in v0.20.0
func (in *TransformRuleDefinition) DeepCopyInto(out *TransformRuleDefinition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TransformRuleList ¶ added in v0.20.0
type TransformRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TransformRule `json:"items"`
}
TransformRuleList contains a list of TransformRule
func (*TransformRuleList) DeepCopy ¶ added in v0.20.0
func (in *TransformRuleList) DeepCopy() *TransformRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleList.
func (*TransformRuleList) DeepCopyInto ¶ added in v0.20.0
func (in *TransformRuleList) DeepCopyInto(out *TransformRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TransformRuleList) DeepCopyObject ¶ added in v0.20.0
func (in *TransformRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TransformRuleSpec ¶ added in v0.20.0
type TransformRuleSpec struct {
// Zone is the zone name (domain) to apply rules to
// +kubebuilder:validation:Required
Zone string `json:"zone"`
// Type is the type of transform rule
// +kubebuilder:validation:Required
Type TransformRuleType `json:"type"`
// Description is a human-readable description of the ruleset
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
// Rules are the transform rules
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Rules []TransformRuleDefinition `json:"rules"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
TransformRuleSpec defines the desired state of TransformRule
func (*TransformRuleSpec) DeepCopy ¶ added in v0.20.0
func (in *TransformRuleSpec) DeepCopy() *TransformRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleSpec.
func (*TransformRuleSpec) DeepCopyInto ¶ added in v0.20.0
func (in *TransformRuleSpec) DeepCopyInto(out *TransformRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TransformRuleState ¶ added in v0.20.0
type TransformRuleState string
TransformRuleState represents the state of the transform rule +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error
const ( // TransformRuleStatePending means the rule is waiting to be synced TransformRuleStatePending TransformRuleState = "Pending" // TransformRuleStateSyncing means the rule is being synced TransformRuleStateSyncing TransformRuleState = "Syncing" // TransformRuleStateReady means the rule is synced and ready TransformRuleStateReady TransformRuleState = "Ready" // TransformRuleStateError means there was an error with the rule TransformRuleStateError TransformRuleState = "Error" )
type TransformRuleStatus ¶ added in v0.20.0
type TransformRuleStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the rule
// +optional
State TransformRuleState `json:"state,omitempty"`
// RulesetID is the Cloudflare ruleset ID
// +optional
RulesetID string `json:"rulesetId,omitempty"`
// ZoneID is the Cloudflare zone ID
// +optional
ZoneID string `json:"zoneId,omitempty"`
// RuleCount is the number of rules
// +optional
RuleCount int `json:"ruleCount,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
TransformRuleStatus defines the observed state of TransformRule
func (*TransformRuleStatus) DeepCopy ¶ added in v0.20.0
func (in *TransformRuleStatus) DeepCopy() *TransformRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransformRuleStatus.
func (*TransformRuleStatus) DeepCopyInto ¶ added in v0.20.0
func (in *TransformRuleStatus) DeepCopyInto(out *TransformRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TransformRuleType ¶ added in v0.20.0
type TransformRuleType string
TransformRuleType represents the type of transform rule +kubebuilder:validation:Enum=url_rewrite;request_header;response_header
const ( // TransformRuleTypeURLRewrite rewrites the URL path and/or query string TransformRuleTypeURLRewrite TransformRuleType = "url_rewrite" // TransformRuleTypeRequestHeader modifies HTTP request headers TransformRuleTypeRequestHeader TransformRuleType = "request_header" // TransformRuleTypeResponseHeader modifies HTTP response headers TransformRuleTypeResponseHeader TransformRuleType = "response_header" )
type Tunnel ¶
type Tunnel struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TunnelSpec `json:"spec,omitempty"`
Status TunnelStatus `json:"status,omitempty"`
}
Tunnel is the Schema for the tunnels API
func (*Tunnel) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tunnel.
func (*Tunnel) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Tunnel) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TunnelGatewayClassConfig ¶ added in v0.18.1
type TunnelGatewayClassConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TunnelGatewayClassConfigSpec `json:"spec,omitempty"`
Status TunnelGatewayClassConfigStatus `json:"status,omitempty"`
}
TunnelGatewayClassConfig provides GatewayClass parameters for Cloudflare Tunnel Gateway Controller. This resource links a GatewayClass to a specific Tunnel or ClusterTunnel and configures how the Gateway Controller handles DNS records and origin connections.
