v1alpha1

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

api/v1alpha1/common_types.go

Package v1alpha1 contains API Schema definitions for the cloudflare v1alpha1 API group. +kubebuilder:object:generate=true +groupName=cloudflare.io

Index

Constants

View Source 
const (
	ConditionTypeReady                = "Ready"
	ConditionTypeValid                = "Valid"
	ConditionTypeTunnelAccepted       = "TunnelAccepted"
	ConditionTypeConflict             = "Conflict"
	ConditionTypeConnectorReady       = "ConnectorReady"
	ConditionTypeIngressConfigured    = "IngressConfigured"
	ConditionTypeSSLApplied           = "SSLApplied"
	ConditionTypeSecurityApplied      = "SecurityApplied"
	ConditionTypePerformanceApplied   = "PerformanceApplied"
	ConditionTypeNetworkApplied       = "NetworkApplied"
	ConditionTypeBotManagementApplied = "BotManagementApplied"
)

Condition type constants used across all CRDs.

View Source 
const (
	ReasonReconciling       = "Reconciling"
	ReasonReconcileSuccess  = "ReconcileSuccess"
	ReasonReconcileError    = "ReconcileError"
	ReasonCloudflareError   = "CloudflareAPIError"
	ReasonSecretNotFound    = "SecretNotFound"
	ReasonInvalidSpec       = "InvalidSpec"
	ReasonDeletingResource  = "DeletingResource"
	ReasonIPResolutionError = "IPResolutionError"
	ReasonZonePending       = "ZonePending"
	ReasonZoneNotActive     = "ZoneNotActive"
	ReasonZoneRefNotReady   = "ZoneRefNotReady"

	// Added for Gateway API source + tunnel runtime (v1).
	ReasonInvalidAnnotation       = "InvalidAnnotation"
	ReasonNoMatchingZone          = "NoMatchingZone"
	ReasonAmbiguousZone           = "AmbiguousZone"
	ReasonTunnelNotFound          = "TunnelNotFound"
	ReasonTunnelNotReady          = "TunnelNotReady"
	ReasonGatewayAddressNotReady  = "GatewayAddressNotReady"
	ReasonRecordOwnershipConflict = "RecordOwnershipConflict"
	ReasonTxtRegistryGap          = "TxtRegistryGap"
	// ReasonTxtDecryptFailed is retained as a placeholder for the encryption
	// code path that is in-tree but not yet active. Do not remove.
	ReasonTxtDecryptFailed  = "TxtDecryptFailed"
	ReasonRecordAdopted     = "RecordAdopted"
	ReasonDNSReconciled     = "DNSReconciled"
	ReasonDuplicateHostname = "DuplicateHostname"
	ReasonApplied           = "Applied"
	ReasonNotConfigured     = "NotConfigured"
	ReasonPermissionDenied  = "PermissionDenied"
	ReasonPartialApply      = "PartialApply"
)

Condition reason constants.

View Source 
const (
	DNSRecordTypeA     = "A"
	DNSRecordTypeAAAA  = "AAAA"
	DNSRecordTypeCNAME = "CNAME"
	DNSRecordTypeSRV   = "SRV"
	DNSRecordTypeMX    = "MX"
	DNSRecordTypeTXT   = "TXT"
	DNSRecordTypeNS    = "NS"
)

DNS record type constants (mirrors the kubebuilder enum on CloudflareDNSRecordSpec.Type).

View Source 
const (
	ZoneStatusInitializing = "initializing"
	ZoneStatusPending      = "pending"
	ZoneStatusActive       = "active"
	ZoneStatusMoved        = "moved"
)

Zone status values returned by the Cloudflare API.

View Source 
const (
	DeletionPolicyRetain = "Retain"
	DeletionPolicyDelete = "Delete"
)

DeletionPolicy values for CloudflareZone.Spec.DeletionPolicy.

View Source 
const FinalizerName = "cloudflare.io/finalizer"

FinalizerName is the finalizer used by all cloudflare-operator controllers.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "cloudflare.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type BotManagementSettings 

type BotManagementSettings struct {
	// EnableJS enables JavaScript detections.
	// +optional
	EnableJS *bool `json:"enableJS,omitempty"`

	// FightMode enables bot fight mode.
	// +optional
	FightMode *bool `json:"fightMode,omitempty"`
}

BotManagementSettings defines bot management settings for a Cloudflare zone.

Configuring this section requires the Zone:Bot Management:Edit scope on the API token and a Cloudflare plan that supports bot management. On Free plans this section's API call returns 403; the controller will surface that on the BotManagementApplied condition with reason=PermissionDenied without preventing other groups (ssl / security / performance / network) from being applied.

func (*BotManagementSettings) DeepCopy 

func (in *BotManagementSettings) DeepCopy() *BotManagementSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BotManagementSettings.

func (*BotManagementSettings) DeepCopyInto 

func (in *BotManagementSettings) DeepCopyInto(out *BotManagementSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDNSRecord 

type CloudflareDNSRecord struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of CloudflareDNSRecord
	// +required
	Spec CloudflareDNSRecordSpec `json:"spec"`

	// status defines the observed state of CloudflareDNSRecord
	// +optional
	Status CloudflareDNSRecordStatus `json:"status,omitzero"`
}

CloudflareDNSRecord is the Schema for the cloudflarednsrecords API

func (*CloudflareDNSRecord) DeepCopy 

func (in *CloudflareDNSRecord) DeepCopy() *CloudflareDNSRecord

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDNSRecord.

func (*CloudflareDNSRecord) DeepCopyInto 

func (in *CloudflareDNSRecord) DeepCopyInto(out *CloudflareDNSRecord)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareDNSRecord) DeepCopyObject 

func (in *CloudflareDNSRecord) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*CloudflareDNSRecord) GetZoneID added in v0.4.0 

func (r *CloudflareDNSRecord) GetZoneID() string

GetZoneID returns the inline Cloudflare zone ID (may be empty).

func (*CloudflareDNSRecord) GetZoneRef added in v0.4.0 

func (r *CloudflareDNSRecord) GetZoneRef() *ZoneReference

GetZoneRef returns the optional reference to a CloudflareZone CR.

type CloudflareDNSRecordList 

type CloudflareDNSRecordList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareDNSRecord `json:"items"`
}

