System Private Kubernetes Resource Model APIs

Packages

addon.private.gdc.goog/v1alpha1

Package v1alpha1 contains API Schema definitions for the addon v1alpha1 API group.

AddOn

Addon represents an actual deployment task that the Addon Deployer needs to work on. - This object is generated by the Addon Lifecycle Controller. - This object is consumed by the Addon Deployer Controller. - This should be in the same namespace as the BareMetal Cluster it belongs to. - The following naming schema is highly recommended to avoid name collision: + '-' +

Appears in: - AddOnList

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOn
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AddOnSpec
status AddOnStatus

AddOnList

AddOnList contains a list of AddOns.

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOnList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AddOn

AddOnRef

AddOnRef contains an add-on related reference and deployment status.

Appears in: - AddOnSetStatus

Field Description
namespace string Namespace specifies the deployed add-on object namespace.
name string Name specifies the deployed add-on object name.
lastObservedTime Time LastObservedTime is the timestamp of last reconciliation when the add-on set controller checks the add-on status. Notice this is not the same as the last time add-on was reconciled.
state string State tells the current state of the addon reconciling.

AddOnSet

AddOnSet represents an execution of an AddOnSetTemplate. - The AddonSet points to a specific cluster and AddonSetTemplate. - This is a per-cluster resource. - It must be created in the same namespace as the corresponding cluster. - The AddOnSet object should be created in the same namespace as the Bare Metal cluster CR, with the same object name as the corresponding cluster CR object. - This object is created by the Addon Lifecycle Controller.

Appears in: - AddOnSetList

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOnSet
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AddOnSetSpec
status AddOnSetStatus

AddOnSetList

AddOnList contains a list of AddOns.

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOnSetList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AddOnSet

AddOnSetSpec

AddOnSetSpec defines the desired state of AddOnSet.

Appears in: - AddOnSet

Field Description
addOnSetTemplateRef LocalObjectReference AddonSetTemplateRef will be a reference to the AddonSetTemplate This field is required.
ownerClusterRef LocalObjectReference OwnerClusterRef points to which Anthos BareMetal cluster this addon belongs to. It points to which cluster generates this Addon not the cluster where the Addon get deployed. For example: An AddOn is deployed in the local cluster but it belongs to the remote cluster. So it is different from where it actually gets deployed. API type: - Group: baremetal.cluster.gke.io - Kind : Cluster This field is immutable.
overrides Override array Overrides contains attempts to override individual addons that belong to this addonset.

AddOnSetStatus

AddOnSetStatus represents the current status of the AddOnSet.

Appears in: - AddOnSet

Field Description
currentStage string CurrentStage indicates which deployment stage it is currently at.
addOns AddOnRef array addOns are add-ons being reconciled by this addonset. This helps visualize the add-on set deployment progress and track each individual add-on deployment status.
conditions Condition array This may contain more information about the current state of each Stage. Each Stage should be a separate Condition.

AddOnSetTemplate

AddOnSetTemplate is used to define the Addon Lifecycle Controller add-on deployment workflow. - An AddOnSetTemplate CR must be specified per supported Cluster Type/Anthos Version. - AddOnSetTemplate contains a list of AddOns that a specific type & version cluster needs to install. - AddOnSetTemplate should be created by the ABM distributor (e.g. ABM, GPC, APM). - There are no requirements on the name of this object. - This is a non-namespaced (cluster) level resource.

Appears in: - AddOnSetTemplateList

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOnSetTemplate
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AddOnSetTemplateSpec

AddOnSetTemplateList

AddOnList contains a list of AddOns.

Field Description
apiVersion string addon.private.gdc.goog/v1alpha1
kind string AddOnSetTemplateList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AddOnSetTemplate

AddOnSetTemplateSpec

AddOnSetTemplateSpec defines the desired state of AddOnSetTemplateSpec.

Appears in: - AddOnSetTemplate

Field Description
selector LabelSelector Selector selects the target clusters to apply this template by matching the labels of the Cluster objects. An AddOnSet object will be created in the same namespace for a cluster with matching labels.
addOnUtilImage string AddonUtilImage points to a docker image that provides advanced features like parameter injection or readiness checking for one or more of the addons referenced by this AddOnSetTemplate. It is the default image to use for an AddOn that belongs to this AddOnSetTemplate if no specific one is specified under AddOnSetTemplate.Spec.Stages[].AddOnsToDeploy[i].AddOnUtilImage. If none of AddOnUtilImage is set but the AddOn still has - Spec.Stages[].AddOnsToDeploy[i].ReadinessCheckJob - Spec.Stages[].AddOnsToDeploy[i].ParameterJob set to true. It will show an error.
stages Stage array Stages is a list of stages that each contains a set of AddOns that will be deployed. Stages are deployed in order and each stage will be deployed only when its previous stage is done.

AddOnSpec

AddOnSpec defines the desire state of the AddOn.

Appears in: - AddOn

Field Description
manifestType ManifestType ManifestType represents the addon manifest type, should be one of: [Helm, Kustomize] This field is required.
helmManifestSpec HelmManifestSpec HelmManifestSpec contains configuration for pulling manifests from a Helm registry. Required if ManifestType is Helm.
targetClusterRef string TargetClusterRef is a reference to the target BareMetalCluster. The target cluster is where the AddOn gets deployed. API type: - Group: baremetal.cluster.gke.io - Kind : Cluster This field is immutable.
local boolean Local indicates if a deployment is targeted towards the local cluster. The prompt of this addon can either be a remote or local cluster.
parameters JSON Parameters contain the parameters that the specified AddOn Manifest will use. This can contain arbitrary JSON data.
overrideParameters JSON OverrideParameters contain the parameters to override all parameters for this addon. This should be set from overrides in addonset.
disabled boolean Disabled indicates whether this Addon should be enabled or not. This field is required and defaults to false. This field is mutable. - When set to false, the AddOn Deployer will deploy this AddOn. - When set to true, the AddOn Deployer will either ignore or uninstall this AddOn depending on the AddOn.Status.DeploymentFinished field status. - If AddOn.Status.DeploymentFinished is true, it will uninstall the AddOn - If AddOn.Status.DeploymentFinished is false, it will not deploy the AddOn.
addOnNamespace string AddOnNamespace is a namespace in the target cluster that addon components will be installed in.
utilJobImage string UtilJobImage points to a docker image that will be used to run any util jobs (parameter or readiness).
parameterJob boolean ParameterJob indicates whether this AddOn needs runtime parameter injection Default to false means the AddOn does not need to prompt a parameter injection job.
readinessCheckJob boolean ReadinessCheckJob indicates whether this AddOn needs advanced readiness check. Default to false means the AddOn does not need to readiness check job. If set to true, AddOn deployer controller will launch a readiness check job before it marks the AddOn.ReadyToUse as true.
readyCriteria ObjectMatch ReadyCriteria defines the criteria to determine the readiness of add-on deployment. Add-on manager matches the cluster resource object and its value with the criteria. ReadyCriteria is ignored if ReadinessCheckJob is set.

AddOnStatus

AddonStatus represents the status of this Addon.

Appears in: - AddOn

Field Description
deploymentFinished boolean DeploymentFinished indicates the deployment status of the AddOn. This value is set by the Addon deployer only. - If set to true, it indicates the AddOn deployment is completed. - If set to false, it indicates the AddOn deployment is not complete yet. Note that this value does not indicate if the deployed workload is healthy or has finished initializing, just that the manifests have been successfully applied to the target cluster.
readyToUse boolean ReadyToUse indicates whether this Addon is ready to use. This value is set by the addon deployer controller. When to set this field depends on the corresponding AddOn configuration in the AddOnSetTemplate. AddOnSetTemplate.Spec.Stages[i].AddOnsToDeploy[j].ReadinessCheckJob is checked first. If it is set to true, the Addon deployer controller will launch the ReadinessCheck Job and wait for it to complete before it marks this field to true. If ReadinessCheckJob is set to false, the Addon deployer controller will check whether ReadyCriteria is set. If ReadyCriteria is set, it will mark this field to true once all the criteria are matched. If ReadyCriteria is not set, it will mark this as ready immediately after DeploymentFinished is set to true.
conditions Condition array This may contain more information about the current state of the Addon. TODO: define what condition exists and how it should be set.

AddOnToDeploy

AddOnToDeploy represents the spec for a specific AddOn that need to be deployed.

Appears in: - Stage

Field Description
manifestType ManifestType ManifestType represents the addon manifest type, should be one of: [Helm, Kustomize] This field is required.
helmManifestSpec HelmManifestSpec HelmManifestSpec contains configuration for pulling manifests from a Helm registry. Required if ManifestType is Helm.
target TargetCluster Target represents the target cluster this Addon will be deployed to. This is a relative path to wherever the Addon Manager is deployed. Should be one of [Local, Remote] This field is required. This field is immutable
addOnNamespace string AddOnNamespace is a namespace in the target cluster that addon components will be installed in.
parameters JSON Parameters is the static Parameters that will be used for this AddOn
optional boolean Optional indicates whether this AddOn can be disabled or not by the end user. Default to false means the AddOn is required.
disabledByDefault boolean DisabledByDefault indicates this Addon will be disabled or not unless the user overrides it in AddOnOverride.Spec.Disabled field. This field can only be set to true if Optional is also true. Default to false means the AddOn is enabled by default.
ownershipMode OwnershipMode Ownership specified the ownership of the addon, which is one of ["Unique", "Shared"]. Unique means one addon will be deployed per each addon set. Shared means only one addon will be deployed for all target addon sets. Default is unique.
parameterJob boolean ParameterJob indicates whether this AddOn needs runtime parameter injection Default to false means the AddOn does not need to prompt a parameter injection job. If set to true, AddOn Lifecycle Controller will launch a parameter injection job to generate the parameters and override it with the parameters defined in AddOnToDeploy.Parameters. The job will use AddOnToDeploy.AddOnUtilImage or fall back to the default AddOnSetTemplate.Spec.AddOnUtilImage as the container image if AddOnToDeploy.AddOnUtilImage is not set. If none exists, it will error out.
readinessCheckJob boolean ReadinessCheckJob indicates whether this AddOn needs advanced readiness check. Default to false means the AddOn does not need to readiness check job. If set to true, AddOn deployer controller will launch a readiness check job before it marks the AddOn.ReadyToUse as true. The job will use AddOnToDeploy.AddOnUtilImage or fall back to the default AddOnSetTemplate.Spec.AddOnUtilImage as the container image if AddOnToDeploy.AddOnUtilImage is not set. If none exists, it will error out.
addOnUtilImage string AddOnUtilImage points to a docker image that will be used to run the advanced features like parameter injection or readiness check. It overrides what exists in the AddOnSetTemplate.Spec.AddOnUtilImage.
readyCriteria ObjectMatch ReadyCriteria defines the criteria to determine the readiness of add-on deployment. Add-on manager matches the cluster resource object and its value with the criteria. ReadyCriteria is ignored if ReadinessCheckJob is set.

HelmManifestSpec

HelmManifestSpec represents the info for the helm release.

Appears in: - AddOnSpec - AddOnToDeploy

Field Description
name string Name is the name of the helm chart. Required.
repo string Repo is the repo of the helm chart in the registry. Optional.
tag string Tag is the tag of the helm chart. Required.
registryAccess RegistryAccess RegistryAccess contains the access instructions for the artifact registry. Required.

ManifestType

Underlying type: string

Appears in: - AddOnSpec - AddOnToDeploy

ObjectMatch

ObjectMatch defines the match check on cluster objects. If "Fields" is set, the object will be parsed and compared against the specified fields, and there should be only one object referred by the Object. Otherwise the match only checks the existence of resource objects.

Appears in: - AddOnSpec - AddOnToDeploy

Field Description
object ObjectReference Object refers to cluster resource objects relevant during the match. Name could be in regex format. When using regex, will match any name that contains a substring that matches the regex. If a full string match is preferred, add "^" at the start of the regex and "$" at the end.
fields object (keys:string, values:string) Fields is the resource jsonpath (https://kubernetes.io/docs/reference/kubectl/jsonpath/) to filter out the specific field, such as "{.status.ready}".

Override

Override represents the info for overriding an addon.

Appears in: - AddOnSetSpec

Field Description
releaseName string ReleaseName is the release name used by the addon.
releaseNamespace string ReleaseNamespace is the namespace used for the release.
parameters JSON Parameters will override the default parameter defined in AddOnSetTemplate. It will do a merge and override strategy, i.e., merge this parameter with the base parameters this AddOn has and override anything specified here to the AddOnOverride.Spec.Paremeters value.
disabled boolean Disabled indicates whether this Addon should be disabled or not Default to false means it is enabled by default. This will override what exists in the AddOnSetTemplate if and only if the corresponding AddOnSetTemplate.Spec.Stages[i].AddOnsToDeploy[j].Optional is set to true. Otherwise, this field cannot be overridden.

OwnershipMode

Underlying type: string

OwnershipMode defines the ownership modes of add-on objects.

Appears in: - AddOnToDeploy

RegistryAccess

RegistryAccess contains access instructions for the artifact registry.

Appears in: - HelmManifestSpec

Field Description
certificateSecret SecretReference CertificateSecretName identifies an in-cluster secret that contains a signed TLS/SSL certificate HTTPS connections to the RegistryURL. Optional.
certificateKeyName string CertificateKeyName is the name of the field in the secret data. Default is the name of the secret. Optional.
dockerConfigSecret SecretReference DockerConfigSecret identifies an in-cluster secret that contains the docker config.json with credentials required to access the private registry.
dockerConfigKeyName string DockerConfigKeyName is the field name of the docker key in secret data. Default is the name of the secret. Optional.
url string URL of the registry. Required.

Stage

Stage defines the spec for all the AddOns needed to be deployed in this stage.

Appears in: - AddOnSetTemplateSpec

Field Description
name string Name represents the stage name. It is for informational usage.
addOnsToDeploy AddOnToDeploy array AddOnsToDeploy is a collection of AddOns that will be deployed in this stage. AddOns in the same stage will be deployed in parallel.

TargetCluster

Underlying type: string

TargetCluster represents the desired cluster to install the AddOn.

Appears in: - AddOnToDeploy

artifact.private.gdc.goog/v1alpha1

ClusterBundle

ClusterBundle includes information for all the components of a cluster.

Appears in: - ReleaseMetadataSpec

Field Description
bmNodeImage string BMNodeImage is the image for provisioning a bare metal machine.
vmNodeImage string VMNodeImage is the image for provisioning a virtual machine.
anthosBareMetalVersion string AnthosBareMetalVersion is the Anthos Bare Metal (ABM) version of the cluster.

DistributionFilter

DistributionFilter defines a filter that resources must match to be distributed. This information is relayed to Harbor to handle the filtering. See https://goharbor.io/docs/edge/administration/configuring-replication/create-replication-rules/ for more information. All filters support pattern matching with the following: *: Matches any sequence of non-separator characters /. **: Matches any sequence of characters, including path separators /. ?: Matches any single non-separator character /. {alt1,…}: Matches a sequence of characters if one of the comma-separated alternatives matches. If both PathandTag` patterns are provided, the resource must match both patterns.

Appears in: - DistributionPolicySpec

Field Description
path string Path defines a filter pattern that a resource's path must match. A resource's path consists of its project name, repository name, and resource name.
tag string Tag defines a filter pattern that a resource's tag must match.

DistributionPolicy

DistributionPolicy represents a distribution policy. Creating a CR establishes the expectation that a replication rule should exist in the cluster's Harbor.

Appears in: - DistributionPolicyList

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string DistributionPolicy
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec DistributionPolicySpec
status DistributionPolicyStatus

DistributionPolicyList

DistributionPolicyList contains a list of DistributionPolicy objects.

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string DistributionPolicyList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items DistributionPolicy

DistributionPolicySpec

DistributionPolicySpec defines the desired state of a DistributionPolicy.

Appears in: - DistributionPolicy

Field Description
description string Description defines the distribution policy.
filter DistributionFilter Filter defines a distribution filter that resources must match in order to be distributed.
destinationRegistry Registry DestinationRegistry defines the registry to distribute resources to.
continuousDistribution boolean ContinuousDistribution specifies whether or not to continuously distribute resources to the destination registry as they are pushed to the source registry. This will not automatically distribute resources that exists before the policy was created.
override boolean Override specifies whether or not to overwrite resources with the same path in the destination registry. A resource's path consists of its project name, repository name, and image name.

DistributionPolicyStatus

DistributionPolicyStatus defines the observed state of a DistributionPolicy.

Appears in: - DistributionPolicy

Field Description
policyStatus PolicyStatus PolicyStatus defines the observed state of the distribution policy.

DistributionStatus

Underlying type: string

Appears in: - ManualDistributionStatus

HarborRobotAccount

HarborRobotAccount represents a harbor robot account.

Appears in: - HarborRobotAccountList

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string HarborRobotAccount
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec HarborRobotAccountSpec
status HarborRobotAccountStatus

HarborRobotAccountList

HarborRobotAccountList is a list of HarborRobotAccount objects.

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string HarborRobotAccountList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HarborRobotAccount

HarborRobotAccountSpec

HarborRobotAccountSpec defines the desired state for a HarborRobotAccount.

Appears in: - HarborRobotAccount

Field Description
expirationDays integer ExpirationDays indicates robot duration, if it is -1, robot never expires.

HarborRobotAccountStatus

Appears in: - HarborRobotAccount

Field Description
conditions Condition
secretRef LocalObjectReference SecretRef refers to the secret which holds robot's name and password
expiresAt integer ExpiresAt indicates the expiration time of the robot. It is a Unix time in seconds.

InfraComponents

InfraComponents includes versions for all the infrastructure firmwares.

Appears in: - ReleaseMetadataSpec

Field Description
networkSwitch string NetworkSwitch is the OS version for the network switches.
preflightChecks PreflightCheck array PreflightChecks is a list of preflight checks that need to run before the infrastrcuture upgrade, which is a part of the root organization upgrade. Optional.

ManualDistribution

ManualDistribution represents a manual distribution. Creating a CR establishes the expectation that a replication rule should be manually executed in Harbor.

Appears in: - ManualDistributionList

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string ManualDistribution
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManualDistributionSpec
status ManualDistributionStatus

ManualDistributionList

ManualDistributionList contains a list of ManualDistribution objects.

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string ManualDistributionList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManualDistribution

ManualDistributionSpec

ManualDistributionSpec defines the desired state of a ManualDistribution.

Appears in: - ManualDistribution

Field Description
distributionPolicyName string DistributionPolicyName is the name of a distribution policy. This distribution policy should exist in the same namespace as the manual distribution CR. This distribution policy defines the policy that the distribution will follow.

ManualDistributionStatus

ManualDistributionStatus defines the observed state of a ManualDistribution.

Appears in: - ManualDistribution

Field Description
distributionStatus DistributionStatus DistributionStatus defines the observed state of the distribution.
failedResources integer FailedResources defines the number of resources that failed to be distributed.
inProgressResources integer InProgressResources defines the number of resources that are in-progress to be distributed.
stoppedResources integer StoppedResources defines the number of resources that were stopped from being distributed. Resources are considered stopped if they are not at a terminal state when the distribution is terminated.
succeededResources integer SucceededResources defines the number of resources that were successfully distributed.
totalResources integer TotalResources defines the number of resources that the distribution will attempt to distribute.
startTime Time StartTime defines when the distribution started.
endTime Time EndTime defines when the distribution ended.