Example usage:
apiVersion: networking.cloudflare-operator.io/v1alpha2
kind: TunnelGatewayClassConfig
metadata:
name: cloudflare-tunnel
spec:
tunnelRef:
kind: ClusterTunnel
name: production-tunnel
dnsManagement: Automatic
dnsProxied: true
func (*TunnelGatewayClassConfig) DeepCopy ¶ added in v0.18.1
func (in *TunnelGatewayClassConfig) DeepCopy() *TunnelGatewayClassConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfig.
func (*TunnelGatewayClassConfig) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelGatewayClassConfig) DeepCopyInto(out *TunnelGatewayClassConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TunnelGatewayClassConfig) DeepCopyObject ¶ added in v0.18.1
func (in *TunnelGatewayClassConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*TunnelGatewayClassConfig) GetTunnelNamespace ¶ added in v0.18.1
func (c *TunnelGatewayClassConfig) GetTunnelNamespace() string
GetTunnelNamespace returns the namespace where the Tunnel resource is located. For ClusterTunnel, this returns empty string (cluster-scoped). For Tunnel, this returns the namespace from TunnelRef or falls back to config's namespace.
func (*TunnelGatewayClassConfig) IsDNSProxied ¶ added in v0.18.1
func (c *TunnelGatewayClassConfig) IsDNSProxied() bool
IsDNSProxied returns whether DNS records should be proxied through Cloudflare.
type TunnelGatewayClassConfigList ¶ added in v0.18.1
type TunnelGatewayClassConfigList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TunnelGatewayClassConfig `json:"items"`
}
TunnelGatewayClassConfigList contains a list of TunnelGatewayClassConfig
func (*TunnelGatewayClassConfigList) DeepCopy ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigList) DeepCopy() *TunnelGatewayClassConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigList.
func (*TunnelGatewayClassConfigList) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigList) DeepCopyInto(out *TunnelGatewayClassConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TunnelGatewayClassConfigList) DeepCopyObject ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TunnelGatewayClassConfigSpec ¶ added in v0.18.1
type TunnelGatewayClassConfigSpec struct {
// TunnelRef references the Tunnel or ClusterTunnel to use for this GatewayClass
// +kubebuilder:validation:Required
TunnelRef TunnelReference `json:"tunnelRef"`
// DefaultOriginRequest provides default origin request settings for all Routes
// using this GatewayClass. Can be overridden per-Route via annotations.
// +kubebuilder:validation:Optional
DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`
// DNSManagement controls how DNS records are managed for Route hostnames.
// - Automatic: Controller creates CNAME records directly via Cloudflare API
// - Manual: User manages DNS records externally (compatible with external-dns)
// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
// +kubebuilder:validation:Optional
// +kubebuilder:default=Automatic
DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`
// DNSProxied controls whether DNS records are proxied through Cloudflare.
// Only applies when DNSManagement is Automatic or DNSRecord.
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
DNSProxied *bool `json:"dnsProxied,omitempty"`
// WatchNamespaces limits which namespaces the controller watches for Routes.
// If empty, watches all namespaces.
// +kubebuilder:validation:Optional
WatchNamespaces []string `json:"watchNamespaces,omitempty"`
// FallbackTarget is the default target for unmatched requests.
// Defaults to "http_status:404" if not specified.
// +kubebuilder:validation:Optional
// +kubebuilder:default="http_status:404"
FallbackTarget string `json:"fallbackTarget,omitempty"`
}
TunnelGatewayClassConfigSpec defines the desired state of TunnelGatewayClassConfig
func (*TunnelGatewayClassConfigSpec) DeepCopy ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigSpec) DeepCopy() *TunnelGatewayClassConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigSpec.
func (*TunnelGatewayClassConfigSpec) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigSpec) DeepCopyInto(out *TunnelGatewayClassConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelGatewayClassConfigStatus ¶ added in v0.18.1
type TunnelGatewayClassConfigStatus struct {
// TunnelID is the resolved Cloudflare Tunnel ID
// +kubebuilder:validation:Optional
TunnelID string `json:"tunnelId,omitempty"`
// TunnelName is the resolved Cloudflare Tunnel name
// +kubebuilder:validation:Optional
TunnelName string `json:"tunnelName,omitempty"`
// GatewayCount is the number of Gateways using this configuration
// +kubebuilder:validation:Optional
GatewayCount int `json:"gatewayCount,omitempty"`
// RouteCount is the total number of Routes across all Gateways
// +kubebuilder:validation:Optional
RouteCount int `json:"routeCount,omitempty"`
// State represents the current state of the configuration
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=pending;active;error
State string `json:"state,omitempty"`
// Conditions represent the latest available observations
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
TunnelGatewayClassConfigStatus defines the observed state of TunnelGatewayClassConfig
func (*TunnelGatewayClassConfigStatus) DeepCopy ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigStatus) DeepCopy() *TunnelGatewayClassConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelGatewayClassConfigStatus.
func (*TunnelGatewayClassConfigStatus) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelGatewayClassConfigStatus) DeepCopyInto(out *TunnelGatewayClassConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelIngressClassConfig ¶ added in v0.18.1
type TunnelIngressClassConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec TunnelIngressClassConfigSpec `json:"spec,omitempty"`
Status TunnelIngressClassConfigStatus `json:"status,omitempty"`
}
TunnelIngressClassConfig provides IngressClass parameters for Cloudflare Tunnel Ingress Controller. This resource links an IngressClass to a specific Tunnel or ClusterTunnel and configures how the Ingress Controller handles DNS records and origin connections.