CloudflareDNSRecordList contains a list of CloudflareDNSRecord

func (*CloudflareDNSRecordList) DeepCopy 

func (in *CloudflareDNSRecordList) DeepCopy() *CloudflareDNSRecordList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDNSRecordList.

func (*CloudflareDNSRecordList) DeepCopyInto 

func (in *CloudflareDNSRecordList) DeepCopyInto(out *CloudflareDNSRecordList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareDNSRecordList) DeepCopyObject 

func (in *CloudflareDNSRecordList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareDNSRecordSpec 

type CloudflareDNSRecordSpec struct {
	// ZoneID is the Cloudflare Zone ID.
	// Mutually exclusive with ZoneRef.
	// +optional
	// +kubebuilder:validation:MinLength=1
	ZoneID string `json:"zoneID,omitempty"`

	// ZoneRef references a CloudflareZone resource in the same namespace.
	// The controller resolves the zone ID from the referenced resource's status.
	// Mutually exclusive with ZoneID.
	// +optional
	ZoneRef *ZoneReference `json:"zoneRef,omitempty"`

	// Name is the DNS record name (e.g., "example.com", "sub.example.com").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Type is the DNS record type.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=A;AAAA;CNAME;SRV;MX;TXT;NS
	Type string `json:"type"`

	// Content is the record content (IP address, hostname, etc.).
	// Mutually exclusive with DynamicIP.
	// +optional
	Content *string `json:"content,omitempty"`

	// DynamicIP enables automatic external IP resolution for this record.
	// Only valid for type A. Mutually exclusive with Content.
	// +optional
	DynamicIP bool `json:"dynamicIP,omitempty"`

	// TTL is the time-to-live in seconds. Use 1 for automatic.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	// +optional
	TTL int `json:"ttl,omitempty"`

	// Proxied indicates whether the record is proxied through Cloudflare.
	// +optional
	Proxied *bool `json:"proxied,omitempty"`

	// SRVData contains SRV-specific record data.
	// Required when Type is SRV.
	// +optional
	SRVData *SRVData `json:"srvData,omitempty"`

	// Priority is the record priority (used for MX and SRV records).
	// +optional
	Priority *int `json:"priority,omitempty"`

	// SecretRef references a Secret containing Cloudflare API credentials.
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// Interval is the reconciliation interval for drift detection.
	// +kubebuilder:default="5m"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`
}

CloudflareDNSRecordSpec defines the desired state of a Cloudflare DNS record.

func (*CloudflareDNSRecordSpec) DeepCopy 

func (in *CloudflareDNSRecordSpec) DeepCopy() *CloudflareDNSRecordSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDNSRecordSpec.

func (*CloudflareDNSRecordSpec) DeepCopyInto 

func (in *CloudflareDNSRecordSpec) DeepCopyInto(out *CloudflareDNSRecordSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareDNSRecordStatus 

type CloudflareDNSRecordStatus struct {
	// Conditions represent the latest available observations of the resource's state.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// RecordID is the Cloudflare DNS record ID.
	// +optional
	RecordID string `json:"recordID,omitempty"`

	// CurrentContent is the current content/value of the DNS record in Cloudflare.
	// +optional
	CurrentContent string `json:"currentContent,omitempty"`

	// LastSyncedAt is the last time the record was successfully synced.
	// +optional
	LastSyncedAt *metav1.Time `json:"lastSyncedAt,omitempty"`

	// ObservedGeneration is the most recently observed generation of the CR.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareDNSRecordStatus defines the observed state of a CloudflareDNSRecord.

func (*CloudflareDNSRecordStatus) DeepCopy 

func (in *CloudflareDNSRecordStatus) DeepCopy() *CloudflareDNSRecordStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareDNSRecordStatus.

func (*CloudflareDNSRecordStatus) DeepCopyInto 

func (in *CloudflareDNSRecordStatus) DeepCopyInto(out *CloudflareDNSRecordStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareRuleset 

type CloudflareRuleset struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of CloudflareRuleset
	// +required
	Spec CloudflareRulesetSpec `json:"spec"`

	// status defines the observed state of CloudflareRuleset
	// +optional
	Status CloudflareRulesetStatus `json:"status,omitzero"`
}

CloudflareRuleset is the Schema for the cloudflarerulesets API

func (*CloudflareRuleset) DeepCopy 

func (in *CloudflareRuleset) DeepCopy() *CloudflareRuleset

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareRuleset.

func (*CloudflareRuleset) DeepCopyInto 

func (in *CloudflareRuleset) DeepCopyInto(out *CloudflareRuleset)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareRuleset) DeepCopyObject 

func (in *CloudflareRuleset) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*CloudflareRuleset) GetZoneID added in v0.4.0 

func (r *CloudflareRuleset) GetZoneID() string

GetZoneID returns the inline Cloudflare zone ID (may be empty).

func (*CloudflareRuleset) GetZoneRef added in v0.4.0 

func (r *CloudflareRuleset) GetZoneRef() *ZoneReference

GetZoneRef returns the optional reference to a CloudflareZone CR.

type CloudflareRulesetList 

type CloudflareRulesetList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareRuleset `json:"items"`
}

CloudflareRulesetList contains a list of CloudflareRuleset

func (*CloudflareRulesetList) DeepCopy 

func (in *CloudflareRulesetList) DeepCopy() *CloudflareRulesetList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareRulesetList.

func (*CloudflareRulesetList) DeepCopyInto 

func (in *CloudflareRulesetList) DeepCopyInto(out *CloudflareRulesetList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareRulesetList) DeepCopyObject 

func (in *CloudflareRulesetList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareRulesetSpec 

type CloudflareRulesetSpec struct {
	// ZoneID is the Cloudflare Zone ID.
	// Mutually exclusive with ZoneRef.
	// +optional
	// +kubebuilder:validation:MinLength=1
	ZoneID string `json:"zoneID,omitempty"`

	// ZoneRef references a CloudflareZone resource in the same namespace.
	// The controller resolves the zone ID from the referenced resource's status.
	// Mutually exclusive with ZoneID.
	// +optional
	ZoneRef *ZoneReference `json:"zoneRef,omitempty"`

	// Name is the human-readable name for the ruleset.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Description is an informative description of the ruleset.
	// +optional
	Description string `json:"description,omitempty"`