PolicyStatus

Underlying type: string

Appears in: - DistributionPolicyStatus

PreflightCheck

PreflightCheck represents a disjoint preflight check needed before upgrades.

Appears in: - InfraComponents - ReleaseMetadataSpec

Field Description
name PreflightCheckName Name provides the name of the preflight check that needs to run. Required.

PreflightCheckName

Underlying type: string

PreflightCheckName represents the name of a preflight check that needs to run before upgrades.

Appears in: - PreflightCheck

Registry

Registry defines a registry endpoint in the cluster's Harbor.

Appears in: - DistributionPolicySpec

Field Description
type RegistryType Type defines the type of registry (ex: harbor). If not specified, default to harbor.
URL string URL is a registry's URL. Example: https://10.251.81.38:10443.
credential ObjectReference Credential is an object reference to a secret. This secret should provide appropriate access to the registry referenced by URL.
skipVerifyCertificate boolean SkipVerifyCertificate specifies whether or not to skip verifying the certificate of the registry referenced by URL. This field should not be set to true in a production environment.

RegistryType

Underlying type: string

Appears in: - Registry

ReleaseMetadata

ReleaseMetadata represents the metadata information of a release artifact. It includes metadata information of the cluster components and the infrastructure components in the release.

Appears in: - ReleaseMetadataList

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string ReleaseMetadata
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ReleaseMetadataSpec

ReleaseMetadataList

ReleaseMetadataList represents a collection of ReleaseMetadata objects.

Field Description
apiVersion string artifact.private.gdc.goog/v1alpha1
kind string ReleaseMetadataList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ReleaseMetadata

ReleaseMetadataSpec

ReleaseMetadataSpec defines the desired state of ReleaseMetadata.

Appears in: - ReleaseMetadata

Field Description
adminCluster ClusterBundle AdminCluster includes the cluster component versions to be used for the root admin cluster and org admin clusters.
systemCluster ClusterBundle SystemCluster includes the cluster component versions to be used for the system cluster.
userClusters LocalObjectReference UserClusters is a list of supported user cluster component versions in the release. Information is stored in the referenced cluster-scoped UserClusterMetadata objects.
infraComponents InfraComponents InfraComponents includes the infrastructure component versions.
adminPreflightChecks PreflightCheck AdminPreflightChecks is a list of preflight checks that need to run before the root admin and the organization admin upgrades. Optional.

artifactview.private.gdc.goog/v1alpha1

CLIBundleMetadata

CLIBundleMetadata represents the metadata of a CLI bundle artifact.

Appears in: - CLIBundleMetadataList

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string CLIBundleMetadata
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
commonMetadata CommonMetadata CommonMetadata contains metadata common to all artifact types.

CLIBundleMetadataList

CLIBundleMetadataList is a list of CLIBundleMetadata objects.

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string CLIBundleMetadataList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CLIBundleMetadata

Checksum

Appears in: - OSImageMetadata

Field Description
value string The checksum value.
function ChecksumFunction The checksum algorithm used to compute the checksum.

ChecksumFunction

Underlying type: string

The checksum algorithm used to compute the checksum.

Appears in: - Checksum

CommonMetadata

CommonMetadata represents the common metadata for all artifacts, regardless of their types.

Appears in: - CLIBundleMetadata - OSImageMetadata - ServiceMetadata - VirusSignatureMetadata

Field Description
artifactName string Display name for the artifact. e.g. "ubuntu-os-image"
artifactVersion string Version of the artifact. e.g. "1.3.0"
servingURL string ServingURL is the HTTP/HTTPS URL that serves the content of the artifact.

OSImageMetadata

OSImageMetadata represents the metadata of OS Image artifacts.

Appears in: - OSImageMetadataList

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string OSImageMetadata
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
commonMetadata CommonMetadata CommonMetadata contains metadata common to all artifact types.
checksums Checksum array The checksums of the image file.
servingSize integer ServingSize is the number of bytes of the OS image when served to the client. This is used to set the Content-Length HTTP header for the Artifact Server.

OSImageMetadataList

OSImageMetadataList is a list of OSImageMetadata objects.

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string OSImageMetadataList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OSImageMetadata

ServiceMetadata

ServiceMetadata represents the metadata of a Service artifact.

Appears in: - ServiceMetadataList

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string ServiceMetadata
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
commonMetadata CommonMetadata CommonMetadata contains metadata common to all artifact types.

ServiceMetadataList

ServiceMetadataList is a list of ServiceMetadata objects.

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string ServiceMetadataList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ServiceMetadata

VirusSignatureMetadata

VirusSignatureMetadata represents the metadata of clamAV virus signatures.

Appears in: - VirusSignatureMetadataList

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string VirusSignatureMetadata
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
commonMetadata CommonMetadata CommonMetadata contains metadata common to all artifact types.

VirusSignatureMetadataList

VirusSignatureMetadataList is a list of VirusSignatureMetadata objects.

Field Description
apiVersion string artifactview.private.gdc.goog/v1alpha1
kind string VirusSignatureMetadataList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items VirusSignatureMetadata

asm.gpc.gke.io/v1alpha1

Package v1alpha1 contains API Schema definitions for the asm v1alpha1 API group

Resource Types

ManagedServiceMesh

ManagedServiceMesh is the Schema for the managedservicemeshes API

Appears in: - ManagedServiceMeshList

Field Description
apiVersion string asm.gpc.gke.io/v1alpha1
kind string ManagedServiceMesh
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManagedServiceMeshSpec
status ManagedServiceMeshStatus

ManagedServiceMeshList

ManagedServiceMeshList contains a list of ManagedServiceMesh

Field Description
apiVersion string asm.gpc.gke.io/v1alpha1
kind string ManagedServiceMeshList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManagedServiceMesh

ManagedServiceMeshStatus

ManagedServiceMeshStatus defines the observed state of ManagedServiceMesh

Appears in: - ManagedServiceMesh

Field Description
version string Version indicates the version of ASM.
upgradingFrom string UpgradingFrom indicates the version that ASM is being upgraded from. This field is only set if ASM is under upgrading.
conditions Condition Conditions is a list of ASM conditions observed.

billing.private.gdc.goog/v1alpha1

DataUnitType

Underlying type: string

Represents a unit of data. Ex: "Byte".

Appears in: - PricingUnit

DecimalAmount

DecimalAmount encapsulates a decimal amount with precision upto 9 digits after the decimal point. Example usages: 0 : units = 0 nanos = 0 0.421 : units = 0 nanos = 421000000 -0.421 : units = 0 nanos = -421000000 12 : units = 12 nanos = 0 12.421 : units = 12 nanos = 421000000 12.0421 : units = 12 nanos = 42100000 -12.0421 : units = -12 nanos = -42100000

Appears in: - SkuDescription

Field Description
units integer Units is the whole units of the amount.
nanos integer Nanos is the number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If units is positive, nanos must be positive or zero. If units is zero, nanos can be positive, zero, or negative. If units is negative, nanos must be negative or zero.

Money

Money represents an amount of money with its currency type.

Appears in: - SkuDescription

Field Description
currencyCode string
units integer Units is the whole units of the amount. For example if CurrencyCode is "USD", then 1 unit is one US dollar.
nanos integer Nanos is the number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If Units is positive, nanos must be positive or zero. If Units is zero, nanos can be positive, zero, or negative. If Units is negative, nanos must be negative or zero. For example $-1.75 is represented as Units=-1 and Nanos=-750,000,000.

PeriodDuration

PeriodDuration is the duration in which a price is charged.

Appears in: - SkuDescription

Field Description
count integer Count is the count of period in which a price is charged. For example: Count=3 and Unit=Monthly represent a 3-month period.
unit SubscriptionPeriodUnit Unit is the time unit that count refers to.

PricingUnit

PricingUnit encapsulates a unit in which pricing can be defined.

Appears in: - SkuDescription

Field Description
type PricingUnitType Type represents the type of the pricing unit.
countUnit boolean CountUnit is only true if Type is "Count".
timeUnit TimeUnitType TimeUnit is only set if Type is "Time".
dataUnit DataUnitType DataUnit is only set if Type is "Data"
storageUnit StorageUnitType StorageUnit is only set if Type is "Storage"

PricingUnitType

Underlying type: string

PricingUnitType encapsulates a unit in which pricing is defined.

Appears in: - PricingUnit

SKUArea

Underlying type: string

SKUArea is the classification of a SKU into an area.

Appears in: - SkuDescription

SkuDescription

SkuDescription is the Schema for the skudescriptions API

Appears in: - SkuDescriptionList

Field Description
apiVersion string billing.private.gdc.goog/v1alpha1
kind string SkuDescription
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
id string ID is the unique ID for the SKU. Example: "AA95-CD31-42FE"
invoiceDescription string InvoiceDescription is a human readable description of what the SKU is.
longDescription string LongDescription is a a long human readable description of what the SKU is.
area SKUArea Area is the classification of a SKU into a similar grouping of SKUs.
prices Money array Pricing in different currency codes. Generally only pricing in USD is expected. Can start simple with just one USD Price.
period PeriodDuration Period in which the price is charged. If unset, the
perUnit PricingUnit The unit of usage in which pricing is defined. Ex: $5 per 10 bytes : PerUnit = bytes
perUnitCount DecimalAmount The magnitude of the unit of usage in which pricing is defined. Ex: $5 per 10 bytes : PerUnitCount = 10
status SkuStatus The status of the skuDescription.

SkuDescriptionList

SkuDescriptionList contains a list of SkuDescription

Field Description
apiVersion string billing.private.gdc.goog/v1alpha1
kind string SkuDescriptionList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SkuDescription

SkuStatus

SkuStatus provides the status of skuDescription.

Appears in: - SkuDescription

Field Description
conditions Condition Conditions is a list of skuDescription conditions observed.

StorageUnitType

Underlying type: string

Represents a storage unit, Eg: "Gibibyte month".

Appears in: - PricingUnit

SubscriptionPeriodUnit

Underlying type: string

Appears in: - PeriodDuration

TimeUnitType

Underlying type: string

Represents a unit of time. Ex: "Month".

Appears in: - PricingUnit

dr.gpc.gke.io/v1alpha1

Package v1alpha1 contains API Schema definitions for the v1alpha1 API group

CIDRClaimAllocation

CIDRClaimAllocation records the mapping of CIDRClaim specs and the allocated IPs

Appears in: - CIDRClaimAllocationList

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string CIDRClaimAllocation
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CIDRClaimAllocationSpec

CIDRClaimAllocationList

CIDRClaimAllocationgList contains a list of CIDRClaimAllocation.

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string CIDRClaimAllocationList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CIDRClaimAllocation

CIDRClaimAllocationSpec

CIDRClaimAllocation are the specs for CIDRClaimAllocation

Appears in: - CIDRClaimAllocation

Field Description
namespace string Namespace is the original namespace of the CIDRClaim
name string Name is the original name of the CIDRClaim
ipv4block string IPv4Block is a string representing an IPv4 CIDR like 10.10.0.0/24
ipv6block string IPv6Block is a string representing an IPv6 CIDR like 2001:db8::/32

DRConfig

DRConfig is the Schema for the DR controller API

Appears in: - DRConfigList

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string DRConfig
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec DRSpec
status DRStatus

DRConfigList

DRConfigList contains a list of DRConfig.

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string DRConfigList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items DRConfig

DRSpec

DRSpec are the specs for DRConfig

Appears in: - DRConfig

Field Description
operationMode OperationMode OperationMode reflects the desired operation state of the DR controller.
restoreRepository string RestoreRepository identifies the Backup4GPC repository to use when restoring the GDCH cell.
backupName string BackupName identifies the name of backup to be used in repository when restoring the GDCH cell

DRStatus

Appears in: - DRConfig

Field Description
operationMode OperationMode OperationMode reflect the current operation state of the DR controller.
reconcileState ReconcileState ReconcileState reflects the current stage of reconciling
message string Message provides more information about the status

HWDRBackupRestoreJob

HWDRBackupRestoreJob is the Schema for the hwdrbackuprestorejobs API

Appears in: - HWDRBackupRestoreJobList

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string HWDRBackupRestoreJob
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
state JobState State reflects the current backup or restore job's state.
restore boolean Restore indicates whether the job is a backup (false) or a restore (true) operation.
details string Details provides additional information when the State field is SUCCESS or ERROR.

HWDRBackupRestoreJobList

HWDRBackupRestoreJobList contains a list of HWDRBackupRestoreJob

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string HWDRBackupRestoreJobList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HWDRBackupRestoreJob

HWDRDevice

HWDRDevice is the Schema for the hwdrdevices API

Appears in: - HWDRDeviceList

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string HWDRDevice
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec HWDRDeviceSpec
status HWDRDeviceStatus

HWDRDeviceList

HWDRDeviceList contains a list of HWDRDevice

Field Description
apiVersion string dr.gpc.gke.io/v1alpha1
kind string HWDRDeviceList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HWDRDevice

HWDRDeviceSpec

HWDRDeviceSpec defines the desired state of HWDRDevice

Appears in: - HWDRDevice

Field Description
type string Type is the type of device that will be backed up or restored. Controls which DSH will be called.
target string Target is an IP address or hostname (with or without port) that the DSH uses to connect.
credentials SecretReference Credentials is a reference to a kubernetes secret (key-value pairs).
options object (keys:string, values:string) Options is a list of key-value pairs specific to the DSH.

HWDRDeviceStatus

HWDRDeviceStatus defines the observed state of HWDRDevice

Appears in: - HWDRDevice

Field Description
status string Status is a text message indicating the final status of the last run on the device.
lastRunTime Time LastRunTime provides the last time a backup or restore was attempted on the device.

JobState

Underlying type: string

Appears in: - HWDRBackupRestoreJob

OperationMode

Underlying type: string

OperationMode describe what mode the DR controller is or should be in. Only one of the following Operation Mode may be specified.

Appears in: - DRSpec - DRStatus

ReconcileState

Underlying type: string

ReconcileState represents state for DR controller

Appears in: - DRStatus

firewall.private.gdc.goog/v1alpha1

FirewallHairpinLinkSpec

FirewallHairpinLinkSpec describes the hairpin between firewall and switch

Appears in: - FirewallNodeInternalSpec

Field Description
firewallPort1 string FirewallPort describes the internal port on the firewall side
switchPort1 SwitchPortInterface SwitchPort describes the internal port on the switch side
firewallPort2 string FirewallPort describes the external port on the firewall side
switchPort2 SwitchPortInterface SwitchPort describes the external port on the switch side
vlanID VLANID VlanID describes the vlan tag for the link
owner string Owner info, root-admin or a tenant

FirewallInterfaceType

Underlying type: string

FirewallInterfaceType identifies the type of the firewall interface

Appears in: - InterfaceSpec

FirewallNodeInternal

FirewallNodeInternal represents an internal Firewall node type

Appears in: - FirewallNodeInternalList

Field Description
apiVersion string firewall.private.gdc.goog/v1alpha1
kind string FirewallNodeInternal
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec FirewallNodeInternalSpec
status FirewallNodeInternalStatus

FirewallNodeInternalList

FirewallNodeInternalList represent a collection of FirewallNodeInternal objects.

Field Description
apiVersion string firewall.private.gdc.goog/v1alpha1
kind string FirewallNodeInternalList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items FirewallNodeInternal array

FirewallNodeInternalSpec

FirewallNodeInternalSpec represents the specifications for firewall node internal info.

Appears in: - FirewallNodeInternal

Field Description
haInfo HASpec HAInfo represents the HA related info
hairpinSwitchName string HairpinSwitchName represents the switch name that with hairpin connection to the firewall
hairpinLinks FirewallHairpinLinkSpec array HairpinLinks reprent the hairpin links betwee the firewall and switch
serviceInfo ServiceSpec ServiceInfo represents the services like ntp server info
networkInfo NetworkSpec NetworkInfo represents the network related info
vsysInfoRefs LocalObjectReference VsysInfoRefs references to the list of FirewallVirtualSystem objects for multi-tenancy

FirewallVirtualSystem

FirewallVirtualSystem represents the firewall virtual systems.

Appears in: - FirewallVirtualSystemList

Field Description
apiVersion string firewall.private.gdc.goog/v1alpha1
kind string FirewallVirtualSystem
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec FirewallVirtualSystemSpec
status FirewallVirtualSystemStatus

FirewallVirtualSystemList

FirewallVirtualSystemList represents a collection of the firewall virtual systems.

Field Description
apiVersion string firewall.private.gdc.goog/v1alpha1
kind string FirewallVirtualSystemList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items FirewallVirtualSystem

FirewallVirtualSystemSpec

FirewallVirtualSystemSpec provides the specification of a firewall virtual system.

Appears in: - FirewallVirtualSystem

Field Description
name string Name of the virtual system for this tenant
zoneInfo ZoneSpec array ZoneInfo represents the security zones for the virtual system
serviceInfo ServiceSpec ServiceInfo represents the services for the virtual system

HAInterfaceSpec

HAInterfaceSpec describes the HA interface information

Appears in: - HASpec

Field Description
port string Port describes the ha port
ipAddr IPAddressString IPAddr describes the IP Address assigned to the ha port
netmask IPAddressString Netmask describes the Netmask of the IP address assigned to the ha port

HASpec

HASpec describes the HA related setup

Appears in: - FirewallNodeInternalSpec

Field Description
groupId integer ClusterName is the cluster name this node belongs to.
deviceId integer ClusterName is the cluster name this node belongs to.
haPeerNodeName string HAPeerNodeName is the name of the storage node that forms an HA pair with this node.
ha HAInterfaceSpec HA describes the HA1 peering info
haBackup HAInterfaceSpec HABackup describes the HA1 backup peering info
ha2 HAInterfaceSpec HA2 describes the HA2 peering info
ha2Backup HAInterfaceSpec HA2Backup describes the HA2 backup peering info
ha3Group string HA3Group describes the aggregation group name for HA3 setup

InterfaceSpec

InterfaceSpec describes a network interface

Appears in: - NetworkSpec - VWireSpec - ZoneSpec

Field Description
port string Port describes the name of the interface
type FirewallInterfaceType Type describes the type of the interface, like ha, vwire, etc
aggGroup string AggGroup describes the aggregation group this interface belongs to.
tag integer Tag describe the vwire tag assigned to the interfaces.
owner string Owner info, root-admin or a tenant

NetworkSpec

NetworkSpec describes the network setup

Appears in: - FirewallNodeInternalSpec

Field Description
interfaces InterfaceSpec array Interfaces describes the properties of the network interfaces
vwires VWireSpec array VWires describes the vwire links
aggregation string Aggregation

ServiceSpec

ServiceSpec describes the setup of different services

Appears in: - FirewallNodeInternalSpec - FirewallVirtualSystemSpec

Field Description
syslogServers IPAddressString SyslogServers describe the syslog servers
snmpServers IPAddressString SNMPServers describe the SNMP trap servers
snmpString string SnmpString describe the SNMP community string
ntpServers IPAddressString NtpServers describe the NTP servers
dnsServers IPAddressString DnsServers describe the DNS servers
emailServers IPAddressString EmailServers describe the email servers

VWireSpec

VWireSpec describes the vwire link pair

Appears in: - NetworkSpec

Field Description
name string Name of the vwire
interface1 InterfaceSpec Interface1 describe one end of the vwire pair
interface2 InterfaceSpec Interface2 describe another end of the vwire pair
owner string Owner info, root-admin or a tenant

ZoneSpec

ZoneSpec describes a security zone

Appears in: - FirewallVirtualSystemSpec

Field Description
name string Name of the security zone
interfaces InterfaceSpec Interfaces describe the interfaces assigned to the zone

identity.storagegrid.netapp.storage.private.gdc.goog/v1alpha1

Package v1alpha1 contains API Schema definitions for the identity.storagegrid.netapp.storage.private.gdc.goog v1alpha1 API group.