func (*TunnelIngressClassConfig) DeepCopy ¶ added in v0.18.1
func (in *TunnelIngressClassConfig) DeepCopy() *TunnelIngressClassConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfig.
func (*TunnelIngressClassConfig) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelIngressClassConfig) DeepCopyInto(out *TunnelIngressClassConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TunnelIngressClassConfig) DeepCopyObject ¶ added in v0.18.1
func (in *TunnelIngressClassConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*TunnelIngressClassConfig) GetTunnelNamespace ¶ added in v0.18.1
func (c *TunnelIngressClassConfig) GetTunnelNamespace() string
GetTunnelNamespace returns the namespace of the referenced tunnel. For ClusterTunnel, returns empty string. For Tunnel, returns the specified namespace or the config's namespace.
func (*TunnelIngressClassConfig) IsDNSProxied ¶ added in v0.18.1
func (c *TunnelIngressClassConfig) IsDNSProxied() bool
IsDNSProxied returns whether DNS records should be proxied through Cloudflare.
type TunnelIngressClassConfigList ¶ added in v0.18.1
type TunnelIngressClassConfigList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TunnelIngressClassConfig `json:"items"`
}
TunnelIngressClassConfigList contains a list of TunnelIngressClassConfig
func (*TunnelIngressClassConfigList) DeepCopy ¶ added in v0.18.1
func (in *TunnelIngressClassConfigList) DeepCopy() *TunnelIngressClassConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigList.
func (*TunnelIngressClassConfigList) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelIngressClassConfigList) DeepCopyInto(out *TunnelIngressClassConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TunnelIngressClassConfigList) DeepCopyObject ¶ added in v0.18.1
func (in *TunnelIngressClassConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TunnelIngressClassConfigSpec ¶ added in v0.18.1
type TunnelIngressClassConfigSpec struct {
// TunnelRef references the Tunnel or ClusterTunnel to use for this IngressClass
// +kubebuilder:validation:Required
TunnelRef TunnelReference `json:"tunnelRef"`
// DefaultProtocol specifies the default backend protocol when not specified by
// Ingress annotation, Service annotation, or Service port appProtocol.
// Protocol detection priority (highest to lowest):
// 1. Ingress annotation: cloudflare.com/protocol
// 2. Ingress annotation: cloudflare.com/protocol-{port} (port-specific)
// 3. Service annotation: cloudflare.com/protocol
// 4. Service port appProtocol field (Kubernetes native)
// 5. Service port name (http, https, grpc, h2c, etc.)
// 6. This defaultProtocol field
// 7. Port number inference (443→https, 22→ssh, others→http)
// +kubebuilder:validation:Optional
// +kubebuilder:default=http
DefaultProtocol ProtocolType `json:"defaultProtocol,omitempty"`
// DefaultOriginRequest provides default origin request settings for all Ingresses
// using this IngressClass. Can be overridden per-Ingress via annotations.
// +kubebuilder:validation:Optional
DefaultOriginRequest *OriginRequestSpec `json:"defaultOriginRequest,omitempty"`
// DNSManagement controls how DNS records are managed for Ingress hostnames.
// - Automatic: Controller creates CNAME records directly via Cloudflare API
// - Manual: User manages DNS records externally (compatible with external-dns)
// - DNSRecord: Controller creates DNSRecord CRDs for each hostname
// +kubebuilder:validation:Optional
// +kubebuilder:default=Automatic
DNSManagement DNSManagementMode `json:"dnsManagement,omitempty"`
// DNSProxied controls whether DNS records are proxied through Cloudflare.
// Only applies when DNSManagement is Automatic or DNSRecord.
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
DNSProxied *bool `json:"dnsProxied,omitempty"`
// WatchNamespaces limits which namespaces the controller watches for Ingresses.
// If empty, watches all namespaces.
// +kubebuilder:validation:Optional
WatchNamespaces []string `json:"watchNamespaces,omitempty"`
}
TunnelIngressClassConfigSpec defines the desired state of TunnelIngressClassConfig
func (*TunnelIngressClassConfigSpec) DeepCopy ¶ added in v0.18.1
func (in *TunnelIngressClassConfigSpec) DeepCopy() *TunnelIngressClassConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigSpec.
func (*TunnelIngressClassConfigSpec) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelIngressClassConfigSpec) DeepCopyInto(out *TunnelIngressClassConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelIngressClassConfigStatus ¶ added in v0.18.1
type TunnelIngressClassConfigStatus struct {
// TunnelID is the resolved Cloudflare Tunnel ID
// +kubebuilder:validation:Optional
TunnelID string `json:"tunnelId,omitempty"`
// TunnelName is the resolved Cloudflare Tunnel name
// +kubebuilder:validation:Optional
TunnelName string `json:"tunnelName,omitempty"`
// IngressCount is the number of Ingresses using this configuration
// +kubebuilder:validation:Optional
IngressCount int `json:"ingressCount,omitempty"`
// State represents the current state of the configuration
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=pending;active;error
State string `json:"state,omitempty"`
// Conditions represent the latest available observations
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
TunnelIngressClassConfigStatus defines the observed state of TunnelIngressClassConfig
func (*TunnelIngressClassConfigStatus) DeepCopy ¶ added in v0.18.1
func (in *TunnelIngressClassConfigStatus) DeepCopy() *TunnelIngressClassConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelIngressClassConfigStatus.