	// Phase is the phase of the ruleset.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=http_request_firewall_custom;http_request_firewall_managed;http_request_late_transform;http_request_redirect;http_request_transform;http_response_headers_transform;http_response_firewall_managed;http_config_settings;http_custom_errors;http_ratelimit;http_request_cache_settings;http_request_origin;http_request_dynamic_redirect;http_response_compression
	Phase string `json:"phase"`

	// Rules is the list of rules in the ruleset.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Rules []RulesetRuleSpec `json:"rules"`

	// SecretRef references a Secret containing Cloudflare API credentials.
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// Interval is the reconciliation interval.
	// +kubebuilder:default="30m"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`
}

CloudflareRulesetSpec defines the desired state of CloudflareRuleset.

func (*CloudflareRulesetSpec) DeepCopy 

func (in *CloudflareRulesetSpec) DeepCopy() *CloudflareRulesetSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareRulesetSpec.

func (*CloudflareRulesetSpec) DeepCopyInto 

func (in *CloudflareRulesetSpec) DeepCopyInto(out *CloudflareRulesetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareRulesetStatus 

type CloudflareRulesetStatus struct {
	// Conditions represent the latest available observations of the resource's state.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// RulesetID is the Cloudflare Ruleset ID.
	// +optional
	RulesetID string `json:"rulesetID,omitempty"`

	// RuleCount is the number of rules in the ruleset.
	// +optional
	RuleCount int `json:"ruleCount,omitempty"`

	// LastSyncedAt is the last time the ruleset was successfully synced.
	// +optional
	LastSyncedAt *metav1.Time `json:"lastSyncedAt,omitempty"`

	// ObservedGeneration is the most recently observed generation of the CR.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareRulesetStatus defines the observed state of CloudflareRuleset.

func (*CloudflareRulesetStatus) DeepCopy 

func (in *CloudflareRulesetStatus) DeepCopy() *CloudflareRulesetStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareRulesetStatus.

func (*CloudflareRulesetStatus) DeepCopyInto 

func (in *CloudflareRulesetStatus) DeepCopyInto(out *CloudflareRulesetStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareTunnel 

type CloudflareTunnel struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of CloudflareTunnel
	// +required
	Spec CloudflareTunnelSpec `json:"spec"`

	// status defines the observed state of CloudflareTunnel
	// +optional
	Status CloudflareTunnelStatus `json:"status,omitzero"`
}

CloudflareTunnel is the Schema for the cloudflaretunnels API

func (*CloudflareTunnel) DeepCopy 

func (in *CloudflareTunnel) DeepCopy() *CloudflareTunnel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnel.

func (*CloudflareTunnel) DeepCopyInto 

func (in *CloudflareTunnel) DeepCopyInto(out *CloudflareTunnel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareTunnel) DeepCopyObject 

func (in *CloudflareTunnel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareTunnelList 

type CloudflareTunnelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareTunnel `json:"items"`
}

CloudflareTunnelList contains a list of CloudflareTunnel

func (*CloudflareTunnelList) DeepCopy 

func (in *CloudflareTunnelList) DeepCopy() *CloudflareTunnelList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelList.

func (*CloudflareTunnelList) DeepCopyInto 

func (in *CloudflareTunnelList) DeepCopyInto(out *CloudflareTunnelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareTunnelList) DeepCopyObject 

func (in *CloudflareTunnelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareTunnelRule added in v0.6.0 

type CloudflareTunnelRule struct {
	metav1.TypeMeta `json:",inline"`

	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// +required
	Spec CloudflareTunnelRuleSpec `json:"spec"`

	// +optional
	Status CloudflareTunnelRuleStatus `json:"status,omitzero"`
}

CloudflareTunnelRule is the Schema for the cloudflaretunnelrules API.

func (*CloudflareTunnelRule) DeepCopy added in v0.6.0 

func (in *CloudflareTunnelRule) DeepCopy() *CloudflareTunnelRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelRule.

func (*CloudflareTunnelRule) DeepCopyInto added in v0.6.0 

func (in *CloudflareTunnelRule) DeepCopyInto(out *CloudflareTunnelRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareTunnelRule) DeepCopyObject added in v0.6.0 

func (in *CloudflareTunnelRule) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareTunnelRuleList added in v0.6.0 

type CloudflareTunnelRuleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareTunnelRule `json:"items"`
}

CloudflareTunnelRuleList contains a list of CloudflareTunnelRule.

func (*CloudflareTunnelRuleList) DeepCopy added in v0.6.0 

func (in *CloudflareTunnelRuleList) DeepCopy() *CloudflareTunnelRuleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelRuleList.

func (*CloudflareTunnelRuleList) DeepCopyInto added in v0.6.0 

func (in *CloudflareTunnelRuleList) DeepCopyInto(out *CloudflareTunnelRuleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareTunnelRuleList) DeepCopyObject added in v0.6.0 

func (in *CloudflareTunnelRuleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareTunnelRuleSpec added in v0.6.0 

type CloudflareTunnelRuleSpec struct {
	// TunnelRef points at the CloudflareTunnel this rule attaches to.
	// +kubebuilder:validation:Required
	TunnelRef TunnelReference `json:"tunnelRef"`

	// Hostnames that cloudflared should route to the Backend. At least one
	// is required; order is preserved within the aggregated ingress list.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Hostnames []string `json:"hostnames"`

	// Backend describes where traffic for these hostnames flows.
	// +kubebuilder:validation:Required
	Backend TunnelRuleBackend `json:"backend"`

	// OriginRequest pass-through options.
	// +optional
	OriginRequest *TunnelRuleOriginRequest `json:"originRequest,omitempty"`

	// SourceRef identifies the source that produced this rule. Present on
	// operator-emitted rules; absent on hand-authored rules.
	// +optional
	SourceRef *TunnelRuleSourceRef `json:"sourceRef,omitempty"`

	// Priority determines evaluation order within the aggregated ingress list.
	// Higher values are evaluated first. Default 100; ties broken by
	// metadata.name ascending.
	// +kubebuilder:default=100
	// +optional
	Priority int `json:"priority"`
}

CloudflareTunnelRuleSpec defines one cloudflared ingress rule (or group of rules sharing a backend) that attaches to a CloudflareTunnel.