Group

Group is the Schema for the groups API.

Appears in: - GroupList

Field Description
apiVersion string identity.storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string Group
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec GroupSpec
status GroupStatus

GroupList

GroupList contains a list of Group objects.

Field Description
apiVersion string identity.storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string GroupList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Group

GroupSpec

GroupSpec defines the desired state of Group.

Appears in: - Group

Field Description
rbacResourceRef _[ObjectReference] RbacResourceRef refers to the RBAC Role or ClusterRole that corresponds to this Group. We can use this resource to derive the StorageGRID local group name for this Group. Only the ResourceNamespace and ResourceName fields are used.
storageGridTenantId string StorageGridTenantId refers to the StorageGRID tenant the group should exist in.
members string array Members is a list of the users in the group. Users are represented by their StorageGRID username (not ID). For each user, their StorageGRID username will be the prefix "k8su", followed by the identifier used to specify that user in a RoleBinding's subjects list (e.g. "bob", "bob@foo.com", etc., depending on their Organization's AIS config). For each service account, their StorageGRID username will use the scheme "k8ssa{svc-acct-namespace}_{svc-acct-name}".
bucketsForVerb object (keys:string, values:string array) BucketsForVerb is a map where each key is a custom verb, e.g. "read-object" or "write-object", that has a set of StorageGRID Policy permissions associated with it; the value for each key is the list of bucket names that members of this Group should have the specified permissions on. Each bucket name is represented as its K8S resource name, i.e. without the prefix that gets applied to the underlying StorageGRID bucket's name. If the corresponding Role applies to all buckets in its scope (all buckets in the Role's namespace, or all buckets if using a ClusterRole), the list will contain one item, "*".

GroupStatus

GroupStatus defines the observed state of Group.

Appears in: - Group

Field Description
storageGridId string StorageGridId is the UID of the local group in StorageGRID.
removedMembers string array RemovedMembers is a list of members that were previously in the group, but were removed at some point. Note that this does not necessarily mean the members were added to the underlying StorageGRID group. The Group reconciler should check if these users were added to the underlying group, and if so, remove them. After removing a user from the underlying group, they should be removed from this list as well.
conditions Condition

logging.private.gdc.goog/v1alpha1

Package v1alpha1 contains API Schema definitions for the observability v1alpha1 API group.

AuditLoggingTarget

AuditLoggingTarget is the Schema for the AuditLoggingtargets API.

Appears in: - AuditLoggingTargetList

Field Description
apiVersion string logging.private.gdc.goog/v1alpha1
kind string AuditLoggingTarget
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AuditLoggingTargetSpec
status AuditLoggingTargetStatus

AuditLoggingTargetList

AuditLoggingTargetList contains a list of AuditLoggingTarget.

Field Description
apiVersion string logging.private.gdc.goog/v1alpha1
kind string AuditLoggingTargetList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AuditLoggingTarget

AuditLoggingTargetSpec

AuditLoggingTargetSpec defines the desired state of AuditLoggingTarget

Appears in: - AuditLoggingTarget

Field Description
serviceName string Specify a service name to be applied as a label.
timestampKey string Specify JSON key for log timestamp. If timestamp could not be parsed, the timestamp when syslog server received the message will be used instead.
timestampkeyFormat string Specify the expected format for the log timestamp.
appNameLabel string Specify label name for syslog APP-NAME field. If skipped, APP-NAME value will be saved under 'ident' label.
hostNameLabel string Specify label name for syslog HOSTNAME field. If skipped, HOSTNAME value will be saved under 'host' label.
additionalLabels object (keys:string, values:string) Specify additional labels to be attached to log entries.

AuditLoggingTargetStatus

AuditLoggingTargetStatus defines the observed state of AuditLoggingTarget.

Appears in: - AuditLoggingTarget

Field Description
conditions Condition
certSecretName string After applying the CR, Observability platform generates a certificate to be used by a service to communicate with syslog endpoint. The certificate will be stored in TLS secret.
syslogServerName string After applying the CR, Observability platform creates a FQDN to be used by a service to communicate with syslog endpoint.

SecurityLoggingTarget

SecurityLoggingTarget is the Schema for the securityloggingtarget API.

Appears in: - SecurityLoggingTargetList

Field Description
apiVersion string logging.private.gdc.goog/v1alpha1
kind string SecurityLoggingTarget
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SecurityLoggingTargetSpec
status SecurityLoggingTargetStatus

SecurityLoggingTargetList

SecurityLoggingTargetList contains a list of SecurityLoggingTarget.

Field Description
apiVersion string logging.private.gdc.goog/v1alpha1
kind string SecurityLoggingTargetList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SecurityLoggingTarget

SecurityLoggingTargetSpec

SecurityLoggingTargetSpec defines the desired state of SecurityLoggingTarget.

Appears in: - SecurityLoggingTarget

Field Description
serviceName string Specify a service name to be applied as a label.
timestampKey string Specify JSON key for log timestamp. If timestamp could not be parsed, the timestamp when syslog server received the message will be used instead.
timestampFormat string Specify the expected format for the log timestamp.
appNameLabel string Specify label name for syslog APP-NAME field. If skipped, APP-NAME value will be saved under 'ident' label.
hostNameLabel string Specify label name for syslog HOSTNAME field. If skipped, HOSTNAME value will be saved under 'host' label.
additionalLabels object (keys:string, values:string) Specify additional labels to be attached to log entries.

SecurityLoggingTargetStatus

SecurityLoggingTargetStatus defines the observed state of SecurityLoggingTarget.

Appears in: - SecurityLoggingTarget

Field Description
conditions Condition
certSecretName string After applying the CR, Observability platform generates a certificate to be used by a service to communicate with syslog endpoint. The certificate will be stored in TLS secret.
syslogServerName string After applying the CR, Observability platform creates a FQDN to be used by a service to communicate with syslog endpoint.

network.private.gdc.goog/v1alpha1

AggSwitchInternal

AggSwitchInternal represents an internal agg switch type with information

Appears in: - AggSwitchInternalList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string AggSwitchInternal
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AggSwitchInternalSpec
status SwitchCommonStatus

AggSwitchInternalList

AggSwitchInternalList represent a collection of AggSwitchInternal objects.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string AggSwitchInternalList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AggSwitchInternal array

AggSwitchInternalSpec

AggSwitchInternalSpec represents the specifications of a agg switch internal to the network configuration

Appears in: - AggSwitchInternal

Field Description
SwitchCommonSpec SwitchCommonSpec SwitchCommonSpec represents the injected common specifications shared across all switches
downlinks RoutedPortSpec P2PDownlinks describes the routed ports which connect to lower level switches
hairpinPorts HairpinPortSpec HairpinPorts describes the hairpin loop created by the firewall integration with the switch TODO(ruibin): Deprecate this field once all code has been migrated to use HairpinLinks in AggSwitchSpec.

CellTunnelAllocation

CellTunnelAllocation represents the tunnel id allocations within a Cell.

Appears in: - CellTunnelAllocationList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string CellTunnelAllocation
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CellTunnelAllocationSpec
status CellTunnelAllocationStatus

CellTunnelAllocationList

CellTunnelAllocationList represents a list of CellTunnelAllocation.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string CellTunnelAllocationList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CellTunnelAllocation

CellTunnelAllocationSpec

CellTunnelAllocationSpec represents the specification of the tunnel id allocations within a Cell.

Appears in: - CellTunnelAllocation

Field Description
allocations TunnelAllocation array

CiscoNxOSSwitch

CiscoNxOSSwitch describes the vendor specifications for a Cisco NxOS switch

Appears in: - SwitchVendorCommon

CiscoNxOSSwitchPairingConnection

CiscoNxOSSwitchPairingConnection describes the details of how a switch connects to its peer.

Appears in: - CiscoNxOSSwitchPairing

Field Description
keepalivePort SwitchPortIndexList KeepalivePort describes the port for keep-alive messages between peer switches. Both switches use the same port number. This field is optional since some vendor may not need it.
peerLinks SwitchPortIndexList PeerLinks describe the ports (same on each peer) used for inter-switch data traffic.
pairingIP IPAddressString PairingIP describes the IP used for pairing switches in the overlay network.

DNSRegistration

DNSRegistration represents a DNS registration for a 1P service. It is to be used by 1P controllers to make 1P services available on consistent and easy to remember names. This is not for GDC end-users.

Appears in: - DNSRegistrationList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string DNSRegistration
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec DNSRegistrationSpec
status DNSRegistrationStatus

DNSRegistrationList

DNSRegistrationList represents a collection of DNSRegistration.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string DNSRegistrationList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items DNSRegistration

DNSRegistrationSpec

DNSRegistrationSpec provides the specification (i.e., desired state) of a DNSRegistration.

Appears in: - DNSRegistration

Field Description
fqdnPrefix string Provide the prefix to be used to generate FQDN (Fully Qualified Domain Name). If left empty, 'name' of DNSRegistration CR will be used to generate FQDN.
internal ResolveTo Populate this field if the IP(s) that the generated FQDN will resolve to are internal IP(s). If this field is populated, the generated FQDN will contain 'internal' in its name suffix. Internal IPs or gateway for internal traffic should be provided here. Currently either Internal or External can be specified, not both. Note: 1. Currently only IPs are supported for Internal field. 2. In MT mode, in root admin cluster, specifying only External will be supported.
external ResolveTo Populate this field if the IP(s) that the generated FQDN will resolve to are external IP(s). Currently either Internal or External can be specified, not both. External IPs or gateway for external traffic should be provided here.
scope DNSScope Scope specifies how the FQDN should be formed. It will not restrict DNS resolution to a particular scope.
ttl integer TTL is an optional field that specifies the time-to-live for the record, in seconds. Min value is 5s, max is 3600s. Default is 300s.

DNSRegistrationStatus

DNSRegistrationStatus provides the status of a DNSRegistration.

Appears in: - DNSRegistration

Field Description
fqdn string A nonempty value represents the FQDN for the service is ready to use.
aliases string array Aliases of the FQDN.
conditions Condition A successful DNS entry creation results in the FQDN string being populated, with the Conditions array having Ready condition as True. An error is indicated by an empty FQDN value, with the Conditions array having Ready as False.

DNSScope

Underlying type: string

Appears in: - DNSRegistrationSpec

DefaultIstioGatewayInfo

Appears in: - ResolveTo

Field Description
owningCluster IstioGatewayOwningCluster The cluster in which the default Istio Gateway instance is running. It could either be the local amdin cluster, or the remote default user cluster. NOTE: 1P teams should use the Istio Gateway in the default user cluster. The Istio Gateway in the admin cluster is mainly for GDCH internal services.

IstioGatewayOwningCluster

Underlying type: string

Appears in: - DefaultIstioGatewayInfo

ManagementAggSwitchInternal

ManagementAggSwitchInternal represents an internal mgmt agg switch type with information

Appears in: - ManagementAggSwitchInternalList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string ManagementAggSwitchInternal
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManagementAggSwitchInternalSpec
status SwitchCommonStatus

ManagementAggSwitchInternalList

ManagementAggSwitchInternalList represent a collection of ManagementAggSwitchInternal objects.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string ManagementAggSwitchInternalList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManagementAggSwitchInternal array

ManagementAggSwitchInternalSpec

ManagementAggSwitchInternalSpec represents the specification of a management agg switch internal to the network configuration

Appears in: - ManagementAggSwitchInternal

Field Description
SwitchCommonSpec SwitchCommonSpec SwitchCommonSpec represents the injected common specifications shared across all switches
downlinks RoutedPortSpec P2PDownlinks describes the routed ports which connect to lower level switches

ManagementSwitchInternal

ManagementSwitchInternal represents an internal mgmt switch type with information

Appears in: - ManagementSwitchInternalList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string ManagementSwitchInternal
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManagementSwitchInternalSpec
status SwitchCommonStatus

ManagementSwitchInternalList

ManagementSwitchInternalList represent a collection of ManagementSwitchInternal objects.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string ManagementSwitchInternalList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManagementSwitchInternal array

ManagementSwitchInternalSpec

ManagementSwitchInternalSpec represents the specifications of a management switch internal to the network configuration

Appears in: - ManagementSwitchInternal

Field Description
SwitchCommonSpec SwitchCommonSpec SwitchCommonSpec represents the injected common specifications shared across all switches

ResolveTo

Appears in: - DNSRegistrationSpec

Field Description
ips string array IPs that the generated FQDN should resolve to. Either the IPs or the UseDefaultIstioGateway field should be specified. Specifying both is an error.
useDefaultIstioGateway DefaultIstioGatewayInfo Istio gateway whose load balancer's IP the generated FQDN should resolve to. Either of IPs or Gateway should be specified.

SwitchCommonSpec

SwitchCommonSpec represents the configuration specifications of a switch common to all types of switches

Appears in: - AggSwitchInternalSpec - ManagementAggSwitchInternalSpec - ManagementSwitchInternalSpec - TORSwitchInternalSpec

Field Description
loopbackIPs IPAddressString LoopbackIPs specify the source IP addresses used for routing protocols. For example, the IP addresses assigned to the loopback interface for OSPF, iBGP, VTEPs. At least one RouterIPs must be specified. The first one is used for the underlay network routing. The second one is used for the overlay network routing.
l2Networks L2NetworkSpecList L2Networks describe cross-switch layer-2 networks. Each port specified below from each switch should connect to the same device.
uplinks RoutedPortSpec Uplinks describe the routed ports from the TOR to upper level switches.
SwitchVendorCommon SwitchVendorCommon Vendor describes the vendor specific information for a particular switch

SwitchImage

SwitchImage represents the data of a single switch image.

Appears in: - SwitchImagesStatus

Field Description
imageVersion string ImageVersion provides the version of the switch image.
path string Path provides the path of the image within the TFTP server.
checksum string Checksum provides the SHA256 checksum of the image.

SwitchImageHostRequest

SwitchImageHostRequest represents a request to host switch operating system images.

Appears in: - SwitchImageHostRequestList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string SwitchImageHostRequest
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SwitchImageHostRequestSpec
status SwitchImageHostRequestStatus

SwitchImageHostRequestList

SwitchImageHostRequestList represents a list of SwitchImageHostRequest.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string SwitchImageHostRequestList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SwitchImageHostRequest

SwitchImageHostRequestStatus

SwitchImageHostRequestStatus represents the status of the SwitchImageHostRequest.

Appears in: - SwitchImageHostRequest

Field Description
conditions Condition Conditions provides the conditions of switch operating system images hostings. Supported Conditions include: Ready, TFTPReady, ImagesReady.
tftpHost string TFTPHost provides the host IP and port of the TFTP server.
switches SwitchImagesStatus array Switches provide the status of the image hostings of all switches within the GDC-H cell.

SwitchImagesStatus

SwitchImagesStatus represents the status of the operating system image hostings for a switch.

Appears in: - SwitchImageHostRequestStatus

Field Description
switchName string SwitchName provides the name of the switch.
imagePaths SwitchImage array Images provides the operating system images information for the given switch.

SwitchVendorCommon

SwitchVendorCommon describes the common specification for different vendors

Appears in: - SwitchCommonSpec

Field Description
nxos CiscoNxOSSwitch CiscoNexus represents the vendor specific configurations for the Cisco NxOS switches

TORSwitchInternal

TORSwitchInternal represents an internal TOR switch type with information

Appears in: - TORSwitchInternalList

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string TORSwitchInternal
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec TORSwitchInternalSpec
status SwitchCommonStatus

TORSwitchInternalList

TORSwitchInternalList represent a collection of TORSwitchInternal objects.

Field Description
apiVersion string network.private.gdc.goog/v1alpha1
kind string TORSwitchInternalList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items TORSwitchInternal array

TORSwitchInternalSpec

TORSwitchInternalSpec represents the specifications of a TOR switch internal to the network configuration

Appears in: - TORSwitchInternal

Field Description
SwitchCommonSpec SwitchCommonSpec SwitchCommonSpec represents the injected common specifications shared across all switches
portChannels PortChannelSpec PortChannels describes the port channels specification for the switch.

TunnelAllocation

TunnelAllocation represents a tunnel allocation for an entity.

Appears in: - CellTunnelAllocationSpec

Field Description
TunnelData TunnelData TunnelData provides the tunnel data that is allocated.
TunnelEntity TunnelEntity TunnelEntity provides the entity that is allocated.

TunnelData

TunnelData represents the data of a tunnel.

Appears in: - TunnelAllocation

Field Description
vxlan VxLANID VxLAN provides the L3 VxLAN this tunnel belongs to.
vlan VLANID VLAN provides the VLAN this tunnel uses.

TunnelEntity

TunnelEntity represents which entity the tunnel will be used for. Only one of the fields should be specified.

Appears in: - TunnelAllocation

Field Description
vrf VRF VRF represents the tunnel is used for a VRF if specified.
subnetClaimRef UniversalObjectReference SubnetClaimRef represents the tunnel is used for a subnet if specified.

VLANID

Underlying type: integer

VLANID represents a VLAN id. The allocated VLAN id is design to be in a higher range to avoid conflicts.

Appears in: - TunnelData

VRF

VRF represents a virtual routing and forward instance.

Appears in: - TunnelEntity

Field Description
fleetRef LocalObjectReference FleetRef provides the information that which Fleet the VRF should belong to.
type OverlayNetworkType Type provides the information of the purpose of the VRF.

VxLANID

Underlying type: integer

VxLANID represents a VxLAN id.

Appears in: - TunnelData

object.storage.private.gdc.goog/v1alpha1

BucketPrefix

BucketPrefix is the Schema for the internal prefix used by the bucket api.

Appears in: - BucketPrefixList

Field Description
apiVersion string object.storage.private.gdc.goog/v1alpha1
kind string BucketPrefix
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec BucketPrefixSpec
status BucketPrefixStatus

BucketPrefixList

BucketPrefixList contains a list of Bucket

Field Description
apiVersion string object.storage.private.gdc.goog/v1alpha1
kind string BucketPrefixList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items BucketPrefix

BucketPrefixSpec

BucketPrefixSpec defines the desired state of the BucketPrefix Resource.