func (*TunnelIngressClassConfigStatus) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelIngressClassConfigStatus) DeepCopyInto(out *TunnelIngressClassConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelList ¶
type TunnelList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Tunnel `json:"items"`
}
TunnelList contains a list of Tunnel
func (*TunnelList) DeepCopy ¶
func (in *TunnelList) DeepCopy() *TunnelList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelList.
func (*TunnelList) DeepCopyInto ¶
func (in *TunnelList) DeepCopyInto(out *TunnelList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TunnelList) DeepCopyObject ¶
func (in *TunnelList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TunnelRef ¶
type TunnelRef struct {
// Kind is the type of tunnel resource (Tunnel or ClusterTunnel).
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
// +kubebuilder:default=ClusterTunnel
Kind string `json:"kind"`
// Name is the name of the Tunnel or ClusterTunnel resource.
// +kubebuilder:validation:Required
Name string `json:"name"`
// Namespace is the namespace of the Tunnel resource.
// Only applicable when Kind is Tunnel. Ignored for ClusterTunnel.
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
}
TunnelRef references a Tunnel or ClusterTunnel resource.
func (*TunnelRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRef.
func (*TunnelRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelReference ¶ added in v0.18.1
type TunnelReference struct {
// Kind is the tunnel resource kind: Tunnel or ClusterTunnel
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=Tunnel;ClusterTunnel
Kind string `json:"kind"`
// Name is the name of the Tunnel/ClusterTunnel resource
// +kubebuilder:validation:Required
Name string `json:"name"`
// Namespace is the namespace of the Tunnel (only for Kind=Tunnel).
// If not specified for Kind=Tunnel, defaults to the TunnelIngressClassConfig's namespace.
// +kubebuilder:validation:Optional
Namespace string `json:"namespace,omitempty"`
}
TunnelReference references a Tunnel or ClusterTunnel resource
func (*TunnelReference) DeepCopy ¶ added in v0.18.1
func (in *TunnelReference) DeepCopy() *TunnelReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelReference.
func (*TunnelReference) DeepCopyInto ¶ added in v0.18.1
func (in *TunnelReference) DeepCopyInto(out *TunnelReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelSpec ¶
type TunnelSpec struct {
// Deployment patch for the cloudflared deployment.
// Follows https://kubernetes.io/docs/reference/kubectl/generated/kubectl_patch/
// +kubebuilder:validation:Optional
// +kubebuilder:default:="{}"
DeployPatch string `json:"deployPatch,omitempty"`
// +kubebuilder:default:=false
// +kubebuilder:validation:Optional
// NoTlsVerify disables origin TLS certificate checks when the endpoint is HTTPS.
NoTlsVerify bool `json:"noTlsVerify,omitempty"`
// +kubebuilder:validation:Optional
// OriginCaPool speficies the secret with tls.crt (and other certs as needed to be referred in the service annotation) of the Root CA to be trusted when sending traffic to HTTPS endpoints
OriginCaPool string `json:"originCaPool,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum={"auto","quic","http2"}
// +kubebuilder:default:="auto"
// Protocol specifies the protocol to use for the tunnel. Defaults to auto. Options are "auto", "quic" and "http2"
Protocol string `json:"protocol,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:="http_status:404"
// FallbackTarget speficies the target for requests that do not match an ingress. Defaults to http_status:404
FallbackTarget string `json:"fallbackTarget,omitempty"`
// +kubebuilder:validation:Required
// Cloudflare Credentials
Cloudflare CloudflareDetails `json:"cloudflare,omitempty"`
// +kubebuilder:validation:Optional
// Existing tunnel object.
// ExistingTunnel and NewTunnel cannot be both empty and are mutually exclusive.
ExistingTunnel *ExistingTunnel `json:"existingTunnel,omitempty"`
// +kubebuilder:validation:Optional
// New tunnel object.
// NewTunnel and ExistingTunnel cannot be both empty and are mutually exclusive.
NewTunnel *NewTunnel `json:"newTunnel,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default:=false
// EnableWarpRouting enables WARP routing for this tunnel, allowing private network
// access via WARP clients. When enabled, the tunnel can route traffic to private
// IP ranges defined in NetworkRoute resources.