func (*CloudflareTunnelRuleSpec) DeepCopy added in v0.6.0 

func (in *CloudflareTunnelRuleSpec) DeepCopy() *CloudflareTunnelRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelRuleSpec.

func (*CloudflareTunnelRuleSpec) DeepCopyInto added in v0.6.0 

func (in *CloudflareTunnelRuleSpec) DeepCopyInto(out *CloudflareTunnelRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareTunnelRuleStatus added in v0.6.0 

type CloudflareTunnelRuleStatus struct {
	// Conditions: Valid, TunnelAccepted, Conflict. Written by the
	// CloudflareTunnel controller during aggregation.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ResolvedBackend is the URL cloudflared was configured with for this
	// rule. Populated after the tunnel controller renders a config.
	// +optional
	ResolvedBackend string `json:"resolvedBackend,omitempty"`

	// AppliedToConfigHash records the tunnel's config-hash at the last time
	// this rule was included. Useful for debugging drift.
	// +optional
	AppliedToConfigHash string `json:"appliedToConfigHash,omitempty"`

	// ObservedGeneration is the most recently observed generation.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareTunnelRuleStatus is the observed state.

func (*CloudflareTunnelRuleStatus) DeepCopy added in v0.6.0 

func (in *CloudflareTunnelRuleStatus) DeepCopy() *CloudflareTunnelRuleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelRuleStatus.

func (*CloudflareTunnelRuleStatus) DeepCopyInto added in v0.6.0 

func (in *CloudflareTunnelRuleStatus) DeepCopyInto(out *CloudflareTunnelRuleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareTunnelSpec 

type CloudflareTunnelSpec struct {
	// Name is the tunnel name in Cloudflare.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// SecretRef references a Secret containing Cloudflare API credentials.
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// GeneratedSecretName is the name of the Secret to create with tunnel
	// credentials.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	GeneratedSecretName string `json:"generatedSecretName"`

	// Interval is the reconciliation interval.
	// +kubebuilder:default="30m"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`

	// Connector configures an operator-managed cloudflared workload for this
	// tunnel. When disabled (default), users run cloudflared themselves.
	// +optional
	Connector *ConnectorSpec `json:"connector,omitempty"`

	// Routing configures tunnel-wide defaults for cloudflared ingress:
	// the default backend (for traffic no CloudflareTunnelRule matches) and
	// originRequest defaults applied to all rules.
	// +optional
	Routing *TunnelRoutingSpec `json:"routing,omitempty"`
}

CloudflareTunnelSpec defines the desired state of a Cloudflare Tunnel.

func (*CloudflareTunnelSpec) DeepCopy 

func (in *CloudflareTunnelSpec) DeepCopy() *CloudflareTunnelSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelSpec.

func (*CloudflareTunnelSpec) DeepCopyInto 

func (in *CloudflareTunnelSpec) DeepCopyInto(out *CloudflareTunnelSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareTunnelStatus 

type CloudflareTunnelStatus struct {
	// Conditions: Ready, ConnectorReady, IngressConfigured.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// TunnelID is the Cloudflare Tunnel ID.
	// +optional
	TunnelID string `json:"tunnelID,omitempty"`

	// TunnelCNAME is the CNAME for the tunnel (tunnelID.cfargotunnel.com).
	// +optional
	TunnelCNAME string `json:"tunnelCNAME,omitempty"`

	// CredentialsSecretName is the name of the generated credentials Secret.
	// +optional
	CredentialsSecretName string `json:"credentialsSecretName,omitempty"`

	// Connector reflects the state of the operator-managed cloudflared
	// Deployment (when spec.connector.enabled=true).
	// +optional
	Connector *ConnectorStatus `json:"connector,omitempty"`

	// LastSyncedAt is the last time the tunnel was successfully synced.
	// +optional
	LastSyncedAt *metav1.Time `json:"lastSyncedAt,omitempty"`

	// ObservedGeneration is the most recently observed generation.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareTunnelStatus defines the observed state of a CloudflareTunnel.

func (*CloudflareTunnelStatus) DeepCopy 

func (in *CloudflareTunnelStatus) DeepCopy() *CloudflareTunnelStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareTunnelStatus.

func (*CloudflareTunnelStatus) DeepCopyInto 

func (in *CloudflareTunnelStatus) DeepCopyInto(out *CloudflareTunnelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareZone 

type CloudflareZone struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of CloudflareZone
	// +required
	Spec CloudflareZoneSpec `json:"spec"`

	// status defines the observed state of CloudflareZone
	// +optional
	Status CloudflareZoneStatus `json:"status,omitzero"`
}

CloudflareZone is the Schema for the cloudflarezones API

func (*CloudflareZone) DeepCopy 

func (in *CloudflareZone) DeepCopy() *CloudflareZone

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZone.

func (*CloudflareZone) DeepCopyInto 

func (in *CloudflareZone) DeepCopyInto(out *CloudflareZone)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareZone) DeepCopyObject 

func (in *CloudflareZone) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareZoneConfig 

type CloudflareZoneConfig struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of CloudflareZoneConfig
	// +required
	Spec CloudflareZoneConfigSpec `json:"spec"`

	// status defines the observed state of CloudflareZoneConfig
	// +optional
	Status CloudflareZoneConfigStatus `json:"status,omitzero"`
}

CloudflareZoneConfig is the Schema for the cloudflarezoneconfigs API

func (*CloudflareZoneConfig) DeepCopy 

func (in *CloudflareZoneConfig) DeepCopy() *CloudflareZoneConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneConfig.

func (*CloudflareZoneConfig) DeepCopyInto 

func (in *CloudflareZoneConfig) DeepCopyInto(out *CloudflareZoneConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareZoneConfig) DeepCopyObject 

func (in *CloudflareZoneConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*CloudflareZoneConfig) GetZoneID added in v0.4.0 

func (r *CloudflareZoneConfig) GetZoneID() string

GetZoneID returns the inline Cloudflare zone ID (may be empty).

func (*CloudflareZoneConfig) GetZoneRef added in v0.4.0 

func (r *CloudflareZoneConfig) GetZoneRef() *ZoneReference

GetZoneRef returns the optional reference to a CloudflareZone CR.

type CloudflareZoneConfigList 

type CloudflareZoneConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareZoneConfig `json:"items"`
}