Appears in: - BucketPrefix

Field Description
bucketNamespace string
bucketNamespaceUid string

ontap.netapp.storage.private.gdc.goog/v1alpha1

DataLogicalInterface

Appears in: - ISCSITargetSpec - NASServerSpec

Field Description
dataIPs IPAddressString DataIPs is the data LIF address that can be used if there is no subnet assigned Currently, we assume each node will only have one IP associated. TODO: might need to also validate one IP per node
netmask IPAddressString Netmask is the netmask of these address

DiskStatus

DiskStatus contains information about a disk and its health

Appears in: - StorageAggregateStatus

Field Description
name string Name is the display name of the disk
capcityTotal Quantity CapacityTotal is the disk's total capacity in bytes.
conditions Condition array Conditions contains information on the health of the disk Condition types: - Degraded: Indicates that the disk is degraded and repair is recommended. - Failed: Indicates that the disk is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

ISCSITargetSpec

ISCSITargetSpec provides the specification (i.e., desired state) of a cluster storage iSCSI SAN service. Exactly one of SubnetName or DataLIF must be set.

Appears in: - StorageVirtualMachineSpec

Field Description
subnetName string SubnetName is the netapp subnet name for creating SVM data LIF, This should be preconfigured already in StorageCluster. Either SubnetName or DataLIF should be provided.
dataLIF DataLogicalInterface DataLIF represents the data logic interface Either SubnetName or DataLIF should be provided.
port string Port is the ethernet port to use when creating the LIF It can be a physics port, LACP port or a VLAN port

ISCSITargetStatus

ISCSITargetStatus provides the status of iSCSI service in SVM

Appears in: - StorageVirtualMachineStatus

Field Description
logicalInterfaces LogicalInterfaceStatus

LogicalInterface

Appears in: - SVMNetwork

Field Description
address IPAddressString Address is the IP of this Logical Interface
netmask IPAddressString Netmask is the netmask of this address
gateway IPAddressString Gateway is the address gateway

LogicalInterfaceStatus

Appears in: - ISCSITargetStatus - NASServerStatus - StorageVirtualMachineStatus

Field Description
address string Address is the IP of this Logical Interface
netmask string Netmask is the netmask of this address
homeNode string HomeNode is where the lif lands
homePort string HomePort is which port the lif uses
operationalStatus string OperationalStatus indicates whether the lif is up or down
dnsDomainName string DNSDomainName is the DNS name of the lif

NASServerSpec

NASServerSpec provides the specification (i.e., desired state) of a cluster storage NAS service, including CIFS/NFS. Exactly one of SubnetName or DataLIF must be set.

Appears in: - StorageVirtualMachineSpec

Field Description
subnetName string SubnetName is the netapp subnet name for creating SVM data LIF, This should be preconfigured already in StorageCluster. Either SubnetName or DataLIF should be provided.
dataLIF DataLogicalInterface DataLIF represents the data logic interface Either SubnetName or DataLIF should be provided.
port string Port is the ethernet port to use when creating the LIF It can be a physics port, LACP port or a VLAN port

NASServerStatus

NASServerStatus provides the status of CIFS/NFS service in SVM

Appears in: - StorageVirtualMachineStatus

Field Description
logicalInterfaces LogicalInterfaceStatus

SVMNetwork

SVMNetwork represents the network spec for this SVM Exactly one of its members must be set.

Appears in: - StorageVirtualMachineSpec

Field Description
subnetName string ManagementSubnetName is the NetApp subnet name for creating SVM management LIF, this should be preconfigured already in Storage Backend. Either ManagementSubnetName or ManagementLIF should be provided. TODO: Preconfigure this in the StorageCluster
managementLIF LogicalInterface ManagementLIF is the management Logical Interface if subnet name is not provide Either SubnetName or DataIPs should be provided.
port string Port is the ethernet port to use when creating the LIF It can be a physics port, LACP port or a VLAN port

SVMSecurityKeyManager

SVMSecurityKeyManager defines the key manager setup for a StorageVirtualMachine.

Appears in: - StorageVirtualMachineSecuritySpec

Field Description
kmipEndpoints string array KMIPEndpoints refers to a list of KMIP endpoint that will be connected by the StorageVirtualMachine to use as external key management system. Format: <ip_address
clientKMIPCertSecretRef SecretReference ClientKMIPCertSecretRef refers to a secret that contains the KMIP client SSL certificates for the cluster. This need to be setup correctly on the KeyManager side before StorageVirtualMachine creation. It should contain at least these data: [tls.key, tls.crt]
serverCertificates string array ServerCertificates are a list of PEM encoded server certificates to be installed by the host. This is essentially a certificate chain that leads up to the root CA (the last item in the list). Keeping it in this order helps reference a subset if required.

SecurityKeyManager

SecurityKeyManager defines the external key manager spec.

Appears in: - StorageClusterSecuritySpec

Field Description
kmipEndpoint string KMIPEndpoint (deprecated for HSMTenantRef) refers to a KMIP endpoint that will be connected by the StorageCluster to use as external key management system. Format: <ip_address
HSMTenantRef ObjectReference HSMTenantRef refers to the tenant which has the credentials we we use to access the proper domain on the HSM cluster.
clientKMIPCertSecretRef string ClientKMIPCertSecretRef (deprecated for HSMTenantRef) refers to a secret that contains the KMIP client SSL certificates for the cluster. This need to be setup correctly on the KeyManager side before StorageCluster bootstrap. It should contain at least these data: [tls.key, tls.crt]
rootCACertSecretRef string RootCACertSecretRef (deprecated for HSMTenantRef) refers to the SSL public certificate for the root certificate authority(CA) of the KMIP server. It should contain at least these data: [ca.crt]

StaticRoute

StaticRoute specifies the route settings for this SVM.

Appears in: - StorageVirtualMachineSpec

Field Description
destinationSubnet IPSubnetString DestinationSubnet is the subnet to create a route to.
gateway IPAddressString Gateway is the gateway address that packets in this route should use.

StaticSubnetConfig

StaticSubnetConfig specifies the static subnet config information for the tenant network. It will define the vlan, gateway, subnet and IPRanges information that needed for a storage tenant.

Appears in: - SubnetConfig

StorageAggregate

StorageAggregate represents a storage pool of similar disks.

Appears in: - StorageAggregateList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageAggregate
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageAggregateSpec
status StorageAggregateStatus

StorageAggregateList

StorageAggregateList represents a collection of storage nodes.

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageAggregateList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageAggregate

StorageAggregateSpec

StorageAggregateSpec specifies the aggregate configuration.

Appears in: - StorageAggregate

Field Description
nodeName string NodeName is the name of the StorageNode that owns the aggregate.
numDisks integer NumDisks specifies the number of disks that should be added to the aggregate. TODO: specify every disk, or some other filter mechanism, like disk size, hdd, etc
maxRAIDSize integer MaxRAIDSize specifies the maximum raid group size to create. TODO: double check is this per raid group or aggregate

StorageAggregateStatus

StorageAggregateStatus contains the current state and health of the aggregate.

Appears in: - StorageAggregate

Field Description
conditions Condition array Conditions contains information on the health of the aggregate Condition types: - Ready: Indicates that the aggregate is ready for use. - Degraded: Indicates that the aggregate is degraded and repair is recommended. - Failed: Indicates that the aggregate is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.
capacityTotal Quantity CapacityUsable is the number of usable bytes in this aggregate. This includes used and free bytes.
capacityUsed Quantity CapacityUsed is the number of bytes used in this aggregate.
disks DiskStatus array Disks is a list of all the disks part of this aggregate and their health. TODO: disks that are not part of an aggregate

StorageCluster

StorageCluster represents a group of StorageNodes that can be managed together in a cluster.

Appears in: - StorageClusterList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageCluster
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageClusterSpec
status StorageClusterStatus

StorageClusterAddress

StorageClusterAddress specifies the cluster management address configuration

Appears in: - StorageClusterNetworkSpec

Field Description
ip IPAddressString IP is the management IP address.
netmask IPAddressString Subnet specifies the management subnet address.
homeNodeName string HomeNodeName is the name of the StorageNode to preferentially host the management IP.
homePort string HomePort is the name of the network port to preferentially host the management IP.

StorageClusterList

StorageClusterList represents a collection of storage clusters.

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageClusterList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageCluster

StorageClusterNetworkSpec

StorageClusterNetworkSpec specifies the cluster-wide network settings.

Appears in: - StorageClusterSpec

Field Description
clusterManagement StorageClusterAddress ClusterManagement specifies the cluster's management IP configuration.

StorageClusterSecuritySpec

StorageClusterSecuritySpec specifies the cluster-wide security settings.

Appears in: - StorageClusterSpec

Field Description
securityKeyManager SecurityKeyManager SecurityKeyManager defines the key manager spec the StorageCluster will use.

StorageClusterSpec

StorageClusterSpec specifies cluster-wide settings for the cluster.

Appears in: - StorageCluster

Field Description
nodeNames string array NodeNames is a list of StorageNode names that belong to this cluster. TODO: require all objects related to a cluster are in the same namespace.
adminSecretName string AdminSecretName is the name of the secret in this namespace that contains the admin credentials to manage the cluster.
licenses string array Licenses is a list of license strings to apply to the cluster. TODO: should this be a secret
network StorageClusterNetworkSpec TODO: Network specifies the cluster-wide network settings.
security StorageClusterSecuritySpec Security contains the spec for StorageCluster security related settings.

StorageClusterStatus

StorageClusterStatus contains information about the current state and health of the storage cluster.

Appears in: - StorageCluster

Field Description
adminCertificateSecretRef ObjectReference AdminCertificateSecretRef is a reference point to the admin certificate secret that can be used to authenticate to the StorageCluster object. This is intended to replace the admin credentials after initial storage bootstrap process. The username should be "gpc-admin"
readOnlyCertificateSecretRef ObjectReference ReadOnlyCertificateSecretRef is a reference point to the readonly certificate secret that can be used to authenticate to the StorageCluster object. The username should be "gpc-admin-read-only"
conditions Condition array Conditions contains information on the health of the cluster. Condition types: - Ready: Indicates that the cluster is ready for use. - Degraded: Indicates that the cluster is degraded and repair is recommended. - Failed: Indicates that the cluster is in a failed state and is non-functional.
storageSystemVersion StorageSystemVersion StorageSystemVersion contains information about the device software version.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

StorageEncryptionConnection

StorageEncryptionConnection represents a storage encryption connection between two security associations. This API is used to encrypt data-in-transit traffic from host(Both Baremetal and VM type) to NetApp ONTAP SVM data IP endpoints. Right now the default encryption configuration is IPSec. Other encryption method might be added later. It should have the same name with the InventoryMachine object it is referring to.

Appears in: - StorageEncryptionConnectionList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageEncryptionConnection
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageEncryptionConnectionSpec
status StorageEncryptionConnectionStatus

StorageEncryptionConnectionList

StorageEncryptionConnectionList represents a collection of storage encryption config object

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageEncryptionConnectionList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageEncryptionConnection

StorageEncryptionConnectionSpec

StorageEncryptionConnectionSpec provides the specification (i.e., desired state) between two security associations.

Appears in: - StorageEncryptionConnection

Field Description
inventoryMachineRef UniversalObjectReference InventoryMachineRef specifies the node where traffic destined for the SVM will be encrypted. The node will be configured along with StorageVirtualMachine creation process and workloads will not be able to mount volumes successfully until it's successfully completed. API type: - Group: baremetal.cluster.gke.io - Kind: InventoryMachine This object is a non-namespaced object. This field is required.
storageVirtualMachineRef _[ObjectReference]. StorageVirtualMachineRef is a reference that points to the StorageVirtualMachine that the CSI driver running inside the ABM cluster will connect to. If the InventoryMachine forms an ABM cluster, the SVM that will be used on this ABM cluster should be the same with the reference here.
storageDataCIDR IPSubnetString StorageDataCIDR is the data subnet that generated from StorageCluster spec It refers to the StorageCluster.Spec.Network.DataNetworks.IPRanges for data network type which is NAS and SAN. If there are multiple DataNetworks, it will combine them into one minimal CIDR range that contains all the network ip ranges. So it is best to configure DataNetworks IPRange continuously to avoid including non-data IPs.This field is required.

StorageEncryptionConnectionStatus

Appears in: - StorageEncryptionConnection

Field Description
pskSecretRef ObjectReference PSKSecretRef is a reference that points to a secret object that stores the pre-shared key that will be used to authenticate in IPSec IKE(Internet Key Exchange) stage. This is specific to IPSec encryption method. This will be generated in the GPC system namespace.
completionTime Time Represents time when the data-in-transit encryption configuration on both ends was completed.
conditions Condition array Conditions are fields contain the current condition for encryption config It will contain the following condition types: - Ready - PSKGenerationReady - ServerConfigurationReady - ONTAPConfigurationReady Only when all other conditions are ready will the "Ready" condition become true.

StorageNetwork

StorageNetwork specifies the common configuration for management and data networks.

Appears in: - StorageTenant

Field Description
name string Name of the network
types StorageNetworkType Types describes the traffic that this network will be used for. Supported options: - Management: SVM management traffic - NAS: NAS protocol traffic (NFS and CIFS) - SAN: SAN protocol traffic (iSCSI)
port string Port specifies the network port that is used for this network, for example, "a0a". If a vlan is not specified in SubnetConfig, then this port will be used directly. Otherwise, a vlan interface will be created using this port to serve traffic.
subnetConfig SubnetConfig SubnetConfig specifies the StorageVirtualMachine subnet configuration. It defines vlan, subnet, gateway, and IP Ranges for this subnet.
destinationSubnets IPSubnetString DestinationSubnets specifies the subnets for static routes in this network.

StorageNode

StorageNode represents a physical storage node (controller) in a storage cluster.

Appears in: - StorageNodeList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageNode
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageNodeSpec
status StorageNodeStatus

StorageNodeList

StorageNodeList represents a collection of storage nodes.

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageNodeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageNode

StorageNodeNetworkSpec

StorageNodeNetworkSpec specifies the physical network port configuration.

Appears in: - StorageNodeSpec

Field Description
clusterInterconnectIP IPAddressString ClusterInterconnectIP is one of the node's pre-configured cluster interconnect IP addresses.
managementIP IPAddressString ManagementIP is the node's pre-configured management IP address.
managementPorts string array ManagementPorts specifies the names of the management ports. The management ports will be configured in a failover group.
dataPorts string array DataPorts specifies the names of the data ports. These ports will be configured with LACP aggregation. TODO: add more network config options like mtu, bonding

StorageNodeSpec

StorageNodeSpec contains configuration for the storage node. TODO: How to represent the root aggregate

Appears in: - StorageNode

Field Description
system DeviceSystemSpec System specifies metadata about the HW.
clusterName string ClusterName is the cluster name this node belongs to.
haPartnerNodeName string HAPartnerNodeName is the name of the storage node that forms an HA pair with this node.
network StorageNodeNetworkSpec Network specifies the physical network port configuration on this node.
storageAggregateNames string array StorageAggregateNames is a list of the names of StorageAggregates that belong to this node. TODO: revisit forward/back object references.

StorageNodeStatus

StorageNodeStatus specifies current changing information about the storage node.

Appears in: - StorageNode

Field Description
version string Version is the software and hardware version of the controller.
conditions Condition array Conditions contains information on the health of the node. Condition types: - Ready: Indicates that the node is ready for use. - Degraded: Indicates that the node is degraded and repair is recommended. - Failed: Indicates that the node is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

StorageOrganization

StorageOrganization specifies the storage resources that are associated with a Organization TODO: replace with actual group/name

Appears in: - StorageOrganizationList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageOrganization
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageOrganizationSpec
status StorageOrganizationStatus

StorageOrganizationList

StorageOrganizationList represents a collection of storage organizations.

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageOrganizationList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageOrganization

StorageOrganizationSpec

Appears in: - StorageOrganization

Field Description
organizationRef ObjectReference OrganizationRef specifies the Organization object that the StorageOrganization is generated for. API type: - Group: resourcemanager.gdc.goog - Kind: Organization
storageClusterRef ObjectReference StorageClusterRef specifies the StorageCluster object that this organization uses. API type: - Group: ontap.netapp.storage.private.gdc.goog - Kind: StorageCluster
hsmTenantRef ObjectReference HSMTenantRef specifies the HSMTenant object that this organization uses. API type: - Group: security.private.gdc.goog - Kind: HSMTenant This field is optional. If not set, the generated StorageVirtualMachine will not have external key manager setup. And the corresponding encryption setting will not be enabled on trident as well.
adminTenant StorageTenant AdminTenant specifies the resources needed for the admin cluster.
userTenant StorageTenant UserTenant specifies the resources needed for user clusters. All user clusters are part of a single tenant. For administrative-only organizations, such as the root organization, userTenant can be optional.

StorageOrganizationStatus

StorageOrganizationStatus specifies current information about the storage organization.

Appears in: - StorageOrganization

Field Description
conditions Condition array Conditions contains information on the reconciliation status of the organization. Condition types: - Ready: Indicates that the readiness of organization. - StorageOrgNetworkJob: Indicates the readiness of the the storage organization network configuration job.
svmGenerationConditions Condition SVMGenerationConditions contains information on the generation status of the StorageVirtualMachine object. Condition types: - AdminSVMReady: Indicates that the readiness of the admin SVM. - UserSVMReady: Indicates the readiness of the the user SVM.

StorageSystemVersion

Appears in: - StorageClusterStatus

Field Description
version string Version of ONTAP installed and currently active on the system. Version stands for version that follows ONTAP release model: https://mysupport.netapp.com/site/info/release-model/ontap-release-model It will be in the format of "x.y.z" or "x.y.zPn"

StorageTenant

StorageTenant specifies resources associated with a particular tenant. A tenant consists of separate management and data endpoints.

Appears in: - StorageOrganizationSpec

Field Description
networks StorageNetwork array Networks specifies the network configuration for SVM management and data networks. Management, SAN and NAS services can share the same networks, or be separate. If separate networks are specified, Management and NAS can only be part of a single network, and SAN can have multiple networks in a multipath configuration. When a StorageVirtualMachine is created, the SVM management IP will be assigned from the Management network. For data networks, every node in the cluster will be assigned an IP from each network it's part of. At least one network is required.
storageVirtualMachineName string StorageVirtualMachineName specifies the name of the StorageVirtualMachine object that should be created for this tenant.

StorageVirtualMachine

StorageVirtualMachine represents a cluster level storage unit. It will be a SVM in the context of NetApp appliance

Appears in: - StorageVirtualMachineList

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageVirtualMachine
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageVirtualMachineSpec
status StorageVirtualMachineStatus

StorageVirtualMachineList

StorageVirtualMachineList represents a collection of clusters' storages.

Field Description
apiVersion string ontap.netapp.storage.private.gdc.goog/v1alpha1
kind string StorageVirtualMachineList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageVirtualMachine

StorageVirtualMachineSecuritySpec

StorageVirtualMachineSecuritySpec specifies the per-SVM security settings.