EnableWarpRouting bool `json:"enableWarpRouting,omitempty"`
}
TunnelSpec defines the desired state of Tunnel
func (*TunnelSpec) DeepCopy ¶
func (in *TunnelSpec) DeepCopy() *TunnelSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelSpec.
func (*TunnelSpec) DeepCopyInto ¶
func (in *TunnelSpec) DeepCopyInto(out *TunnelSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TunnelStatus ¶
type TunnelStatus struct {
// TunnelId is the Cloudflare tunnel ID
TunnelId string `json:"tunnelId"`
// TunnelName is the Cloudflare tunnel name
TunnelName string `json:"tunnelName"`
// AccountId is the Cloudflare account ID
AccountId string `json:"accountId"`
// ZoneId is the Cloudflare zone ID (optional, for DNS features)
ZoneId string `json:"zoneId"`
// State represents the current state of the tunnel
// +kubebuilder:validation:Enum=pending;creating;active;error;deleting
State string `json:"state,omitempty"`
// ObservedGeneration is the generation observed by the controller
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// Conditions represent the latest available observations of the tunnel's state
// +optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
TunnelStatus defines the observed state of Tunnel
func (*TunnelStatus) DeepCopy ¶
func (in *TunnelStatus) DeepCopy() *TunnelStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelStatus.
func (*TunnelStatus) DeepCopyInto ¶
func (in *TunnelStatus) DeepCopyInto(out *TunnelStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type URLRewriteConfig ¶ added in v0.20.0
type URLRewriteConfig struct {
// Path is the new path configuration
// +kubebuilder:validation:Optional
Path *RewriteValue `json:"path,omitempty"`
// Query is the new query string configuration
// +kubebuilder:validation:Optional
Query *RewriteValue `json:"query,omitempty"`
}
URLRewriteConfig defines URL rewrite configuration
func (*URLRewriteConfig) DeepCopy ¶ added in v0.20.0
func (in *URLRewriteConfig) DeepCopy() *URLRewriteConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new URLRewriteConfig.
func (*URLRewriteConfig) DeepCopyInto ¶ added in v0.20.0
func (in *URLRewriteConfig) DeepCopyInto(out *URLRewriteConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VirtualNetwork ¶
type VirtualNetwork struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec VirtualNetworkSpec `json:"spec,omitempty"`
Status VirtualNetworkStatus `json:"status,omitempty"`
}
VirtualNetwork is the Schema for the virtualnetworks API. A VirtualNetwork represents a Cloudflare Zero Trust Virtual Network, which provides isolated private network address spaces for routing traffic through Cloudflare Tunnels.
func (*VirtualNetwork) DeepCopy ¶
func (in *VirtualNetwork) DeepCopy() *VirtualNetwork
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetwork.
func (*VirtualNetwork) DeepCopyInto ¶
func (in *VirtualNetwork) DeepCopyInto(out *VirtualNetwork)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VirtualNetwork) DeepCopyObject ¶
func (in *VirtualNetwork) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VirtualNetwork) GetVirtualNetworkName ¶
func (v *VirtualNetwork) GetVirtualNetworkName() string
GetVirtualNetworkName returns the name to use in Cloudflare. Uses spec.name if specified, otherwise falls back to metadata.name.
type VirtualNetworkList ¶
type VirtualNetworkList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []VirtualNetwork `json:"items"`
}
VirtualNetworkList contains a list of VirtualNetwork
func (*VirtualNetworkList) DeepCopy ¶
func (in *VirtualNetworkList) DeepCopy() *VirtualNetworkList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkList.
func (*VirtualNetworkList) DeepCopyInto ¶
func (in *VirtualNetworkList) DeepCopyInto(out *VirtualNetworkList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VirtualNetworkList) DeepCopyObject ¶
func (in *VirtualNetworkList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VirtualNetworkRef ¶
type VirtualNetworkRef struct {
// Name is the name of the VirtualNetwork resource.
// +kubebuilder:validation:Required
Name string `json:"name"`
}
VirtualNetworkRef references a VirtualNetwork resource.
func (*VirtualNetworkRef) DeepCopy ¶
func (in *VirtualNetworkRef) DeepCopy() *VirtualNetworkRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkRef.
func (*VirtualNetworkRef) DeepCopyInto ¶
func (in *VirtualNetworkRef) DeepCopyInto(out *VirtualNetworkRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VirtualNetworkSpec ¶
type VirtualNetworkSpec struct {
// Name of the Virtual Network in Cloudflare.
// If not specified, the Kubernetes resource name will be used.
// +kubebuilder:validation:Optional
Name string `json:"name,omitempty"`
// Comment is an optional description for the Virtual Network.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=500
Comment string `json:"comment,omitempty"`
// IsDefaultNetwork marks this Virtual Network as the default for the account.
// Only one Virtual Network can be the default.
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
IsDefaultNetwork bool `json:"isDefaultNetwork,omitempty"`
// Cloudflare contains the Cloudflare API credentials and account information.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
VirtualNetworkSpec defines the desired state of VirtualNetwork
func (*VirtualNetworkSpec) DeepCopy ¶
func (in *VirtualNetworkSpec) DeepCopy() *VirtualNetworkSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkSpec.
func (*VirtualNetworkSpec) DeepCopyInto ¶
func (in *VirtualNetworkSpec) DeepCopyInto(out *VirtualNetworkSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VirtualNetworkStatus ¶
type VirtualNetworkStatus struct {
// VirtualNetworkId is the Cloudflare ID of the Virtual Network.