CloudflareZoneConfigList contains a list of CloudflareZoneConfig

func (*CloudflareZoneConfigList) DeepCopy 

func (in *CloudflareZoneConfigList) DeepCopy() *CloudflareZoneConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneConfigList.

func (*CloudflareZoneConfigList) DeepCopyInto 

func (in *CloudflareZoneConfigList) DeepCopyInto(out *CloudflareZoneConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareZoneConfigList) DeepCopyObject 

func (in *CloudflareZoneConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareZoneConfigSpec 

type CloudflareZoneConfigSpec struct {
	// ZoneID is the Cloudflare Zone ID.
	// Mutually exclusive with ZoneRef.
	// +optional
	// +kubebuilder:validation:MinLength=1
	ZoneID string `json:"zoneID,omitempty"`

	// ZoneRef references a CloudflareZone resource in the same namespace.
	// The controller resolves the zone ID from the referenced resource's status.
	// Mutually exclusive with ZoneID.
	// +optional
	ZoneRef *ZoneReference `json:"zoneRef,omitempty"`

	// SecretRef references a Secret containing Cloudflare API credentials.
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// Interval is the reconciliation interval.
	// +kubebuilder:default="30m"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`

	// SSL defines SSL/TLS settings for the zone.
	// +optional
	SSL *SSLSettings `json:"ssl,omitempty"`

	// Security defines security settings for the zone.
	// +optional
	Security *SecuritySettings `json:"security,omitempty"`

	// Performance defines performance settings for the zone.
	// +optional
	Performance *PerformanceSettings `json:"performance,omitempty"`

	// Network defines network settings for the zone.
	// +optional
	Network *NetworkSettings `json:"network,omitempty"`

	// BotManagement defines bot management settings for the zone.
	// +optional
	BotManagement *BotManagementSettings `json:"botManagement,omitempty"`
}

CloudflareZoneConfigSpec defines the desired state of CloudflareZoneConfig.

func (*CloudflareZoneConfigSpec) DeepCopy 

func (in *CloudflareZoneConfigSpec) DeepCopy() *CloudflareZoneConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneConfigSpec.

func (*CloudflareZoneConfigSpec) DeepCopyInto 

func (in *CloudflareZoneConfigSpec) DeepCopyInto(out *CloudflareZoneConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareZoneConfigStatus 

type CloudflareZoneConfigStatus struct {
	// Conditions represent the latest available observations of the resource's state.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ZoneID is the resolved Cloudflare Zone ID, populated regardless of
	// whether the spec used zoneID or zoneRef.
	// +optional
	ZoneID string `json:"zoneID,omitempty"`

	// AppliedSpecHash is a hash of the settings-relevant spec fields the last
	// time reconciliation successfully applied them. When the current hash
	// matches, the controller skips the per-setting API calls.
	// +optional
	AppliedSpecHash string `json:"appliedSpecHash,omitempty"`

	// LastSyncedAt is the last time the zone config was successfully synced.
	// +optional
	LastSyncedAt *metav1.Time `json:"lastSyncedAt,omitempty"`

	// ObservedGeneration is the most recently observed generation of the CR.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareZoneConfigStatus defines the observed state of CloudflareZoneConfig.

func (*CloudflareZoneConfigStatus) DeepCopy 

func (in *CloudflareZoneConfigStatus) DeepCopy() *CloudflareZoneConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneConfigStatus.

func (*CloudflareZoneConfigStatus) DeepCopyInto 

func (in *CloudflareZoneConfigStatus) DeepCopyInto(out *CloudflareZoneConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareZoneList 

type CloudflareZoneList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []CloudflareZone `json:"items"`
}

CloudflareZoneList contains a list of CloudflareZone

func (*CloudflareZoneList) DeepCopy 

func (in *CloudflareZoneList) DeepCopy() *CloudflareZoneList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneList.

func (*CloudflareZoneList) DeepCopyInto 

func (in *CloudflareZoneList) DeepCopyInto(out *CloudflareZoneList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CloudflareZoneList) DeepCopyObject 

func (in *CloudflareZoneList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CloudflareZoneSpec 

type CloudflareZoneSpec struct {
	// Name is the domain name to onboard (e.g., "example.com").
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Type is the zone type. "full" means Cloudflare is the authoritative DNS.
	// "partial" is a CNAME setup. Immutable after creation.
	// +kubebuilder:validation:Enum=full;partial;secondary
	// +kubebuilder:default="full"
	// +optional
	Type string `json:"type,omitempty"`

	// Paused indicates whether the zone is paused (not serving traffic through Cloudflare).
	// +optional
	Paused *bool `json:"paused,omitempty"`

	// DeletionPolicy controls what happens when the CR is deleted.
	// "Retain" (default) leaves the zone in Cloudflare.
	// "Delete" removes the zone from Cloudflare.
	// +kubebuilder:validation:Enum=Retain;Delete
	// +kubebuilder:default="Retain"
	// +optional
	DeletionPolicy string `json:"deletionPolicy,omitempty"`

	// SecretRef references a Secret containing Cloudflare API credentials.
	// +kubebuilder:validation:Required
	SecretRef SecretReference `json:"secretRef"`

	// Interval is the reconciliation interval.
	// +kubebuilder:default="30m"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`
}

CloudflareZoneSpec defines the desired state of a Cloudflare Zone.

func (*CloudflareZoneSpec) DeepCopy 

func (in *CloudflareZoneSpec) DeepCopy() *CloudflareZoneSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneSpec.

func (*CloudflareZoneSpec) DeepCopyInto 

func (in *CloudflareZoneSpec) DeepCopyInto(out *CloudflareZoneSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudflareZoneStatus 

type CloudflareZoneStatus struct {
	// Conditions represent the latest available observations.
	// +listType=map
	// +listMapKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ZoneID is the Cloudflare Zone ID.
	// +optional
	ZoneID string `json:"zoneID,omitempty"`

	// Status is the zone status in Cloudflare (initializing, pending, active, moved).
	// +optional
	Status string `json:"status,omitempty"`

	// NameServers are the Cloudflare-assigned nameservers for this zone.
	// Update your registrar's NS records to these values to activate the zone.
	// +optional
	NameServers []string `json:"nameServers,omitempty"`

	// OriginalNameServers are the nameservers before migration to Cloudflare.
	// +optional
	OriginalNameServers []string `json:"originalNameServers,omitempty"`