Appears in: - StorageVirtualMachineSpec

Field Description
securityKeyManager SVMSecurityKeyManager SecurityKeyManager defines the key manager spec the StorageVirtualMachine will use.

StorageVirtualMachineSpec

StorageVirtualMachineSpec provides the specification (i.e., desired state) of a cluster storage.

Appears in: - StorageVirtualMachine

Field Description
clusterName string ClusterName represents the NetApp storage cluster name that is in the same namespace
storageOrganizationRef LocalObjectReference StorageOrganizationRef represents the StorageOrganization object that associated for this SVM. StorageOrganization should be a 1:1 mapping to fleet object. API type: - Group: ontap.netapp.storage.private.gdc.goog - Kind: storageOrganization
aggregates string array Aggregates is the aggregate that this SVM will be using
svmNetwork SVMNetwork SVMNetwork defines the network spec for this storage virtual machine
nasServer NASServerSpec NASServerSpec provides the spec of the desired NAS server
iscsiTarget ISCSITargetSpec ISCSITargetSpec provides the spec of the desired SAN server
staticRoutes StaticRoute array StaticRoutes specifies the routes to configure for this SVM.
security StorageVirtualMachineSecuritySpec

StorageVirtualMachineStatus

StorageVirtualMachineStatus provides the status of a cluster storage.

Appears in: - StorageVirtualMachine

Field Description
readyToUse boolean ReadyToUse represents if the SVM is ready to use TODO: provide more detailed conditions and errors
completionTime Time Represents time when the svm job was completed.
conditions Condition array Conditions contain the latest observations of check job state.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.
managementLogicalInterface LogicalInterfaceStatus ManagementLogicalInterface provides the management network status
nasServer NASServerStatus NASServer provides the details of the NAS service - CIFS/NFS
iscsiTarget ISCSITargetStatus ISCSITarget provides the details of the SAN service

SubnetConfig

SubnetConfig specifies the StorageVirtualMachine subnet configuration. It defines vlan, subnet, gateway, and IP Ranges for this subnet.

Appears in: - StorageNetwork

Field Description
staticSubnetConfig StaticSubnetConfig StaticSubnetConfig specifies the static subnet config information for the tenant network. It will define the vlan, gateway, subnet and IPRanges information that needed for a storage tenant. Only one of SubnetClaimRef or StaticSubnetConfig should be set.
subnetClaimRef ObjectReference SubnetClaimRef specifies the SubnetClaim that is allocated for the tenant network. It will define the vlan, gateway, subnet information that needed for a storage tenant. It uses all the IPs available as the IPRange. Only one of SubnetClaimRef or StaticSubnetConfig should be set. API: - Group: system.private.gdc.goog - Kind: SubnetClaim

resourcemanager.private.gdc.goog/v1alpha1

IstioAuthorizationResource

IstioAuthorizationResource is a cluster-scoped CRD that declares a virtual resource kind in the istio.resourcemanager.gdc.goog API group that can be used in a policy rule to configure authorization policies for service pods exposed via Istio.

Appears in: - IstioAuthorizationResourceList

Field Description
apiVersion string resourcemanager.private.gdc.goog/v1alpha1
kind string IstioAuthorizationResource
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec IstioAuthorizationResourceSpec

IstioAuthorizationResourceList

IstioAuthorizationResourceList represents a collection of IstioAuthorizationResources.

Field Description
apiVersion string resourcemanager.private.gdc.goog/v1alpha1
kind string IstioAuthorizationResourceList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items IstioAuthorizationResource

IstioAuthorizationResourceSpec

Appears in: - IstioAuthorizationResource

Field Description
workloadNamespaceSelector WorkloadNamespaceSelector WorkloadNamespaceSelector defines where the generated AuthorizationPolicy will live. If set, namespace will be determined based on the value of this field instead of the namespace of RoleBinding
conditions Condition array Conditions describe the same condition as https://istio.io/latest/docs/reference/config/security/authorization-policy/#Condition. Additionally,a special item {PROJECT_ID} in Values or NotValues is supported and will be swapped to the actual ID of the project on the fly
subresources IstioAuthorizationSubresource array Subresources maps a subresource name to a set of destination attributes. Destinations can be overlapped between different subresources, and the resulting authorization policies will be additive.
authMethod AuthenticationMethod AuthMethod selects the method of authentication to apply on the IstioAuthorizationResource. If no AuthMethod is selected, the session based method will be selected by default.

IstioAuthorizationSubresource

IstioAuthorizationSubresource maps a subresource name to a set of destination attributes. Only positive attribute matching is allowed so policy rules are additive.

Appears in: - IstioAuthorizationResourceSpec

Field Description
name string
hosts string array A list of hosts as specified in the HTTP request. The match is case-insensitive. If not set, any host is allowed. The attribute will be translated into AuthorizationPolicy.rules.to.operation.hosts.
ports string array A list of ports as specified in the connection. If not set, any port is allowed. The attribute will be translated into AuthorizationPolicy.rules.to.operation.ports.
paths string array A list of paths as specified in the HTTP request. For gRPC service, this will be the fully-qualified name in the form of "/package.service/method". If not set, any path is allowed. The attribute will be translated into AuthorizationPolicy.rules.to.operation.paths.

ShadowProjectSelector

Appears in: - WorkloadNamespaceSelector

Field Description
serviceShortName string ServiceShortName defines the shortname for the shadow project, which will be used to determine the namespace of the shadow project.

WorkloadNamespaceSelector

WorkloadNamespaceSelector selects the namespace of the workload to be served with the authorization resource. Only one of its members should be specified

Appears in: - IstioAuthorizationResourceSpec

Field Description
namespace string Namespace defines which namespace will the generated AuthorizationPolicy lives.
shadowProject ShadowProjectSelector ShadowProject selects the shadow project of a particular service where the worload lives

security.private.gdc.goog/v1alpha1

DomainInfo

DomainInfo contains information about the HSM domain, used for logging in.

Appears in: - HSMTenantStatus - HSMUserCredentials

Field Description
name string Provided by the caller
id string Unique ID Generated by the HSM.

HSM

HSM represents a single HSM device.

Appears in: - HSMList

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSM
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec HSMSpec
status HSMStatus

HSMCluster

HSMCluster represents a cluster of HSMs, all storing replicas of the same data.

Appears in: - HSMClusterList

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSMCluster
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec HSMClusterSpec
status HSMClusterStatus

HSMClusterList

HSMClusterList represents a collection of HSM clusters.

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSMClusterList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HSMCluster

HSMClusterSpec

HSMClusterSpec provides the specification for an HSM cluster.

Appears in: - HSMCluster

Field Description
hsms LocalObjectReference List of HSMs in the cluster.
security HSMClusterSecuritySpec Cluster-wide security settings.

HSMClusterStatus

HSMClusterStatus provides the status of an HSM cluster.

Appears in: - HSMCluster

Field Description
conditions Condition Conditions reports if HSMTenant creation is complete.
managementNetworkIPs IPAddressString ManagementNetworkIPs holds each HSM's IP address via the management network. May be empty prior to the cluster being Ready.
dataNetworkIPs IPAddressString DataPlaneNetworkIPs holds each HSM's IP address via the dataplane network. May be empty prior to the cluster being Ready.
kmipPort integer KMIPort holds the port that the HSMs serve KMIP requests on.
naePort integer NAEPort holds the port that the HSMs serve NAE requests on.
apiPort integer APIPort holds the port that the HSMs serve REST API requests on.
rootAdminCreds HSMUserCredentials RootAdminCredentials authenticate to the HSM as the root admin user. These are used to bootstrap the HSM, and for tentant creation.
adminTenantRef ObjectReference AdminTenantRef holds the reference to the root/ admin tenant on the HSM. This contains resources used by the root admin cluster. Although a typical tenant defines resources for the tenant admin and tenant user clusters, the admin tenant only defines the former. API type: - Group: security.private.gdc.goog - Kind: HSMTenant
rootCACertificates string array RootCACertificates are a list of PEM-encoded certificates to trust when establishing TLS connections to the HSMCluster. If empty certificate validation should be ignored.

HSMDataNetwork

HSMDataNetwork specifies the data plane network configuration for the HSM.

Appears in: - HSMSpec

Field Description
nicPorts NICPortSpec NICPort specify the NIC ports connected to TOR switches.
ip IPAddressString IP is the Static IP addresses of the k570's data network interface.
subnetClaimRef ObjectReference SubnetClaimRef is a reference to the overlay subnet claim object. The interface's subnet and gateway information can be inferred from the SubnetClaim object.

HSMKMIPCredentials

HSMKMIPCredentials provides the info necessary for a client to authenticate to the HSM via the KMIP protocol.

Appears in: - HSMStorageOrganizationResources

Field Description
HSMUserCredentials HSMUserCredentials HSMUserCredentials hold information such as the basic auth credentials for this KMIP user and information about the CipherTrust domain the user exists within.
clientCertificate SecretReference Secret of type kubernetes.io/tls secret containing the client private key and certificate.
serverCertificates string array list of PEM encoded server certificates to be installed by the host. This is essentially a certificate chain that leads up to the root CA (the last item in the list). Keeping it in this order helps reference a subset if required. May be empty prior to the credentials being ready.

HSMList

HSMList represents a collection of HSM devices.

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSMList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HSM

HSMManagementNetwork

HSMManagementNetwork specifies the management network configuration for the HSM.

Appears in: - HSMSpec

Field Description
nicPort NICPortSpec NICPort specifies the NIC port connected to management switch.
ip IPAddressString IP is the Static IP addresses of the k570's management network interface.
subnet IPSubnetString Subnet specifies the subnet that the IPs are allocated from.
gateway IPAddressString Gateway specifies the gateway address for this network.
cellManagementNetworkRef ObjectReference CellManagementNetworkRef references the cell's management network that this interface is connected to. This can also provide the full list of CIDR subnets that make up the management network for adding static routes to the HSM network stack.

HSMServerResources

HSMServerResources provides info for the server reconciler to perform integration for disk enryption.

Appears in: - HSMTenantStatus

Field Description
tenantAdminCredentials HSMUserCredentials Creds required for the tenant admin in the organization.
tenantAdminMasterKeyName string Key handle to the master key that wraps disk encryption keys for admin servers.
tenantUserCredentials HSMUserCredentials Creds required for the tenant user in the organization. For the "root" tenant the OC servers should use this.
tenantUserMasterKeyName string Key handle to the master key that wraps disk encryption keys for tenant servers. For the "root" tenant the OC servers should use this.

HSMSpec

HSMSpec provides the specification for a single Thales k570 HSM device.

Appears in: - HSM

Field Description
system DeviceSystemSpec System describes baremetal k570 hardware identifiers including model, vendor and serial number.
managementNetwork HSMManagementNetwork ManagementNetwork describes the k570 management network interface.
dataNetwork HSMDataNetwork DataNetwork describes the k570 dataplane network interface.
sshAdminCredsRefs SecretReference SSHAdminCredsRefs are a list of kubernetes.io/ssh-auth formatted secrets to SSH to the CipherTrust device as the 'ksadmin' user. While this is a list only one is active at a time. When rotating the new secret should be written to the cluster and added as the first value to the list - preserving the old values in case of a partial rotation. If not set credentials will be auto-generated.
adminCredsRefs SecretReference AdminCredsRefs are a list of kubernetes.io/basic-auth formatted secrets to use the HTTP-based API to access the CipherTrust device as the 'admin' user. While this is a list only one is active at a time. When rotating the new secret should be written to the cluster and added as the first value to the list - preserving the old values in case of a partial rotation. If not set credentials will be auto-generated.
ksadminCredsRef SecretReference KSAdminCredsRef is kubernetes.io/basic-auth formatted secret for the 'ksadmin' unix user on the CipherTrust device. If not set credentials will be auto-generated. Only applicable to the physical devices.
lunaAdminPWRef SecretReference LunaAdminPWRef is a kubernetes.io/basic-auth formatted secret with the password field used as the HSM luna admin role credential. Changing values will factory reset the HSM and lose all data. If not set credentials will be auto-generated. Only applicable to the physical devices.
lunaSOPWRef SecretReference LunaSOPWRef is a kubernetes.io/basic-auth formatted secret with the password field used as the HSM luna security officer role credential. Changing values will factory reset the HSM and lose all data. If not set credentials will be auto-generated. Only applicable to the physical devices.
lunaCOPWRef SecretReference LunaCOPWRef is a kubernetes.io/basic-auth formatted secret with the password field used as the HSM luna crypto officer role credential. Changing values will factory reset the HSM and lose all data. If not set credentials will be auto-generated. Only applicable to the physical devices.
backupSecretRef SecretReference BackupSecretRef is an Opaque formatted secret that holds the encryption key used to protect backups of this HSM. This takes effect for backups going forward. The Opaque key "current_backup_key" is used for backups going forward and other keys may be used to retain previous backup keys. If empty the HSM's default backup key will be used.
sshHostPublicKeys string array SSHHostPublicKeys are the list of host public keys that should be trusted when making SSH connections to the HSM. These should be formatted in the SSH wire protocol according to RFC 4253, section 6.6 and then base64 encoded. This may be populated on first use (trust on first use) and/or verified against information obtained from the HSM serial console. If empty host key validation is ignored.
rootCACertificates string array RootCACertificates are a list of PEM-encoded certificates to trust when establishing TLS connections to the HSM. This may be populated on first use (trust on first use) and/or verified against information obtained from the HSM serial console. If empty certificate validation is ignored.
apiPort integer APIPort holds the port that the HSMs serve REST API requests on. Defaults to port 443 if not provided.
sshPort integer SSHPort holds the device's SSH TCP port number. Defaults to port 22 if not provided.
ntpServers string array List of IPAddresses to be used to add NTP Server.

HSMStatus

HSMStatus provides the status of an HSM.

Appears in: - HSM

Field Description
conditions Condition Conditions reports the status of the HSM.
sshCredsRef SecretReference The reference to the secret that has the current SSH credentials (from spec.SSHAdminCredsRefs) for this device. May be unset prior to the device being Ready.
adminCredsRef SecretReference The reference to the secret that has the current Admin credentials (from spec.AdminCredsRefs) for this device. May be unset prior to the device being Ready.

HSMStorageOrganizationResources

HSMStorageOrganizationResources provides info for storage organization reconciler to perform integation for block/file storage encryption.

Appears in: - HSMTenantStatus

Field Description
tenantAdminCredentials HSMKMIPCredentials Creds required for the tenant admin cluster's SVM.
tenantUserCredentials HSMKMIPCredentials Creds required for the tenant user cluster's SVM.

HSMTenant

HSMTenant represents resources that belong to a single tenant/organization in the HSM. Belongs to the gpc-system namespace.

Appears in: - HSMTenantList

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSMTenant
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec HSMTenantSpec
status HSMTenantStatus

HSMTenantList

HSMTenantList represents a collection of HSM tenants.

Field Description
apiVersion string security.private.gdc.goog/v1alpha1
kind string HSMTenantList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items HSMTenant

HSMTenantSpec

HSMTenantSpec provides the specification for an HSM tenant.

Appears in: - HSMTenant

Field Description
hsmClusterRef ObjectReference Reference to the HSMCluster object which contains information to connect to the HSM. API type: - Group: security.private.gdc.goog - Kind: HSMCluster

HSMTenantStatus

HSMTenantStatus provides the resources created that represent the HSM tenant. Will be in the root admin cluster, in the gpc-namespace.

Appears in: - HSMTenant

Field Description
conditions Condition Conditions reports if HSMTenant creation is complete. Condition types: - Ready: Indicates that the tenant resources are ready for use.
domain DomainInfo Domain name on the HSM corresponding to the objectname set by the organization.
platformAdminCredentials HSMUserCredentials Platform admin credentials for the HSM domain.
serverResources HSMServerResources Config required by servers to connect to the HSM for disk encryption.
storageOrganizationResources HSMStorageOrganizationResources Config required by the storage organization reconciler to connect to the HSM.

HSMUserCredentials

HSMUserCredentials provides the info necessary to authenticate to the HSM via REST API or NAE protocols.

Appears in: - HSMClusterStatus - HSMKMIPCredentials - HSMServerResources - HSMTenantStatus

Field Description
credsRef SecretReference Secret of type kubernetes.io/basic-auth containing credentials to login to HSM.
userId string UserID is generated by the CipherTrust Manager when a user is created. This ID uniquely identifies the user.
domain DomainInfo Domain the user credentials were created in. Note: The Domain.ID is the preferred identifier to use when logging in to the CipherTrust Manager as this is globally unique and referencing Domain.Name may be ambiguous. Optional. If not specified, the root domain should be used. Domain is a CipherTrust manager concept to create logical isolations within HSM resources. Details - https://thalesdocs.com/ctp/cm/latest/admin/cm_admin/domains/index.html
certificateId string CertificateID is the Certificate Authority ID used to sign certificates for the NAE and HTTPS interfaces. Example: aa7c08ba-b8de-4f54-83ef-ba814930b3b9
groupNames string array GroupNames lists the groups the user belongs to. This is used to configure access control for users that cannot belong to a domain due to hardware limitations like in HPE servers. Field is not necessary to log in, but a record is maintained here, so the resource can be deleted during crypto shredding.

serviceplatform.private.gdc.goog/v1alpha1

ShadowProject

ShadowProject provides the API for a Kubernetes service operator to request a shadow project dynamically.

Appears in: - ShadowProjectList

Field Description
apiVersion string serviceplatform.private.gdc.goog/v1alpha1
kind string ShadowProject
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ShadowProjectSpec
status ShadowProjectStatus

ShadowProjectList

ShadowProjectsList represents a collection of shadow projects.

Field Description
apiVersion string serviceplatform.private.gdc.goog/v1alpha1
kind string ShadowProjectList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ShadowProject

ShadowProjectSpec

ShadowProjectSpec holds the configurations of a shadow project.

Appears in: - ShadowProject

Field Description
shadowProjectTemplate string The name of the shadow project template. It is by design a simple string instead of a NamespacedName to prevent referencing a template from a different project (which very likely is owned by a different service).
parentProject string The parent project name used by this shadow project. This name must be specified during shadow project creation.

ShadowProjectStatus

ShadowProjectStatus specifies the status of a shadow project.

Appears in: - ShadowProject

Field Description
conditions Condition
namespaceName string The name of the materialized Kubernetes namespace.

ShadowProjectTemplate

ShadowProjectTemplate allows a service to define a template for a shadow project, such as the naming format and policy objects that need to be pre-populated into the shadow project.

Appears in: - ShadowProjectTemplateList

Field Description
apiVersion string serviceplatform.private.gdc.goog/v1alpha1
kind string ShadowProjectTemplate
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ShadowProjectTemplateSpec

ShadowProjectTemplateList

ShadowProjectTemplateList represents a collection of shadow project templates.

Field Description
apiVersion string serviceplatform.private.gdc.goog/v1alpha1
kind string ShadowProjectTemplateList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ShadowProjectTemplate

ShadowProjectTemplateSpec

ShadowProjectTemplateSpec holds the configurations of a shadow project template.