// +kubebuilder:validation:Optional
VirtualNetworkId string `json:"virtualNetworkId,omitempty"`
// AccountId is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountId string `json:"accountId,omitempty"`
// State indicates the current state of the Virtual Network (active, deleted, etc.).
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// IsDefault indicates whether this is the default Virtual Network for the account.
// +kubebuilder:validation:Optional
IsDefault bool `json:"isDefault,omitempty"`
// Conditions represent the latest available observations of the VirtualNetwork's state.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed by the controller.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
VirtualNetworkStatus defines the observed state of VirtualNetwork
func (*VirtualNetworkStatus) DeepCopy ¶
func (in *VirtualNetworkStatus) DeepCopy() *VirtualNetworkStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualNetworkStatus.
func (*VirtualNetworkStatus) DeepCopyInto ¶
func (in *VirtualNetworkStatus) DeepCopyInto(out *VirtualNetworkStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WAFConfig ¶ added in v0.20.0
type WAFConfig struct {
// Enabled enables WAF
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
Enabled bool `json:"enabled,omitempty"`
}
WAFConfig configures Web Application Firewall
func (*WAFConfig) DeepCopy ¶ added in v0.20.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WAFConfig.
func (*WAFConfig) DeepCopyInto ¶ added in v0.20.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WARPConnector ¶
type WARPConnector struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WARPConnectorSpec `json:"spec,omitempty"`
Status WARPConnectorStatus `json:"status,omitempty"`
}
WARPConnector is the Schema for the warpconnectors API.
func (*WARPConnector) DeepCopy ¶
func (in *WARPConnector) DeepCopy() *WARPConnector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnector.
func (*WARPConnector) DeepCopyInto ¶
func (in *WARPConnector) DeepCopyInto(out *WARPConnector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WARPConnector) DeepCopyObject ¶
func (in *WARPConnector) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*WARPConnector) GetConnectorName ¶
func (w *WARPConnector) GetConnectorName() string
GetConnectorName returns the name to use in Cloudflare.
type WARPConnectorList ¶
type WARPConnectorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WARPConnector `json:"items"`
}
WARPConnectorList contains a list of WARPConnector
func (*WARPConnectorList) DeepCopy ¶
func (in *WARPConnectorList) DeepCopy() *WARPConnectorList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorList.
func (*WARPConnectorList) DeepCopyInto ¶
func (in *WARPConnectorList) DeepCopyInto(out *WARPConnectorList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WARPConnectorList) DeepCopyObject ¶
func (in *WARPConnectorList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WARPConnectorRoute ¶
type WARPConnectorRoute struct {
// Network is the CIDR of the network to route.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$`
Network string `json:"network"`
// Comment is an optional description.
// +kubebuilder:validation:Optional
Comment string `json:"comment,omitempty"`
}
WARPConnectorRoute defines a route to advertise.
func (*WARPConnectorRoute) DeepCopy ¶
func (in *WARPConnectorRoute) DeepCopy() *WARPConnectorRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorRoute.
func (*WARPConnectorRoute) DeepCopyInto ¶
func (in *WARPConnectorRoute) DeepCopyInto(out *WARPConnectorRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WARPConnectorSpec ¶
type WARPConnectorSpec struct {
// Name of the WARP Connector in Cloudflare.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=255
Name string `json:"name,omitempty"`
// Replicas is the number of connector instances.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=1
// +kubebuilder:default=1
Replicas int32 `json:"replicas,omitempty"`
// Image is the WARP connector container image.
// +kubebuilder:validation:Optional
// +kubebuilder:default="cloudflare/cloudflared:latest"
Image string `json:"image,omitempty"`
// VirtualNetworkRef references the VirtualNetwork for this connector.
// +kubebuilder:validation:Optional
VirtualNetworkRef *VirtualNetworkRef `json:"virtualNetworkRef,omitempty"`
// Routes are the private network routes to advertise.
// +kubebuilder:validation:Optional
Routes []WARPConnectorRoute `json:"routes,omitempty"`
// Resources defines compute resources.
// +kubebuilder:validation:Optional
Resources *ResourceRequirements `json:"resources,omitempty"`
// NodeSelector for pod scheduling.
// +kubebuilder:validation:Optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// Tolerations for pod scheduling.
// +kubebuilder:validation:Optional
Tolerations []Toleration `json:"tolerations,omitempty"`
// ServiceAccount to use for the connector pods.
// +kubebuilder:validation:Optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
// Cloudflare contains the Cloudflare API credentials.