	// OriginalRegistrar is the registrar at the time of onboarding.
	// +optional
	OriginalRegistrar string `json:"originalRegistrar,omitempty"`

	// ActivatedOn is the time the zone became active.
	// +optional
	ActivatedOn *metav1.Time `json:"activatedOn,omitempty"`

	// LastSyncedAt is the last time the zone was successfully synced.
	// +optional
	LastSyncedAt *metav1.Time `json:"lastSyncedAt,omitempty"`

	// ObservedGeneration is the most recently observed generation.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
}

CloudflareZoneStatus defines the observed state of a CloudflareZone.

func (*CloudflareZoneStatus) DeepCopy 

func (in *CloudflareZoneStatus) DeepCopy() *CloudflareZoneStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudflareZoneStatus.

func (*CloudflareZoneStatus) DeepCopyInto 

func (in *CloudflareZoneStatus) DeepCopyInto(out *CloudflareZoneStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConnectorImage added in v0.6.0 

type ConnectorImage struct {
	// Repository is the container image repository, for example
	// "docker.io/cloudflare/cloudflared". Defaults to the upstream
	// Cloudflare image.
	// +kubebuilder:default="docker.io/cloudflare/cloudflared"
	// +optional
	Repository string `json:"repository"`

	// Tag is the image tag. When omitted, the operator uses a
	// compile-time default bumped per operator release.
	// +optional
	Tag string `json:"tag,omitempty"`
}

ConnectorImage specifies the cloudflared container image.

func (*ConnectorImage) DeepCopy added in v0.6.0 

func (in *ConnectorImage) DeepCopy() *ConnectorImage

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorImage.

func (*ConnectorImage) DeepCopyInto added in v0.6.0 

func (in *ConnectorImage) DeepCopyInto(out *ConnectorImage)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConnectorSpec added in v0.6.0 

type ConnectorSpec struct {
	// Enabled toggles whether the operator creates a cloudflared Deployment.
	// +kubebuilder:default=false
	// +optional
	Enabled bool `json:"enabled"`

	// Replicas is the desired pod count.
	// +kubebuilder:default=2
	// +kubebuilder:validation:Minimum=1
	// +optional
	Replicas int32 `json:"replicas"`

	// Image specifies the cloudflared container image. When omitted, the
	// operator uses a compile-time default bumped per operator release.
	// +optional
	Image *ConnectorImage `json:"image,omitempty"`

	// Resources are the container resource requests/limits.
	// +optional
	Resources corev1.ResourceRequirements `json:"resources,omitempty"`

	// NodeSelector is a pass-through to the pod spec.
	// +optional
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// Tolerations is a pass-through to the pod spec.
	// +optional
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`

	// Affinity is a pass-through to the pod spec.
	// +optional
	Affinity *corev1.Affinity `json:"affinity,omitempty"`

	// TopologySpreadConstraints is a pass-through to the pod spec.
	// +optional
	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
}

ConnectorSpec configures the operator-managed cloudflared Deployment.

func (*ConnectorSpec) DeepCopy added in v0.6.0 

func (in *ConnectorSpec) DeepCopy() *ConnectorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorSpec.

func (*ConnectorSpec) DeepCopyInto added in v0.6.0 

func (in *ConnectorSpec) DeepCopyInto(out *ConnectorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConnectorStatus added in v0.6.0 

type ConnectorStatus struct {
	// Replicas is the desired pod count from the spec at last render.
	// +optional
	Replicas int32 `json:"replicas,omitempty"`

	// ReadyReplicas mirrors Deployment.status.readyReplicas.
	// +optional
	ReadyReplicas int32 `json:"readyReplicas,omitempty"`

	// ConfigHash is the sha256 hash of the rendered cloudflared config.yaml.
	// +optional
	ConfigHash string `json:"configHash,omitempty"`

	// Image is the image reference actually running.
	// +optional
	Image string `json:"image,omitempty"`
}

ConnectorStatus reports on the operator-managed cloudflared workload.

func (*ConnectorStatus) DeepCopy added in v0.6.0 

func (in *ConnectorStatus) DeepCopy() *ConnectorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorStatus.

func (*ConnectorStatus) DeepCopyInto added in v0.6.0 

func (in *ConnectorStatus) DeepCopyInto(out *ConnectorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MinifySettings 

type MinifySettings struct {
	// CSS enables CSS minification.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	CSS *string `json:"css,omitempty"`

	// HTML enables HTML minification.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	HTML *string `json:"html,omitempty"`

	// JS enables JavaScript minification.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	JS *string `json:"js,omitempty"`
}

MinifySettings defines minification settings for CSS, HTML, and JavaScript.

func (*MinifySettings) DeepCopy 

func (in *MinifySettings) DeepCopy() *MinifySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MinifySettings.

func (*MinifySettings) DeepCopyInto 

func (in *MinifySettings) DeepCopyInto(out *MinifySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkSettings 

type NetworkSettings struct {
	// IPv6 enables IPv6 support.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	IPv6 *string `json:"ipv6,omitempty"`

	// WebSockets enables WebSocket support.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	WebSockets *string `json:"websockets,omitempty"`

	// PseudoIPv4 controls Pseudo IPv4 behavior.
	// +kubebuilder:validation:Enum=off;add_header;overwrite_header
	// +optional
	PseudoIPv4 *string `json:"pseudoIPv4,omitempty"`

	// IPGeolocation enables IP geolocation.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	IPGeolocation *string `json:"ipGeolocation,omitempty"`

	// OpportunisticOnion enables onion routing.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	OpportunisticOnion *string `json:"opportunisticOnion,omitempty"`
}

NetworkSettings defines network settings for a Cloudflare zone.

func (*NetworkSettings) DeepCopy 

func (in *NetworkSettings) DeepCopy() *NetworkSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSettings.

func (*NetworkSettings) DeepCopyInto 

func (in *NetworkSettings) DeepCopyInto(out *NetworkSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PerformanceSettings 

type PerformanceSettings struct {
	// CacheLevel controls the cache level.
	// +kubebuilder:validation:Enum=aggressive;basic;simplified
	// +optional
	CacheLevel *string `json:"cacheLevel,omitempty"`

	// BrowserCacheTTL is the browser cache TTL in seconds. 0 means respect existing headers.
	// +kubebuilder:validation:Minimum=0
	// +optional
	BrowserCacheTTL *int `json:"browserCacheTTL,omitempty"`