Appears in: - ShadowProjectTemplate

Field Description
serviceShortName string The service short name is appended an AO project's name. For example, if ServiceShortName is set to "gshoe" and the AO project is "alice-ao", the final name of the shadow project will be "alice-ao-gshoe-system". The reconciler will always prepend a - and append -system after the ServiceShortName. ServiceShortName has a max length of 4.
templates RawExtension array Templates defines a set of Kubernetes objects that will be populated into the shadow project.

storagegrid.netapp.storage.private.gdc.goog/v1alpha1

AdminNodeNetwork

Appears in: - ObjectStorageAdminNodeSpec

Field Description
dataIP IPSubnetString DataIP assigned to this node
managementIP IPSubnetString ManagementIP assigned to this node This IP will be used to configure this node
clientIP IPSubnetString ClientIP assigned to this node This IP will be used to connect with the site to access client applications, including S3 and Swift. This will be only assigned to Admin nodes (SG1000).
bmcIP IPSubnetString BMC IP assigned to this node, this will be in the management subnet The Baseboard Management Controller (BMC) provides remote management capabilities including console redirection, sensor monitoring, logging, and power control.

HAGroup

Appears in: - ObjectStorageSiteSpec

Field Description
virtualIPs IPAddressString VirtualIPs are the IPs assigned to this HA group These IPs should be in the same subnet as the client subnet
adminNodeNames string array AdminNodeNames is the name of the admin nodes that will form this HA API type: - Group: storagegrid.netapp.storage.private.gdc.goog - Kind: ObjectStorageAdminNode

NodeNetwork

NodeNetwork specifies network settings for a type of node.

Appears in: - ObjectStorageSiteSpec

Field Description
dataNetwork ObjectReference DataNetwork specifies grid network (internally) setting The Grid Network is used for all internal StorageGRID traffic. It provides connectivity between all nodes in the grid, across all sites and subnets. DataNetwork specifies the SubnetClaim that is allocated for ObjectStorageSite. It will define the vlan, gateway and subnet information required for configuration. API: - Group: system.private.gdc.goog - Kind: SubnetClaim
managementNetwork StaticNetworkConfig ManagementNetwork specifies admin network (internally) setting The Admin Network is typically used for system administration and maintenance. StaticNetworkConfig specifies the static subnet config information for the network. It will define the vlan, gateway and subnet information required for configuration.
clientNetwork ObjectReference ClientNetwork specifies client network setting The Client Network is an open network used to provide access to client applications, including S3 and Swift. The Client Network is optional as it is only used with ObjectStorageAdminNodes. ClientNetwork specifies the SubnetClaim that is allocated for ObjectStorageSite. It will define the vlan, gateway and subnet information required for configuration. API: - Group: system.private.gdc.goog - Kind: SubnetClaim

ObjectStorageAdminNode

ObjectStorageAdminNode represents a physical admin node (SG1000) in a site.

Appears in: - ObjectStorageAdminNodeList

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageAdminNode
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ObjectStorageAdminNodeSpec
status ObjectStorageAdminNodeStatus

ObjectStorageAdminNodeList

ObjectStorageAdminNodeList represents a collection of ObjectStorageAdminNodes.

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageAdminNodeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ObjectStorageAdminNode

ObjectStorageAdminNodeSpec

Appears in: - ObjectStorageAdminNode

Field Description
siteName string SiteName is the name of the ObjectStorageSite this node belongs to
network AdminNodeNetwork Network specifies the IPs for the node on different networks

ObjectStorageAdminNodeStatus

ObjectStorageAdminNodeStatus specifies current changing information about the node.

Appears in: - ObjectStorageAdminNode

Field Description
completionTime Time Represents time when the job was completed.
bmcCredsRef ObjectReference BMCCredsRef is a reference to the secret that contains the BMC credentials for this node.
conditions Condition array Conditions contains information on the health of the node. Condition types: - Ready: Indicates that the node is ready for use. - Degraded: Indicates that the node is degraded and repair is recommended. - Failed: Indicates that the node is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.
isPrimary boolean IsPrimary indicates if a node is primary admin

ObjectStorageSite

ObjectStorageSite contains the configuration for a site and represents a group of ObjectStorageStorageNodes and ObjectStorageAdminNodes that can be managed together.

Appears in: - ObjectStorageSiteList

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageSite
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ObjectStorageSiteSpec
status ObjectStorageSiteStatus

ObjectStorageSiteList

ObjectStorageSiteList represents a collection of ObjectStorageSites.

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageSiteList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ObjectStorageSite

ObjectStorageSiteSpec

Appears in: - ObjectStorageSite

Field Description
adminNodeNames string array AdminNodeNames is the list of admin node names that belong to this site. API type: - Group: storagegrid.netapp.storage.private.gdc.goog - Kind: ObjectStorageAdminNode
storageNodeNames string array StorageNodeNames is the list of storage node names that belong to this site. API type: - Group: storagegrid.netapp.storage.private.gdc.goog - Kind: ObjectStorageStorageNode
license string License is the license that will be used to setup this site. TODO: decide if this should be a secret
adminNodeNetwork NodeNetwork AdminNodeNetwork specifies the network settings for all ObjectStorageAdminNodes.
storageNodeNetwork NodeNetwork StorageNodeNetwork specifies the network settings for all ObjectStorageStorageNodes.
gridCredentials ObjectReference GridCredentials are the credentials required to log in to Grid Manager This contains username and password encoded in base64.
clientHaGroup HAGroup ClientHaGroup creates a HA with admin nodes on the Client network These IPs should be in the client network subnet

ObjectStorageSiteStatus

Appears in: - ObjectStorageSite

Field Description
primaryAdminNodeName string PrimaryAdminNodeName is the name of the ObjectStorageAdminNode which is the primary admin for this site API type: - Group: storagegrid.netapp.storage.private.gdc.goog - Kind: ObjectStorageAdminNode
managementAPIEndpointURL string ManagementAPIEndpointURL is the url endpoint required to talk with GridManager API
ntpServers IPAddressString NTPServers is the list of IP address of NTP servers currently used by the site
managementEndpointCertRef ObjectReference ManagementEndpointCertRef is a reference to the server and ca certificate installed on StorageGrid which will be used to make TLS enabled API calls
version string Version is the software version of StorageGrid used in this site.
conditions Condition array Conditions contains information on the health of the site. Condition types: - Ready: Indicates that the site is ready for use. - Degraded: Indicates that the site is degraded and repair is recommended. - Failed: Indicates that the site is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

ObjectStorageStorageNode

ObjectStorageStorageNode represents a physical storage node controller (SG6060) in a site.

Appears in: - ObjectStorageStorageNodeList

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageStorageNode
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ObjectStorageStorageNodeSpec
status ObjectStorageStorageNodeStatus

ObjectStorageStorageNodeList

ObjectStorageStorageNodeList represents a collection of ObjectStorageStorageNodes.

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageStorageNodeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ObjectStorageStorageNode

ObjectStorageStorageNodeSpec

Appears in: - ObjectStorageStorageNode

Field Description
siteName string SiteName is the name of the ObjectStorageSite this node belongs to
network StorageNodeNetwork Network specifies the IPs for the node on different networks

ObjectStorageStorageNodeStatus

ObjectStorageStorageNodeStatus specifies current changing information about the node.

Appears in: - ObjectStorageStorageNode

Field Description
completionTime Time Represents time when the job was completed.
bmcCredsRef ObjectReference BMCCredsRef is a reference to the secret that contains the BMC credentials for this node.
santricityCredsRef ObjectReference SantricityCredsRef is a reference to the secret that contains the credentials for SANtricity manager on SG6060
conditions Condition array Conditions contains information on the health of the node. Condition types: - Ready: Indicates that the node is ready for use. - Degraded: Indicates that the node is degraded and repair is recommended. - Failed: Indicates that the node is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.
version string Version is the software version of StorageGrid installed on this node.

ObjectStorageTenant

Appears in: - ObjectStorageTenantList

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageTenant
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ObjectStorageTenantSpec
status ObjectStorageTenantStatus

ObjectStorageTenantList

ObjectStorageTenantList represents a collection of object storage tenants.

Field Description
apiVersion string storagegrid.netapp.storage.private.gdc.goog/v1alpha1
kind string ObjectStorageTenantList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ObjectStorageTenant

ObjectStorageTenantSpec

Appears in: - ObjectStorageTenant

Field Description
storageClass string One of "nearline" or "standard". This field is immutable.
organizationRef ObjectReference The organization that this tenant will support. Used when looking up the organization CRD. This field is immutable.
systemTenant boolean This field is true if it's the a system tenant (the one system tenant for the organization or the system tenant for the root organization) and otherwise false. This field is immutable.

ObjectStorageTenantStatus

Appears in: - ObjectStorageTenant

Field Description
accountID string Populated when we first create the tenant in StorageGrid. Afterward, used to identify that we've created a tenant and referenced in subsequent API calls.
trafficPolicyID string Populated when we create the traffic control policy that controls the QoS for the tenant. Used to delete the traffic control policy during deletion. Also used to determine that we have created a traffic control policy already.
rootCredentialsRef LocalObjectReference
bucketControllerBasicCredentialsRef LocalObjectReference
bucketControllerS3KeyRef LocalObjectReference
identityControllerBasicCredentialsRef LocalObjectReference
observabilityControllerBasicCredentialsRef LocalObjectReference
siteName string SiteName is the name of the ObjectStorageSite this tenant belongs to.
conditions Condition array Indicates which steps in the reconciliation process are complete.

StaticNetworkConfig

Appears in: - NodeNetwork

Field Description
subnet IPSubnetString The subnet mask for this network
gateway IPAddressString The gateway for this network
vlanID VLANID VLANID of the network (if enabled)

StorageNodeNetwork

Appears in: - ObjectStorageStorageNodeSpec

Field Description
dataIP IPSubnetString DataIP assigned to this node
managementIP IPSubnetString ManagementIP assigned to this node This IP will be used to configure this node
bmcIP IPSubnetString BMC IP assigned to this node, this will be in the management subnet The Baseboard Management Controller (BMC) provides remote management capabilities including console redirection, sensor monitoring, logging, and power control.
controllerAManagementIP IPSubnetString Storage Controller (E2860) IPs assigned to this node, this will be in the management subnet These IPs will be used to access SANtricity manager and to set up connectivity with HSM This will be only assigned to Storage nodes (SG6060).
controllerBManagementIP IPSubnetString

system.private.gdc.goog/v1alpha1

AddressPoolClaim

AddressPoolClaim represents a request and allocation result of a set of IP addresses from a given overlay subnet.

Appears in: - AddressPoolClaimList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string AddressPoolClaim
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AddressPoolClaimSpec
status AddressPoolClaimStatus

AddressPoolClaimList

AddressPoolClaimList represents the collection of AddressPoolClaim.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string AddressPoolClaimList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AddressPoolClaim

AddressPoolClaimSpec

AddressPoolClaimSpec provides the specification of a address pool claim.

Appears in: - AddressPoolClaim

Field Description
size integer The size of the pool.
category NetworkCategory Category of the subnet. This tells the IP reconciler which category of subnet this claim is requesting. This field is immutable.
isContinuousCIDR boolean Whether a continuous CIDR-style subnet is required. This field is immutable.
ipFamily IPFamily The requested IP family, can be IPv4, IPv6 or dual stack.
subnetClaimName string The name of the SubnetClaim from which the IPs are allocated.

AddressPoolClaimStatus

AddressPoolClaimStatus represents the allocated result of a address pool claim.

Appears in: - AddressPoolClaim

Field Description
conditions Condition array Conditions contains information about the state of the AddressPoolClaim. Condition types: - Ready: Indicates that the AddressPoolClaim is ready for use
allocatedIPRanges IPRange Allocated IP ranges
subnetClaimRef ObjectReference Reference to the SubnetClaim which the AddressPoolClaim gets IPs from.
subnetCidr IPSubnetString The CIDR allocated to the referenced SubnetClaim.
subnetGateway IPAddressString The gateway of the referenced SubnetClaim.

AggSwitch

AggSwitch represents an aggregation switch in the data network.

Appears in: - AggSwitchList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string AggSwitch
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec AggSwitchSpec
status AggSwitchStatus

AggSwitchList

AggSwitchList represent a collection of aggregation switches.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string AggSwitchList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items AggSwitch

AggSwitchSpec

AggSwitchSpec provides the specification of an aggregation switch.

Appears in: - AggSwitch

Field Description
hardware DeviceSystemSpec
managementIP IPAddressString ManagementIP describes the IP address assigned for the management port of a switch. It has to be accessible before the rest of the specification get configured.
switchCredentials SwitchCredentials SwitchCredentials holds references to the Secret objects that contain the admin, read-only, and breakglass credentials of the switch.
hairpinLinks HairpinLink array HairpinLinks describes the hairpin loop created by the firewall integration with the switch

AggSwitchStatus

AggSwitchStatus describes the status of an aggregation switch.

Appears in: - AggSwitch

Field Description
conditions Condition array Conditions contains information about the state of the switch. Condition types: - Ready: Indicates that the switch is ready for use
switchStatus SwitchStatus

Alerts

Alerts contain a list of detected system alerts.

Appears in: - DiskStatus - FirewallClusterStatus - FirewallNodeStatus - ObjectStorageAdminNodeStatus - ObjectStorageSiteStatus - ObjectStorageStorageNodeStatus - ServerStatus - StorageAggregateStatus - StorageClusterStatus - StorageNodeStatus - StorageVirtualMachineStatus - SwitchStatus

Field Description
BaseError BaseError
id string The identifier of the alert. Unique per object per error code.
startTime Time At what time the alert started.

Alerts

Alerts contain a list of detected system alerts.

Appears in: - DiskStatus - FirewallClusterStatus - FirewallNodeStatus - ObjectStorageAdminNodeStatus - ObjectStorageSiteStatus - ObjectStorageStorageNodeStatus - ServerStatus - StorageAggregateStatus - StorageClusterStatus - StorageNodeStatus - StorageVirtualMachineStatus - SwitchStatus

Field Description
BaseError BaseError
id string The identifier of the alert. Unique per object per error code.
startTime Time At what time the alert started.

BGPAutonomousSystemNumber

Underlying type: integer

BGPAutonomousSystemNumber represents the autonomous system number of BGP protocol.

Appears in: - BorderGatewayProtocolSpec - EBGPNeighbors - HAMSBGPSpec - HAMSDCIASNSpec - InterconnectSessionSpec

BGPPeerType

Underlying type: string

BGPPeerType identifies the type of the external BGP peer

Appears in: - EBGPNeighbors

BGPPrefixCounters

BGP prefix counters.

Appears in: - InterconnectSessionStatus

Field Description
advertised integer
denied integer
received integer
sent integer
suppressed integer
withdrawn integer

BMCCertificateState

Underlying type: string

State has the type of enumeration of BMC certificate rotation finite-state machine.

Appears in: - ServerBMCCertificateStatus

BMCProtocol

Underlying type: string

BMCProtocol is the protocol used to communicate with the BMC.

Appears in: - BMCSpec

BMCSpec

BMCSpec contains the information about the baseboard management controller (BMC) of the Server object.

Appears in: - ServerSpec

Field Description
ip IPAddressString IP is the IPv4 address of the BMC. If not set, the BMC IP will be automatically assigned within the management network.
protocol BMCProtocol Protocol is the protocol used to communicate with the BMC.
port integer Port is the TCP or UDP port used for BMC communication. If not set, the default port will be used.
redfish RedfishSpec Redfish is required if and only if the protocol is "redfish" or a redfish variant.
mac MACAddressString MAC is the MAC address of the BMC. TODO(clcl): Migrate MAC to NICPort.
nicPort NICPortSpec NICPort specifies the NIC port of the BMC.
credentialsRef SecretReference CredentialsRef holds a reference to the Secret that contains the credentials to be used to authenticate with the BMC.

BackupRepository

BackupRepository represents an object bucket with its associated configurations, protocol, and credential to communicate with the object storage provider.

Appears in: - BackupRestoreAddonSpec

Field Description
credential SecretKeySelector A reference to a Secret resource within the same namespace of the BackupRestoreAddon resource from which to get credentials to communicate with the object storage system. If not specified, the system assumes no secrete is needed. Immutable once set.
protocol ObjectStorageProtocol Object storage protocol. Immutable.
config object (keys:string, values:string) Config specifies provider specific configurations. Supported ones are: 1. "SSEMethod", to override server side encryption algorithm, default to "AES256", only applies when 'Protocol' is of type S3. 2. "PublicUrl", if provided, this URL will be used instead of S3.Endpoint to generate download signed URLs. This config is primarily for local object storage systems like Minio. Example value: "https://minio.mycluster.com" 3. "PathStyle", specifies a boolean value suggesting whether to use path-style addressing instead of virtual hosted bucket addressing. Set to "True" to use path-style addressing. This config is primarily for local object storage systems like Minio. 4. "CaCert", specifies CAbundle of the object storage endpoint. 5. "AwsProfile", specifies the AWS profile within the credential to use. Only applies when 'Protocol' is of type S3. 6. "KmsKey", specifies an AWS KMS Key ID. Only works if the object storage provider is AWS S3 and requires explicitly granting key usage permissions. 7. "SkipTLSVerify", specifies a boolean value suggesting whether TLS certificate should be verified when connecting to the provided endpoint(i.e., self-signed certs with Minio). Default to "False". Note: Setting it to "True" makes it more volnerable to person-in-the-middle attacks. Not recommended for production usage. Immutable.

BackupRepositoryState

Underlying type: string

Appears in: - BackupRepositoryStatus

BackupRepositoryStatus

BackupRepositoryStatus represents the current status of the supplied BackupRepository for backup and restore addon.

Appears in: - BackupRestoreAddonStatus

Field Description
lastSyncTime Timestamp LastSyncTime represents the last time when backup artifacts in the provided BackupRepository have been synced into a cluster.
lastValidationTime Timestamp LastValidationTime represents the last time when the provided BackupRepository was validated.
state BackupRepositoryState State represents the current state of the BackupRepository
message string Message represents a human readable string which states why the BackupRepository is in its current state.

BackupRestoreAddon

BackupRestoreAddon represents the configuration of Backup for GPC components in a cluster. There should be at most one of its kind per cluster.

Appears in: - BackupRestoreAddonList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string BackupRestoreAddon
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec BackupRestoreAddonSpec Spec represents the configuration of the addon.
status BackupRestoreAddonStatus Status represents the last observed state of the addon.

BackupRestoreAddonList

BackupRestoreAddonList represents a collection of BackupRestoreAddons.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string BackupRestoreAddonList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items BackupRestoreAddon

BackupRestoreAddonSpec

BackupRestoreAddonSpec specifies the desired state of the backup restore components.

Appears in: - BackupRestoreAddon

Field Description
repository BackupRepository Repository specifies an object bucket to which backup artifacts will be be stored or from which backup artifacts to be imported. Immutable.
backupSyncInterval Duration BackupSyncInterval specifies how frequently the backup component will sync backups from the provided object bucket. Not specifying this field or setting to a value of 0 disables the sync.
backupRepositoryValidationInterval Duration RepositoryValidationInterval specifies how frequently the backup component checks the healthiness of the repository, i.e., whether the bucket is still available/accessible. Not specifying it or setting it to a value of 0 disables the validation.