// +kubebuilder:validation:Required
Cloudflare CloudflareDetails `json:"cloudflare"`
}
WARPConnectorSpec defines the desired state of WARPConnector
func (*WARPConnectorSpec) DeepCopy ¶
func (in *WARPConnectorSpec) DeepCopy() *WARPConnectorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorSpec.
func (*WARPConnectorSpec) DeepCopyInto ¶
func (in *WARPConnectorSpec) DeepCopyInto(out *WARPConnectorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WARPConnectorStatus ¶
type WARPConnectorStatus struct {
// ConnectorID is the Cloudflare WARP Connector ID.
// +kubebuilder:validation:Optional
ConnectorID string `json:"connectorId,omitempty"`
// TunnelID is the underlying tunnel ID.
// +kubebuilder:validation:Optional
TunnelID string `json:"tunnelId,omitempty"`
// VirtualNetworkID is the Cloudflare VirtualNetwork ID used for routes.
// This is saved to enable proper route deletion during cleanup.
// +kubebuilder:validation:Optional
VirtualNetworkID string `json:"virtualNetworkId,omitempty"`
// AccountID is the Cloudflare Account ID.
// +kubebuilder:validation:Optional
AccountID string `json:"accountId,omitempty"`
// ReadyReplicas is the number of ready connector pods.
// +kubebuilder:validation:Optional
ReadyReplicas int32 `json:"readyReplicas,omitempty"`
// RoutesConfigured is the number of routes configured.
// +kubebuilder:validation:Optional
RoutesConfigured int `json:"routesConfigured,omitempty"`
// State indicates the current state.
// +kubebuilder:validation:Optional
State string `json:"state,omitempty"`
// Conditions represent the latest available observations.
// +kubebuilder:validation:Optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed.
// +kubebuilder:validation:Optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}
WARPConnectorStatus defines the observed state
func (*WARPConnectorStatus) DeepCopy ¶
func (in *WARPConnectorStatus) DeepCopy() *WARPConnectorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WARPConnectorStatus.
func (*WARPConnectorStatus) DeepCopyInto ¶
func (in *WARPConnectorStatus) DeepCopyInto(out *WARPConnectorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WildcardRedirectRule ¶ added in v0.20.0
type WildcardRedirectRule struct {
// Name is a human-readable name for the rule
// +kubebuilder:validation:Required
Name string `json:"name"`
// SourceURL is the wildcard URL pattern to match
// Use * as wildcard. Example: https://example.com/blog/*
// +kubebuilder:validation:Required
SourceURL string `json:"sourceUrl"`
// TargetURL is the redirect destination
// Use ${1}, ${2} etc. for wildcard replacements
// Example: https://example.com/articles/${1}
// +kubebuilder:validation:Required
TargetURL string `json:"targetUrl"`
// Enabled controls whether the rule is active
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
Enabled bool `json:"enabled,omitempty"`
// StatusCode is the HTTP redirect status code
// +kubebuilder:validation:Optional
// +kubebuilder:default=301
StatusCode RedirectStatusCode `json:"statusCode,omitempty"`
// PreserveQueryString keeps the original query string in the redirect
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
PreserveQueryString bool `json:"preserveQueryString,omitempty"`
// IncludeSubdomains applies the redirect to subdomains
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
IncludeSubdomains bool `json:"includeSubdomains,omitempty"`
// SubpathMatching enables matching of subpaths
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
SubpathMatching bool `json:"subpathMatching,omitempty"`
}
WildcardRedirectRule defines a wildcard-based redirect rule This provides a simpler syntax for common redirect patterns
func (*WildcardRedirectRule) DeepCopy ¶ added in v0.20.0
func (in *WildcardRedirectRule) DeepCopy() *WildcardRedirectRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WildcardRedirectRule.
func (*WildcardRedirectRule) DeepCopyInto ¶ added in v0.20.0
func (in *WildcardRedirectRule) DeepCopyInto(out *WildcardRedirectRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ZoneRuleset ¶ added in v0.20.0
type ZoneRuleset struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ZoneRulesetSpec `json:"spec,omitempty"`
Status ZoneRulesetStatus `json:"status,omitempty"`
}
ZoneRuleset manages Cloudflare zone rulesets. Rulesets are the backbone of Cloudflare Rules (Transform Rules, Redirect Rules, Cache Rules, Configuration Rules, WAF Custom Rules, etc.).