	// Minify controls minification settings.
	// +optional
	Minify *MinifySettings `json:"minify,omitempty"`

	// Polish controls image optimization.
	// +kubebuilder:validation:Enum=off;lossless;lossy
	// +optional
	Polish *string `json:"polish,omitempty"`

	// Brotli enables brotli compression.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	Brotli *string `json:"brotli,omitempty"`

	// EarlyHints enables early hints.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	EarlyHints *string `json:"earlyHints,omitempty"`

	// HTTP2 enables HTTP/2.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	HTTP2 *string `json:"http2,omitempty"`

	// HTTP3 enables HTTP/3.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	HTTP3 *string `json:"http3,omitempty"`
}

PerformanceSettings defines performance settings for a Cloudflare zone.

func (*PerformanceSettings) DeepCopy 

func (in *PerformanceSettings) DeepCopy() *PerformanceSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceSettings.

func (*PerformanceSettings) DeepCopyInto 

func (in *PerformanceSettings) DeepCopyInto(out *PerformanceSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RulesetRuleSpec 

type RulesetRuleSpec struct {
	// Action is the action to perform when the rule matches.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=block;challenge;js_challenge;managed_challenge;log;skip;execute;redirect;rewrite;route;score;serve_error;set_cache_settings;set_config;compress_response;force_connection_close
	Action string `json:"action"`

	// Expression is the filter expression for the rule.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Expression string `json:"expression"`

	// Description is an informative description of the rule.
	// +optional
	Description string `json:"description,omitempty"`

	// Enabled indicates whether the rule is active.
	// +kubebuilder:default=true
	// +optional
	Enabled *bool `json:"enabled,omitempty"`

	// ActionParameters contains action-specific parameters as free-form JSON.
	// +kubebuilder:pruning:PreserveUnknownFields
	// +kubebuilder:validation:Type=object
	// +optional
	ActionParameters *apiextensionsv1.JSON `json:"actionParameters,omitempty"`
}

RulesetRuleSpec defines a single rule within a Cloudflare Ruleset.

func (*RulesetRuleSpec) DeepCopy 

func (in *RulesetRuleSpec) DeepCopy() *RulesetRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RulesetRuleSpec.

func (*RulesetRuleSpec) DeepCopyInto 

func (in *RulesetRuleSpec) DeepCopyInto(out *RulesetRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SRVData 

type SRVData struct {
	// Service is the SRV service name (e.g., "_satisfactory").
	// +kubebuilder:validation:Required
	Service string `json:"service"`

	// Proto is the SRV protocol.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=_tcp;_udp;_tls
	Proto string `json:"proto"`

	// Priority of the SRV record.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Priority int `json:"priority"`

	// Weight of the SRV record.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Weight int `json:"weight"`

	// Port is the target port.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Port int `json:"port"`

	// Target is the target hostname for the SRV record.
	// +kubebuilder:validation:Required
	Target string `json:"target"`
}

SRVData contains SRV-specific record fields.

func (*SRVData) DeepCopy 

func (in *SRVData) DeepCopy() *SRVData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SRVData.

func (*SRVData) DeepCopyInto 

func (in *SRVData) DeepCopyInto(out *SRVData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSLSettings 

type SSLSettings struct {
	// Mode is the SSL mode.
	// +kubebuilder:validation:Enum=off;flexible;full;strict
	// +optional
	Mode *string `json:"mode,omitempty"`

	// MinTLSVersion is the minimum TLS version.
	// +kubebuilder:validation:Enum="1.0";"1.1";"1.2";"1.3"
	// +optional
	MinTLSVersion *string `json:"minTLSVersion,omitempty"`

	// TLS13 controls TLS 1.3 setting.
	// +kubebuilder:validation:Enum=on;off;zrt
	// +optional
	TLS13 *string `json:"tls13,omitempty"`

	// AlwaysUseHTTPS redirects all HTTP requests to HTTPS.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	AlwaysUseHTTPS *string `json:"alwaysUseHTTPS,omitempty"`

	// AutomaticHTTPSRewrites rewrites HTTP URLs to HTTPS in page content.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	AutomaticHTTPSRewrites *string `json:"automaticHTTPSRewrites,omitempty"`

	// OpportunisticEncryption enables opportunistic encryption.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	OpportunisticEncryption *string `json:"opportunisticEncryption,omitempty"`
}

SSLSettings defines SSL/TLS settings for a Cloudflare zone.

func (*SSLSettings) DeepCopy 

func (in *SSLSettings) DeepCopy() *SSLSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLSettings.

func (*SSLSettings) DeepCopyInto 

func (in *SSLSettings) DeepCopyInto(out *SSLSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretReference 

type SecretReference struct {
	// Name of the Secret.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`
}

SecretReference refers to a Kubernetes Secret containing Cloudflare credentials.

func (*SecretReference) DeepCopy 

func (in *SecretReference) DeepCopy() *SecretReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.

func (*SecretReference) DeepCopyInto 

func (in *SecretReference) DeepCopyInto(out *SecretReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecuritySettings 

type SecuritySettings struct {
	// SecurityLevel controls the security level.
	// +kubebuilder:validation:Enum=essentially_off;low;medium;high;under_attack
	// +optional
	SecurityLevel *string `json:"securityLevel,omitempty"`

	// ChallengeTTL is the challenge TTL in seconds.
	// +kubebuilder:validation:Enum=300;900;1800;2700;3600;7200;10800;14400;28800;57600;86400
	// +optional
	ChallengeTTL *int `json:"challengeTTL,omitempty"`

	// BrowserCheck enables browser integrity check.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	BrowserCheck *string `json:"browserCheck,omitempty"`

	// EmailObfuscation enables email obfuscation.
	// +kubebuilder:validation:Enum=on;off
	// +optional
	EmailObfuscation *string `json:"emailObfuscation,omitempty"`
}

SecuritySettings defines security settings for a Cloudflare zone.

func (*SecuritySettings) DeepCopy 

func (in *SecuritySettings) DeepCopy() *SecuritySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecuritySettings.