BackupRestoreAddonStatus

BackupRestoreAddonStatus represents the current status of the backup restore addon and its associated backup repository.

Appears in: - BackupRestoreAddon

Field Description
repositoryStatus BackupRepositoryStatus RepositoryStatus represents the current status of the BackupRepository.
componentsStatus ComponentsStatus ComponentsStatus represents the current status of installed addon components.

BackupRestoreComponentsPhase

Underlying type: string

BackupRestoreComponentsPhase represents an aggregated status of all components.

Appears in: - ComponentsStatus

BareMetalHostStatus

Appears in: - ServerStatus

Field Description
poweredOn boolean An indicator for whether or not the host is powered on.
provisionState ProvisioningState An indicator for what the provisioner is doing with the host.
operationalStatus OperationalStatus OperationalStatus holds the status of the host.

BgpSessionStatus

Underlying type: string

Status of BGP session.

Appears in: - InterconnectSessionStatus

BmhNetworkBondModeType

Underlying type: string

BmhNetworkBondModeType describes supported bond type names.

Appears in: - PortBondSpec

BorderGatewayProtocolSpec

BorderGatewayProtocolSpec provides the specification of the BGP network within a GPC cell.

Appears in: - CellDataNetworkSpec - CellManagementNetworkSpec

Field Description
bgpAutonomousSystem BGPAutonomousSystemNumber The autonomous system number (ASN) in the BGP configuration for the GPC cell. This is used to peer with customer network, operation centers, and remote GDCH instances.
bgpAutonomousSystemInternal BGPAutonomousSystemNumber The internal autonomous system number (ASN) in the BGP configuration for the GPC cell. The internal ASN is used in the data network to interconnect multiple external VRFs (Root External, ORGx External) with interconnect VRFs (DCI, OC and Customer). The internal ASN is optional for the management network.
ebgp EBGPNeighbors array Uplinks describe the customer neighbors along with associated remote AS numbers

CIDRAllocationStatus

CIDRAllocationStatus represents the CIDR allocation status for CIDRClaim with a specified protocol(Ipv4 or IPv6)

Appears in: - CIDRClaimStatus

Field Description
cidrBlocks IPSubnetString Represents the CIDR allocated to this CIDRClaim. Size should be one except for the root CIDRClaim.
allocatedCidrBlocks IPSubnetString All the CIDRs which are allocated to childs of this CIDRClaim. They are grouped by prefixLength and from small to big in IP order.

CIDRClaim

CIDRClaim is used to claim a CIDR from IPAM. It could have reference to parent CIDRClaim, which helps to build a CIDR allocation tree.

Appears in: - CIDRClaimList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CIDRClaim
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CIDRClaimSpec
status CIDRClaimStatus

CIDRClaimList

CIDRClaimList represents the collection of CIDRClaim.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CIDRClaimList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CIDRClaim

CIDRClaimSpec

Appears in: - CIDRClaim

Field Description
ipv4Spec CIDRRequestSpec The protocol related specs for IPv4.
ipv6Spec CIDRRequestSpec The protocol related specs for IPv6.
parentCidrClaimName string The parent CIDRClaim's name from which this CIDRClaim is allocated. By default, the parent will be in the same namespace as the CIDRClaim. The only exception is when the parent is root CIDRClaims, which have dedicated name "root-external" and "root-internal" and are put in the gpc-system namespace.

CIDRClaimStatus

Appears in: - CIDRClaim

Field Description
conditions Condition array Conditions contains information about the state of the CIDRClaim. Condition types: - Ready: Indicates that the CIDRClaim is ready for use
ipv4AllocationStatus CIDRAllocationStatus Allocation status of IPv4 CIDRs in this CIDRClaim
ipv6AllocationStatus CIDRAllocationStatus Allocation status of IPv6 CIDRs in this CIDRClaim

CIDRRequestSpec

CIDRRequestSpec represents the spec for a single IP version (IPv4 or IPv6) inside the CIDRClaim

Appears in: - CIDRClaimSpec

Field Description
prefixLength integer The prefix length of the CIDR, i.e. the mask length of the CIDR
staticCidrBlocks IPSubnetString The specific CIDRBlocks that the user requests. If specified, the IPAM will try to allocate the requested CIDRBlocks instead of dynamically allocation. If the requested CIDRs are not available, the reconciliation will fail. The slice size is at maximum one except for the root CIDRClaims.

CIQ

Customer Input Questionnaire (CIQ) represents a series of data provided by customer. It includes but not limits to CIDR block, ASN, etc. These properties will be used to generate input ingested by GDCH bootstrap

Appears in: - CIQList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CIQ
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
instanceType GDCHFlavor The flavor of the GDCH instance
externalCIDR HAMSSubnetGroupSpec ExternalCIDR denotes the external customer dataplane subnet, most likely provided by customer, used to communicate with the rootadmin cluster
internalCIDR HAMSSubnetGroupSpec InternalCIDR denotes the internal dataplane subnet used to communicate between the GDCH racks. Note: This CIDR is not visible from the customer network
oobManagementCIDRs HAMSSubnetGroupSpec OOBManagementCIDRs denotes the subnets used to configure the management network of the GDCH instance. Note: This field should be 1 summary CIDR or individual CIDRs for every rack denoted by the GDCH flavor
bgp HAMSBGPSpec BGPInfo denotes the spec consisting of all pertinent BGP configuration
dci HAMSDCISpec DCIInfo denotes the spec consisting of all pertinent DCI configuration
customerUplinks HAMSUplinkSpec array CustomerUplinks denotes the spec consisting of uplink configuration for the customer network
ocUplinks HAMSUplinkSpec OCUplinks denotes the spec consisting of uplink configuration for the OC network
dns CellDNSSpec DNS denotes the necessary information for configuring DNS
licenses HAMSLicenseSpec array DeviceLicenses denotes the spec consisting of all pertinent information regarding licenses for devices
ipplan string IPPlan denotes the filename or alias containing the IP space allocation for GDCH
bootstrapper string Bootstrapper is the name of the Server device used as a bootstrapper machine which should match a value in the DEID

CIQList

CIQList represents a collection of CIQs.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CIQList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CIQ

Cell

Cell represents a Cell. This object holds the information of a Cell.

Appears in: - CellList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string Cell
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CellSpec
status CellStatus

CellDNS

CellDNS represents DNS configuration received from the customer. Only one instance of this resource can be created in the root admin cluster.

Appears in: - CellDNSList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellDNS
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CellDNSSpec
status CellDNSStatus

CellDNSList

CellDNSList represents a collection of CellDNS.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellDNSList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CellDNS

CellDNSSpec

CellDNSSpec provides the DNS specification received from the customer.

Appears in: - CIQ - CellDNS

Field Description
delegatedSubdomain string Customer will provide a delegated subdomain which will be used as a suffix in the GPC cell. This field is required.
nameservers IPAddressString array Nameservers contains the IP addresses of the on-prem DNS servers. This is a list, in case the customer environment has multiple nameservers. If this list is empty, services within GDC will not be able to access services outside of GDC.

CellDataNetwork

CellDataNetwork represents cell-level data network configuration.

Appears in: - CellDataNetworkList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellDataNetwork
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CellDataNetworkSpec
status CellDataNetworkStatus

CellDataNetworkList

CellDataNetworkList represents a collection of CellDataNetworks.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellDataNetworkList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CellDataNetwork

CellDataNetworkSpec

CellDataNetworkSpec provides the cell-level specification of data network.

Appears in: - CellDataNetwork

Field Description
bgp BorderGatewayProtocolSpec The BGP configuration for the data network of the pertaining GPC cell.
l3Mtu integer The maximum transmission unit for data network, which is used in layer-3 data network interfaces. If L3MTU is 0, the L3MTU for data network is unset.
l2Mtu integer The jumbo maximum transmission unit for data network, which is used in configuring the physical layer-2 interface. If L2MTU is 0, the layer-2 MTU for data network is unset.

CellList

CellList represents a collection of cells.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Cell

CellManagementNetwork

CellManagementNetwork represents cell-level management network configuration.

Appears in: - CellManagementNetworkList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellManagementNetwork
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CellManagementNetworkSpec
status CellManagementNetworkStatus

CellManagementNetworkList

CellManagementNetworkList represents a collection of CellManagementNetwork.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string CellManagementNetworkList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items CellManagementNetwork

CellManagementNetworkSpec

CellManagementNetworkSpec provides the cell-level specification of management network.

Appears in: - CellManagementNetwork

Field Description
bgp BorderGatewayProtocolSpec The BGP configuration for the data network of the pertaining GPC cell.
dhcpRelayIPAddress IPAddressString
cidrBlocks IPSubnetString The user provided CIDR blocks of the IP addresses the management network can use. CIDR block represents all the IP address in a prefix-based network (e.g. 192.168.10.32/27)

CellSpec

CellSpec provides the specification of a cell.

Appears in: - Cell

Field Description
connections Connection array Connections describe the cable connections between devices in a rack, among racks in a cell, or to external devices.

ComponentsStatus

ComponentsStatus represents the current status of addon components.

Appears in: - BackupRestoreAddonStatus

Field Description
cluster string Cluster represents the targeted cluster to which the backup and restore addon components have be installed.
phase BackupRestoreComponentsPhase Phase represents an aggregated state of all components status.
lastUpdateTime Timestamp LastUpdateTime represents the last time when components have been checked.
conditions Condition array Conditions represents more detailed status of individual components. Possible condition types see BackupRestoreComponentsConditionTypes.

Connection

Connection describes a cable connection between two terminal ends. The terminal end could be a physical port on a device, an external port outside of GPC racks in a cell, or a special status such as null or loopback.

Appears in: - CellSpec

Field Description
endA string EndA is the A end of a connection. It consists of the device name and port name separated with ":" (e.g. "aa-bb-aggsw01:Eth1/49", "aa-bb-bm01:s1p2"). Only a physical port on a device could act as a EndA.
endB string EndB is the B end of a connection (e.g. "aa-bb-torsw02:Eth1/1", "null", "loopback"). All kinds of terminals could act as EndB.

DataplaneNICPortName

Underlying type: string

DataplaneNICPortName is the name of NIC ports connected to the TOR switch.

Appears in: - PortBondSpec

DeviceSystemSpec

DeviceSystemSpec specifies the HW system's identifiers.

Appears in: - AggSwitchSpec - FirewallNodeSpec - HSMSpec - ManagementAggSwitchSpec - ManagementSwitchSpec - ServerHardwareSpec - StorageNodeSpec - TORSwitchSpec

Field Description
vendor string Vendor is the name of the vendor.
model string Model is the vendor's model name.
serialNumber string SerialNumber is the serial number.

EBGPNeighbors

EBGPNeighbors represents the specification of a BGP neighbor in the external network.

Appears in: - BorderGatewayProtocolSpec

Field Description
remoteAS BGPAutonomousSystemNumber The remote automous system ID for the associated customer target in the BGP configuration for the data network
ip IPAddressString The IP address of the eGP neighbor in the external network. Should be equivalent to the peer address of an uplink in RoutedPortSpec
type BGPPeerType The type of the external BGP peer TODO(neelp): Once there are CRDs for route maps, change this field to be a reference to the appropriate specs
fleetOverlayRefs UniversalObjectReference The list of object references to the FleetOverlayNetwork type which this eBGP neighbor belongs to.
switchRefs UniversalObjectReference The list of object references to the AggSwitch and/or TORSwitch types which this eBGP neighbor belongs to.

EmergencySSHCredential

EmergencySSHCredential represents a temporary ssh credential that may be used by the IO(Infrastructure Operator) to debug and recover the GDCH system in case it is down.

Appears in: - EmergencySSHCredentialList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string EmergencySSHCredential
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec EmergencySSHCredentialSpec
status EmergencySSHCredentialStatus

EmergencySSHCredentialList

EmergencySSHCredentialList represents a collection of EmergencySSHCredential.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string EmergencySSHCredentialList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items EmergencySSHCredential

EmergencySSHCredentialSpec

EmergencySSHCredentialSpec provides the ssh credential specification received from the customer.

Appears in: - EmergencySSHCredential

Field Description
requestor string Requestor is the authenticated identity of the user who created the object. This field is immutable.
validityDurationDays integer ValidityDurationDays is the number of days after the request that the certificate will be valid.
validIPs string array ValidIPs are the source IPs from which this certificate may be used.
publicKey string PublicKey is the base64 encoded SSH public key corresponding to an SSH private key held by the requestor.
approver string Approver is the authenticated identity of the user who approves the request (allows the requestor to obtain an emergency credential). This user must be different from the requestor.

EmergencySSHCredentialStatus

EmergencySSHCredentialStatus represents the current status of the request whether it has been signed or not.

Appears in: - EmergencySSHCredential

Field Description
signedCertificate string SignedCertificate is the resulting base64 encoded SSH certificate, signed by the cluster SSH CA.
validUntil string ValidUntil is the time at which this certificate will no longer be valid, in YYYYMMDDHHMMSS format.
caCertificate string CACertificate is the base64 encoded SSH CA public certificate.

FirewallCluster

FirewallCluster represents a group of FirewallNodes that can be managed together in a cluster.

Appears in: - FirewallClusterList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string FirewallCluster
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec FirewallClusterSpec
status FirewallClusterStatus

FirewallClusterList

FirewallClusterList represents a collection of firewall clusters.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string FirewallClusterList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items FirewallCluster

FirewallClusterSpec

FirewallClusterSpec specifies cluster-wide settings for the cluster.

Appears in: - FirewallCluster

Field Description
nodeRefs LocalObjectReference NodeRefs refers to a list of firewall nodes that belong to this cluster.
adminSecretRef SecretReference AdminSecretRef holds a reference to the credentials for the firewall cluster authentication.
licenses string array Licenses is a list of license strings to apply to the cluster.

FirewallClusterStatus

FirewallClusterStatus contains information about the current state and health of the firewall cluster.

Appears in: - FirewallCluster

Field Description
conditions Condition array Conditions contains information on the health of the cluster. Condition types: - Ready: Indicates that the cluster is ready for use. - Degraded: Indicates that the cluster is degraded and repair is recommended. - Failed: Indicates that the cluster is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

FirewallNode

FirewallNode represents a physical firewall device in a firewall cluster.

Appears in: - FirewallNodeList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string FirewallNode
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec FirewallNodeSpec
status FirewallNodeStatus

FirewallNodeList

FirewallNodeList represents a collection of firewall nodes.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string FirewallNodeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items FirewallNode

FirewallNodeManagementNetworkSpec

FirewallNodeNetworkSpec specifies the firewall management network .

Appears in: - FirewallNodeSpec

Field Description
managementIP IPAddressString ManagementIP holds the management IP address.
managementSubnet IPSubnetString ManagementSubnet is the subnet of management network
defaultGateway IPAddressString DefaultGateway is the default IP address to access the outside networks
managementPort string ManagementPort specifies the names of the management port.

FirewallNodeSpec

FirewallNodeSpec contains configuration for the firewall node.

Appears in: - FirewallNode

Field Description
hardware DeviceSystemSpec Hardware describes the hardware information.
firewallName string FirewallName is the firewall device name
clusterRef LocalObjectReference ClusterRef refers to the firewall cluster this node belongs to.
managementNetwork FirewallNodeManagementNetworkSpec ManagementNetwork specifies the management network port configuration on this node.
adminSecretRef SecretReference AdminSecretRef holds a reference to the credentials for firewall node authentication.
licenses string array License are a list of license strings to apply to the node.

FirewallNodeStatus

FirewallNodeStatus specifies current changing information about the firewall node.

Appears in: - FirewallNode

Field Description
conditions Condition array Conditions contains information on the health of the node. Condition types: - Ready: Indicates that the node is ready for use. - Degraded: Indicates that the node is degraded and repair is recommended. - Failed: Indicates that the node is in a failed state and is non-functional.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

HAMSBGPSpec

HAMSBGPSpec represents the properties required for BGP configuration

Appears in: - CIQ

Field Description
dataASN BGPAutonomousSystemNumber DataplaneASN denotes the BGP ASN of the dataplane network assigned to the GDCH instance
mgmtASN BGPAutonomousSystemNumber ManagementASN denotes the BGP ASN of the management network assigned to the GDCH instance
dataInternalASN BGPAutonomousSystemNumber DataplaneInternalASN denotes the BGP ASN of the internal dataplane network. This ASN is used to interconnect multiple external VRFs (Root External, ORGx External) with interconnect VRFs (DCI, OC and Customer). The internal ASN is optional for the management network.
customerDataASN BGPAutonomousSystemNumber CustomerDataASN denotes the BGP ASN of the dataplane network assigned to the customer network connected to GDCH
customerMgmtASN BGPAutonomousSystemNumber CustomerMgmtASN denotes the BGP ASN of the management network assigned to the customer network connected to GDCH

HAMSDCIASNSpec

HAMSDCIASNSpec represents the properties for identifying BGP AS numbers of GDCH DCI neighbors

Appears in: - HAMSDCISpec

Field Description
instanceID integer InstanceID denotes the identifier for the GDCH instance out of all the GDCH instances participating in DCI
dataASN BGPAutonomousSystemNumber DataplaneASN denotes the BGP ASN of the dataplane network assigned to the GDCH instance

HAMSDCISpec

HAMSDCISpec represents the properties required for DCI configuration

Appears in: - CIQ

Field Description
instanceID integer InstanceID denotes the identifier for this GDCH instance out of all the GDCH instances participating in DCI. Default to 1
totalDCI integer TotalDCI denotes total number of GDCH instances participating in DCI. Default to 1
cidr IPSubnetString CIDR represents the IP space used to allocate DCI subnets. If empty, the DCI subnets are allocated from the internal CIDR range
bgpASNs HAMSDCIASNSpec array NeighborDataplaneASNs denotes the list of BGP ASN values of a particular peer GDCH instance participating in DCI

HAMSLicenseSpec

HAMSLicenseSpec represents the properties required for licensing configuration

Appears in: - CIQ

Field Description
name string DeviceName denotes the name of the device
licenses string array Licenses denotes the list of licenses for the particular device

HAMSSubnetGroupSpec

HAMSSubnetGroupSpec represents the properties required for denoting subnets for its compatible type

Appears in: - CIQ

Field Description
ipFamily IPFamily IPFamily denotes the compatible IP type for this instance
ipv4 IPSubnetString IPv4Subnet denotes the subnet string for IPv4
ipv6 IPSubnetString IPv6Subnet denotes the subnet string for IPv6

HAMSUplinkSpec

HAMSUplinkSpec represents the properties required for uplink configuration

Appears in: - CIQ

Field Description
name string DeviceName denotes the name of the device
uplink RoutedPortSpec UplinkInfo denotes the appropriate information to configure uplinks such as subnet, switch port and peer IP

HairpinBGPSession

HairpinBGPSession describes the details of a BGP session over hairpin loop for firewall integration.

Appears in: - HairpinLink

Field Description
vlanID VLANID VLANID used for this BGP session.
ipSubnet IPSubnetString The allocated CIDR block.
startPortVRF string VRF name of hairpin start port.
endPortVRF string VRF name of hairpin end port.