Each ZoneRuleset manages rules for a specific phase (entry point) in the request processing pipeline.
func (*ZoneRuleset) DeepCopy ¶ added in v0.20.0
func (in *ZoneRuleset) DeepCopy() *ZoneRuleset
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRuleset.
func (*ZoneRuleset) DeepCopyInto ¶ added in v0.20.0
func (in *ZoneRuleset) DeepCopyInto(out *ZoneRuleset)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ZoneRuleset) DeepCopyObject ¶ added in v0.20.0
func (in *ZoneRuleset) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ZoneRulesetList ¶ added in v0.20.0
type ZoneRulesetList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ZoneRuleset `json:"items"`
}
ZoneRulesetList contains a list of ZoneRuleset
func (*ZoneRulesetList) DeepCopy ¶ added in v0.20.0
func (in *ZoneRulesetList) DeepCopy() *ZoneRulesetList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetList.
func (*ZoneRulesetList) DeepCopyInto ¶ added in v0.20.0
func (in *ZoneRulesetList) DeepCopyInto(out *ZoneRulesetList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ZoneRulesetList) DeepCopyObject ¶ added in v0.20.0
func (in *ZoneRulesetList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ZoneRulesetSpec ¶ added in v0.20.0
type ZoneRulesetSpec struct {
// Zone is the zone name (domain) to apply rules to
// +kubebuilder:validation:Required
Zone string `json:"zone"`
// Phase is the ruleset phase/entry point
// +kubebuilder:validation:Required
Phase RulesetPhase `json:"phase"`
// Description is a human-readable description of the ruleset
// +kubebuilder:validation:Optional
Description string `json:"description,omitempty"`
// Rules are the rules in this ruleset
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Rules []RulesetRule `json:"rules"`
// CredentialsRef references a CloudflareCredentials resource
// If not specified, the default CloudflareCredentials will be used
// +kubebuilder:validation:Optional
CredentialsRef *CredentialsReference `json:"credentialsRef,omitempty"`
}
ZoneRulesetSpec defines the desired state of ZoneRuleset
func (*ZoneRulesetSpec) DeepCopy ¶ added in v0.20.0
func (in *ZoneRulesetSpec) DeepCopy() *ZoneRulesetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetSpec.
func (*ZoneRulesetSpec) DeepCopyInto ¶ added in v0.20.0
func (in *ZoneRulesetSpec) DeepCopyInto(out *ZoneRulesetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ZoneRulesetState ¶ added in v0.20.0
type ZoneRulesetState string
ZoneRulesetState represents the state of the ruleset +kubebuilder:validation:Enum=Pending;Syncing;Ready;Error
const ( // ZoneRulesetStatePending means the ruleset is waiting to be synced ZoneRulesetStatePending ZoneRulesetState = "Pending" // ZoneRulesetStateSyncing means the ruleset is being synced ZoneRulesetStateSyncing ZoneRulesetState = "Syncing" // ZoneRulesetStateReady means the ruleset is synced and ready ZoneRulesetStateReady ZoneRulesetState = "Ready" // ZoneRulesetStateError means there was an error with the ruleset ZoneRulesetStateError ZoneRulesetState = "Error" )
type ZoneRulesetStatus ¶ added in v0.20.0
type ZoneRulesetStatus struct {
// Conditions represent the latest available observations
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the most recent generation observed
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// State represents the current state of the ruleset
// +optional
State ZoneRulesetState `json:"state,omitempty"`
// RulesetID is the Cloudflare ruleset ID
// +optional
RulesetID string `json:"rulesetId,omitempty"`
// RulesetVersion is the current ruleset version
// +optional
RulesetVersion string `json:"rulesetVersion,omitempty"`
// ZoneID is the Cloudflare zone ID
// +optional
ZoneID string `json:"zoneId,omitempty"`
// RuleCount is the number of rules in the ruleset
// +optional
RuleCount int `json:"ruleCount,omitempty"`
// LastUpdated is the last time the ruleset was updated
// +optional
LastUpdated *metav1.Time `json:"lastUpdated,omitempty"`
// Message provides additional information about the current state
// +optional
Message string `json:"message,omitempty"`
}
ZoneRulesetStatus defines the observed state of ZoneRuleset
func (*ZoneRulesetStatus) DeepCopy ¶ added in v0.20.0
func (in *ZoneRulesetStatus) DeepCopy() *ZoneRulesetStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneRulesetStatus.
func (*ZoneRulesetStatus) DeepCopyInto ¶ added in v0.20.0
func (in *ZoneRulesetStatus) DeepCopyInto(out *ZoneRulesetStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
¶
- accessapplication_types.go
- accessgroup_types.go
- accessidentityprovider_types.go
- accessservicetoken_types.go
- cloudflarecredentials_types.go
- cloudflaredomain_config_types.go
- cloudflaredomain_types.go
- clustertunnel_conversion.go
- clustertunnel_types.go
- deviceposturerule_types.go
- devicesettingspolicy_types.go
- dnsrecord_types.go
- domainregistration_types.go
- gatewayconfiguration_types.go
- gatewaylist_types.go
- gatewayrule_types.go
- groupversion_info.go
- networkroute_types.go
- origincacertificate_types.go
- privateservice_types.go
- r2bucket_types.go
- r2bucketdomain_types.go
- r2bucketnotification_types.go
- redirectrule_types.go
- transformrule_types.go
- tunnel_conversion.go
- tunnel_types.go
- tunnelgatewayclassconfig_types.go
- tunnelingressclassconfig_types.go
- virtualnetwork_types.go
- warpconnector_types.go
- zoneruleset_types.go
- zz_generated.deepcopy.go