func (*SecuritySettings) DeepCopyInto 

func (in *SecuritySettings) DeepCopyInto(out *SecuritySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelReference added in v0.6.0 

type TunnelReference struct {
	// Name of the CloudflareTunnel resource.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Namespace of the CloudflareTunnel. Defaults to the rule's own namespace
	// when empty.
	// +optional
	Namespace string `json:"namespace,omitempty"`
}

TunnelReference identifies a CloudflareTunnel this rule attaches to.

func (*TunnelReference) DeepCopy added in v0.6.0 

func (in *TunnelReference) DeepCopy() *TunnelReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelReference.

func (*TunnelReference) DeepCopyInto added in v0.6.0 

func (in *TunnelReference) DeepCopyInto(out *TunnelReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelRoutingSpec added in v0.6.0 

type TunnelRoutingSpec struct {
	// DefaultBackend handles traffic that no CloudflareTunnelRule matches.
	// Omit to fall through to the auto-appended http_status:404.
	// +optional
	DefaultBackend *TunnelRuleBackend `json:"defaultBackend,omitempty"`

	// OriginRequest defaults applied to all rules unless overridden.
	// +optional
	OriginRequest *TunnelRuleOriginRequest `json:"originRequest,omitempty"`
}

TunnelRoutingSpec configures tunnel-wide routing defaults.

func (*TunnelRoutingSpec) DeepCopy added in v0.6.0 

func (in *TunnelRoutingSpec) DeepCopy() *TunnelRoutingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRoutingSpec.

func (*TunnelRoutingSpec) DeepCopyInto added in v0.6.0 

func (in *TunnelRoutingSpec) DeepCopyInto(out *TunnelRoutingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelRuleBackend added in v0.6.0 

type TunnelRuleBackend struct {
	// ServiceRef routes to a Kubernetes Service by reference. The operator
	// resolves the URL from cluster DNS at render time.
	// +optional
	ServiceRef *TunnelRuleServiceRef `json:"serviceRef,omitempty"`

	// URL is a raw backend URL. Use for sources (Gateway-upstream overrides)
	// where the backend is not expressible as a Service reference.
	// +optional
	URL *string `json:"url,omitempty"`

	// HTTPStatus produces a cloudflared http_status:<code> entry. Use for
	// explicit "reject at this hostname" rules.
	// +optional
	HTTPStatus *int `json:"httpStatus,omitempty"`
}

TunnelRuleBackend is a discriminated union: exactly one of ServiceRef, URL, or HTTPStatus must be set. Enforced via x-kubernetes-validations on CloudflareTunnelRule.

func (*TunnelRuleBackend) DeepCopy added in v0.6.0 

func (in *TunnelRuleBackend) DeepCopy() *TunnelRuleBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRuleBackend.

func (*TunnelRuleBackend) DeepCopyInto added in v0.6.0 

func (in *TunnelRuleBackend) DeepCopyInto(out *TunnelRuleBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (TunnelRuleBackend) IsExactlyOne added in v0.6.0 

func (b TunnelRuleBackend) IsExactlyOne() bool

IsExactlyOne returns true when exactly one of ServiceRef / URL / HTTPStatus is set.

type TunnelRuleOriginRequest added in v0.6.0 

type TunnelRuleOriginRequest struct {
	// +optional
	NoTLSVerify bool `json:"noTLSVerify,omitempty"`
	// +optional
	OriginServerName string `json:"originServerName,omitempty"`
	// +optional
	ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"`
	// +optional
	HTTPHostHeader string `json:"httpHostHeader,omitempty"`
}

TunnelRuleOriginRequest is a pass-through to cloudflared's originRequest.

func (*TunnelRuleOriginRequest) DeepCopy added in v0.6.0 

func (in *TunnelRuleOriginRequest) DeepCopy() *TunnelRuleOriginRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRuleOriginRequest.

func (*TunnelRuleOriginRequest) DeepCopyInto added in v0.6.0 

func (in *TunnelRuleOriginRequest) DeepCopyInto(out *TunnelRuleOriginRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelRuleServiceRef added in v0.6.0 

type TunnelRuleServiceRef struct {
	// Name of the Service.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// Namespace of the Service. Defaults to the rule's namespace when empty.
	// +optional
	Namespace string `json:"namespace,omitempty"`

	// Port may be an integer or a named port.
	// +kubebuilder:validation:Required
	Port intstr.IntOrString `json:"port"`

	// Scheme is http, https, h2c, or tcp. When empty, inferred at reconcile
	// time from the Service's port name.
	// +kubebuilder:validation:Enum=http;https;h2c;tcp
	// +optional
	Scheme string `json:"scheme,omitempty"`
}

TunnelRuleServiceRef identifies a Kubernetes Service to route traffic to.

func (*TunnelRuleServiceRef) DeepCopy added in v0.6.0 

func (in *TunnelRuleServiceRef) DeepCopy() *TunnelRuleServiceRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRuleServiceRef.

func (*TunnelRuleServiceRef) DeepCopyInto added in v0.6.0 

func (in *TunnelRuleServiceRef) DeepCopyInto(out *TunnelRuleServiceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TunnelRuleSourceRef added in v0.6.0 

type TunnelRuleSourceRef struct {
	// +optional
	APIVersion string `json:"apiVersion,omitempty"`
	// +optional
	Kind string `json:"kind,omitempty"`
	// +optional
	Namespace string `json:"namespace,omitempty"`
	// +optional
	Name string `json:"name,omitempty"`
	// +optional
	UID string `json:"uid,omitempty"`
}

TunnelRuleSourceRef is populated by emitting controllers to record which Kubernetes object caused this rule to exist. Omitted for hand-authored rules.

func (*TunnelRuleSourceRef) DeepCopy added in v0.6.0 

func (in *TunnelRuleSourceRef) DeepCopy() *TunnelRuleSourceRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelRuleSourceRef.

func (*TunnelRuleSourceRef) DeepCopyInto added in v0.6.0 

func (in *TunnelRuleSourceRef) DeepCopyInto(out *TunnelRuleSourceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ZoneReference 

type ZoneReference struct {
	// Name of the CloudflareZone resource.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`
}

ZoneReference refers to a CloudflareZone CR in the same namespace.

func (*ZoneReference) DeepCopy 

func (in *ZoneReference) DeepCopy() *ZoneReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneReference.

func (*ZoneReference) DeepCopyInto 

func (in *ZoneReference) DeepCopyInto(out *ZoneReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.