HairpinLink describes the details of a hairpin link and the BGP sessions over it for firewall integration.

Appears in: - AggSwitchSpec

Field Description
portA SwitchPortInterface The first physical port of the hairpin loop connecting to the firewall.
portB SwitchPortInterface The second physical port of the hairpin loop connecting to the firewall.
hairpinBGPSessions HairpinBGPSession array BGP sessions configured over hairpin loop.

HairpinPortSpec

HairpinPortSpec provides the specification of the hairpin loop used to integrate the firewall with the agg switches

Appears in: - AggSwitchInternalSpec

Field Description
startPort SwitchPortIndexList StartPort represents the first physical port of the hairpin loop connecting to the firewall
middlePort SwitchPortIndexList MiddlePort represents the second physical port of the hairpin loop coming back from the firewall
endPort SwitchPortIndexList EndPort represents the third physical port of the hairpin loop connecting to the DCI routers

HostType

Underlying type: string

HostType represents the predefined types for a host in a SwitchACL rule.

Appears in: - HostTypeToAddressStatus - SwitchACLHost

HostTypeToAddressStatus

HostTypeToAddressStatus represents the list of addresses mapped to each predefined host types after reconciliation.

Appears in: - SwitchACLStatus

Field Description
hostType HostType HostType describes the predefined host type
ipAddrs IPAddressString IpAddrs describes the list of address mapped for the host type

IPAddressString

Underlying type: string

IPAddressString represents IPv4 or IPv6 address in string format (e.g., 172.17.0.1 or 1200:0000:AB00:1234:0000:2552:7777:1313).

Appears in: - AddressPoolClaimStatus - AggSwitchSpec - BMCSpec - CellDNSSpec - CellManagementNetworkSpec - CiscoNxOSSwitchPairingConnection - DataLogicalInterface - EBGPNeighbors - FirewallNodeManagementNetworkSpec - HAGroup - HAInterfaceSpec - HSMClusterStatus - HSMDataNetwork - HSMManagementNetwork - HostTypeToAddressStatus - IPRange - InterconnectSessionSpec - LogicalInterface - ManagementAggSwitchSpec - ManagementSwitchSpec - NTPServerSpec - ObjectStorageSiteStatus - ServerNetworkSpec - ServiceSpec - StaticNetworkConfig - StaticRoute - StorageClusterAddress - StorageNodeNetworkSpec - SubnetAllocationStatus - SubnetSpec - SwitchACLHost - SwitchCommonSpec - TORSwitchSpec

IPFamily

Underlying type: string

IPFamily is the Enum type to specify the family of the IPs.

Appears in: - AddressPoolClaimSpec - HAMSSubnetGroupSpec - L2NetworkSpecList - NumberedIPGroupSpec

IPRange

IPRange specifies a continuous IP range. The range includes the StartIPAddress.

Appears in: - AddressPoolClaimStatus - ReservedIPRange - SubnetAllocationStatus

Field Description
startIPAddress IPAddressString
size integer

IPSubnetString

Underlying type: string

IP subnet in string format (e.g., 192.168.0.1/24 or 1200:0000:AB00:1234:0000:2552:7777:1313/120).

Appears in: - AddressPoolClaimStatus - AdminNodeNetwork - CIDRAllocationStatus - CIDRRequestSpec - CellManagementNetworkSpec - FirewallNodeManagementNetworkSpec - HAMSDCISpec - HAMSSubnetGroupSpec - HSMManagementNetwork - HairpinBGPSession - InterconnectSessionSpec - StaticNetworkConfig - StaticRoute - StorageEncryptionConnectionSpec - StorageNetwork - StorageNodeNetwork - SubnetAllocationStatus - SubnetSpec

ImageSourceType

Underlying type: string

Valid sources of machine OS image.

Appears in: - MachineImageSpec

ImageURLSpec

Appears in: - MachineImageSpec

Field Description
url string URL specifies the location of an OS image.
format string The disk format of the image. It can be one of the following: "raw", "qcow2". If unset, the disk format would be automatically derived.
checksum string The actual checksum or a URL to a file containing the checksum for the image.
checksumType string The Checksum algorithms if "checksum" is specified. Currently only "sha256" and "sha512" are recognized. Must be set if "checksum" is specified.

InFlightConfig

InFlightConfig provides the specification of the concurrent OSUpgrade. TODO(pingsun): Support for percentage.

Appears in: - OSUpgradeSpec

Field Description
maxConcurrentMachines integer This threshold will limit the maximum number of machines running the upgrade concurrently. Machines will be rolling upgraded. TODO(pingsun): Support for percentage threshold.

InterconnectLink models the physical interconnection link to NOC, Customer Network or other DCs on Agg Switch or Mgmt Agg Switch.

Appears in: - InterconnectLinkList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string InterconnectLink
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec InterconnectLinkSpec
status InterconnectLinkStatus

InterconnectLinkList represents a collection of InterconnectLink objects.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string InterconnectLinkList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items InterconnectLink

InterconnectLinkSpec

InterconnectLinkSpec provides the specification (i.e., desired state) of a physical interconnect link.

Appears in: - InterconnectLink

Field Description
ports SwitchPortInterface The physical ports that connect to external switches. When LACP is disabled, there should be only one element; When LACP is enabled, there should be more than one element.

InterconnectSession

InterconnectSession models a virtual link associated with a physical interconnect link (InterconnectLink) and the BGP session over the virtual link. It's only used for connections towards external peer (outside of a GDCH instance), i.e. it's not used for connenctions with both ends within a GDCH instance.

Appears in: - InterconnectSessionList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string InterconnectSession
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec InterconnectSessionSpec
status InterconnectSessionStatus

InterconnectSessionList

InterconnectSessionList represents a collection of InterconnectSession objects.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string InterconnectSessionList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items InterconnectSession

InterconnectSessionSpec

InterconnectSessionSpec provides the specification (i.e., desired state) of a InterconnectSession.

Appears in: - InterconnectSession

Field Description
interconnectLinkRef UniversalObjectReference InterconnectLinkRef represents the InterconnectLink that this object is associated with.
routePolicyRef UniversalObjectReference RoutePolicyRef represents the RoutePolicy that is applied to this object.
interconnectType InterconnectType Interconnection type identified by remote peer.
localIPSubnet IPSubnetString Local IP address and subnet length on GDCH side.
peerIP IPAddressString Peer IP address on the peer side.
localASN BGPAutonomousSystemNumber Local ASN of the BGP session. If unset, the ASN of the router is used.
peerASN BGPAutonomousSystemNumber Peer ASN of the BGP session. If unset, the BGP session is an iBGP session.
mtu integer MTU value for the connection. If unset, 1500 is used. TODO(ruibin): Add a mutating webhook to set default value.
vlanID VLANID VLAN ID for InterconnectSession. If unset or 1, the connection is untagged.
md5HashKey string MD5 Hash Key for the BGP authentication. If not present or empty, BGP authentication is not enabled.

InterconnectSessionStatus

InterconnectSessionStatus provides the status of a InterconnectSession.

Appears in: - InterconnectSession

Field Description
bgpStatus BgpSessionStatus BGP session status.
upTime Time Timestamp of the last time that BGP session came up.
prefixCounter BGPPrefixCounters BGP counters.

InterconnectType

Underlying type: string

InterconnectType represents the type of interconnect.

Appears in: - InterconnectSessionSpec

L2NetworkMode

Underlying type: string

L2 Network mode that the interface should be configured in

Appears in: - L2NetworkSpecList

L2NetworkSpecList

L2NetworkSpecList is a list of L2NetworkSpec

Appears in: - ManagementSwitchSpec - SwitchCommonSpec

Field Description
id integer VLAN ID of the L2 network.
ipFamily IPFamily IPFamily provides the IP family that the layer-2 network uses.
ports SwitchPortIndexSet . Ports describes all physical switch ports owned by the layer-2 network. Ports shouldn't include the physical switch ports that are members of the user-defined port channels owned by this layer-2 network.
lacpGroups SwitchPortIndexList LACPGroups provides LACP groups to be setup on the switch. Each group contains at least one port. Optional.
portChannelIndices SwitchPortIndexSet . PortChannelIndices describe all user-defined port channels owned by the layer-2 network. Corresponding PortChannelSpec must exist in the switch spec for each index in the PortChannelIndices. Note that these port channels will not be the only port channels configured in the switch. The switch will configure more for internal use.
ipv4Subnet SubnetSpec IPv4Subnet describes the layer-3 IPv4 subnet on top of the layer-2 network.
ipv6Subnet SubnetSpec IPv6Subnet describes the layer-3 IPv6 subnet on top of the layer-2 network.
l2Mode L2NetworkMode Mode of the L2 network interface

L2NetworkSpecList

L2NetworkSpecList is a list of L2NetworkSpec

Appears in: - ManagementSwitchSpec - SwitchCommonSpec

Field Description
id integer VLAN ID of the L2 network.
ipFamily IPFamily IPFamily provides the IP family that the layer-2 network uses.
ports SwitchPortIndexSet . Ports describes all physical switch ports owned by the layer-2 network. Ports shouldn't include the physical switch ports that are members of the user-defined port channels owned by this layer-2 network.
lacpGroups SwitchPortIndexList LACPGroups provides LACP groups to be setup on the switch. Each group contains at least one port. Optional.
portChannelIndices SwitchPortIndexSet . PortChannelIndices describe all user-defined port channels owned by the layer-2 network. Corresponding PortChannelSpec must exist in the switch spec for each index in the PortChannelIndices. Note that these port channels will not be the only port channels configured in the switch. The switch will configure more for internal use.
ipv4Subnet SubnetSpec IPv4Subnet describes the layer-3 IPv4 subnet on top of the layer-2 network.
ipv6Subnet SubnetSpec IPv6Subnet describes the layer-3 IPv6 subnet on top of the layer-2 network.
l2Mode L2NetworkMode Mode of the L2 network interface

MachineImageSpec

MachineImageSpec describes the OS image for the machine.

Appears in: - ServerSpec

Field Description
source ImageSourceType ImageSource describes which OS should be installed on the machine.
urlSpec ImageURLSpec ImageSource describes the necessary fields to provision the machine when ImageSource is 'url'. If ImageSource is 'ramdisk' or 'external' then ImageURLSpec can cache the target provisioning URL. If ImageSource is 'url', ImageURLSpec must not be empty.
sshPubKeyRefs SecretReference SSHPubKeyRefs hold the references to secrets containing the public keys that will be authorized in the provisioned systems.

ManagementAggSwitch

ManagementAggSwitch represents a management aggregation switch.

Appears in: - ManagementAggSwitchList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string ManagementAggSwitch
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManagementAggSwitchSpec
status ManagementAggSwitchStatus

ManagementAggSwitchList

ManagementAggSwitchList represent a collection of management aggregation switches.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string ManagementAggSwitchList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManagementAggSwitch

ManagementAggSwitchSpec

ManagementAggSwitchSpec provides the specification of a management aggregation switch.

Appears in: - ManagementAggSwitch

Field Description
hardware DeviceSystemSpec .
managementIP IPAddressString ManagementIP describes the pre-configured IP address in the management agg switch which is accessible before the rest of the specification gets configured. For example, a manually-configured IP for its management port or some part of its data-plane .
switchCredentials SwitchCredentials SwitchCredentials holds references to the Secret objects that contain the admin, read-only, and breakglass credentials of the switch.

ManagementAggSwitchStatus

ManagementAggSwitchStatus describes the status of a management aggregation switch.

Appears in: - ManagementAggSwitch

Field Description
conditions Condition array Conditions contains information about the state of the switch. Condition types: - Ready: Indicates that the switch is ready for use
switchStatus SwitchStatus

ManagementSwitch

ManagementSwitch represents the configurations of a single management switch. There is one management switch per GPC rack.

Appears in: - ManagementSwitchList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string ManagementSwitch
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ManagementSwitchSpec
status ManagementSwitchStatus

ManagementSwitchList

ManagementSwitchList represents a collection of management switches.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string ManagementSwitchList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items ManagementSwitch

ManagementSwitchSpec

ManagementSwitchSpec provides the specification (i.e., desired state) of a management switch.

Appears in: - ManagementSwitch

Field Description
hardware DeviceSystemSpec .
managementIP IPAddressString ManagementIP describes the pre-configured IP address in the management switch which is accessible before the rest of the specification. For example, a manually-configured IP for its management port.
serverNetwork L2NetworkSpecList ServerNetwork describes the network segment connecting all the baremetal servers and (possibly) TOR switches. TODO(neelp): This field should be deprecated once SubnetClaims for mgmt network is available
switchCredentials SwitchCredentials SwitchCredentials holds references to the Secret objects that contain the admin, read-only, and breakglass credentials of the switch.

ManagementSwitchStatus

ManagementSwitchStatus provides the status of a management switch.

Appears in: - ManagementSwitch

Field Description
conditions Condition array Conditions contains information about the state of the management switch. Condition types: - Ready: Indicates that the management switch is ready for use
switchStatus SwitchStatus SwitchStatus contains the latest detailed information obtained from the switch.

NICPortSpec

NICPortSpec specifies the NIC port information. It provides a way to map the physical port name, which is consumed by on-field technicians, with the interface name of the port from the OS, which is consumed by the application.

Appears in: - BMCSpec - HSMDataNetwork - HSMManagementNetwork - ServerHardwareSpec

Field Description
name string Name is the NIC port name (e.g. "s1p1").
mac MACAddressString MAC specifies the hardware address of the NIC port.

NTPServer

NTPServer is the client-facing API for NTP servers.

Appears in: - NTPServerList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string NTPServer
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec NTPServerSpec
status NTPServerStatus

NTPServerList

NTPServerList represents a collection of NTPServer objects.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string NTPServerList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items NTPServer

NTPServerSpec

NTPServerSpec provides the specification (i.e., desired state) of an NTP server.

Appears in: - NTPServer

Field Description
ip IPAddressString IP address of the NTP Server. Must be provided.
dnsName DomainName DNS name of the NTP server. If set, this is preferred to be used as the NTP server address to encapsulate IP changes.

NTPServerStatus

NTPServerStatus provides the status of an NTP server

Appears in: - NTPServer

Field Description
conditions Condition array Contains the latest available observations of an NTP server's current state.

NetworkCategory

Underlying type: string

NetworkCategory categorizes a network based on its usage in a GPC cell.

Appears in: - AddressPoolClaimSpec - SubnetClaimSpec

NumberedIPGroupSpec

NumberedIPGroupSpec represents a group of NumberedIPSpec.

Appears in: - RoutedPortSpec

Field Description
ipFamily IPFamily IPFamily provides the IP family used in the numbered IP group.
ipv4 NumberedIPSpec IPv4 provides IPv4 NumberedIPSpec used in the group.
ipv6 NumberedIPSpec IPv6 provides IPv6 NumberedIPSpec used in the group.

NumberedIPSpec

NumberedIPSpec specifies an IP address and the subnet it belongs to.

Appears in: - NumberedIPGroupSpec

OSArtifact

OSArtifact represents the configurations for OS artifacts (package version and kernel etc) collection and data freshness etc.

Appears in: - OSArtifactList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSArtifact
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec OSArtifactSpec

OSArtifactList

OSArtifactList represents a collection of OS artifacts.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSArtifactList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OSArtifact

OSArtifactSnapshot

OSArtifactSnapshot represents a snapshot of the OS artifacts (package versions, kernel versions etc)

Appears in: - OSArtifactSnapshotList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSArtifactSnapshot
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec OSArtifactSnapshotSpec
status OSArtifactSnapshotStatus

OSArtifactSnapshotList

OSArtifactSnapshotList represents a collection of OS artifact snapshots.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSArtifactSnapshotList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OSArtifactSnapshot

OSArtifactSnapshotSpec

Appears in: - OSArtifactSnapshot

Field Description
machineRef LocalObjectReference Reference to the Machine CR.
maxSnapshotStaleness string Maximum allowed staleness for OS artifact snapshots. It will be parsed into time.Duration with https://golang.org/pkg/time/#ParseDuration Examples: 30m, 1.5h.

OSArtifactSnapshotStatus

OSArtifactSnapshotStatus is the collected snapshot of OS artifacts.

Appears in: - OSArtifactSnapshot

Field Description
package OSPackageSnapshot array
kernel OSKernelSnapshot Information of OS kernel.
lastUpdateTimestamp Time Timestamp that the snapshot is last updated.

OSArtifactSpec

OSArtifactSpec provides the specification (i.e., desired state) of OS artifacts like maximum data staleness etc.

Appears in: - OSArtifact

Field Description
maxSnapshotStaleness string Maximum allowed staleness for OS artifact snapshots. It will be parsed into time.Duration with https://golang.org/pkg/time/#ParseDuration Examples: 30m, 1.5h.

OSKernelInfo

OSKernelInfo provides the specification (i.e., desired state) of an OS kernel.

Appears in: - OSUpgradeSpec

Field Description
targetVersion string Target kernel version of an OSUpgrade (e.g. linux-image-5.4.0-60-generic).

OSKernelSnapshot

OSKernelSnapshot is a snapshot of OS kernel.

Appears in: - OSArtifactSnapshotStatus

Field Description
version string Version of OS kernel, i.e. 5.7.17-1rodete5-amd64.

OSPackageInfo

OSPackageInfo provides the specification (i.e., desired state) of an OS package.

Appears in: - OSUpgradeSpec

Field Description
packageName string Name of an OS package (e.g., openssl).
minVersion string Minimal required version of an OS package (e.g., 1.1.1i-1).

OSPackageSnapshot

OSPackageSnapshot is a snapshot of one OS package.

Appears in: - OSArtifactSnapshotStatus

Field Description
name string Name of the package, i.e. openssl.
version string Version of the package, i.e. 1.1.1i-1.

OSUpgrade

OSUpgrade represents the configurations of an OS upgrade including kernel and a package list. Currently we only allow one OSUpgrade to be running. Others need to wait.

Appears in: - OSUpgradeList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSUpgrade
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec OSUpgradeSpec
status OSUpgradeStatus

OSUpgradeList

OSUpgradeList represents a collection of OSUpgrades.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSUpgradeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OSUpgrade

OSUpgradeQueue

OSUpgradeQueue stores the reference to an OSUpgrade object that should be processed. Currently we only have one unique OSUpgradeQueue object.

Appears in: - OSUpgradeQueueList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSUpgradeQueue
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec OSUpgradeQueueSpec
status OSUpgradeQueueStatus

OSUpgradeQueueList

OSUpgradeQueueList represents a collection of OSUpgradeQueue.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string OSUpgradeQueueList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OSUpgradeQueue

OSUpgradeQueueStatus

OSUpgradeQueueStatus provides the status of an OSUpgradeQueue.

Appears in: - OSUpgradeQueue

Field Description
osupgradeRef LocalObjectReference Reference to the OSUpgradeQueue CRD.

OSUpgradeSpec

OSUpgradeSpec provides the specification (i.e., desired state) of an OSUpgrade.

Appears in: - OSUpgrade

Field Description
kernel OSKernelInfo Target kernel information of an OSUpgrade.
packages OSPackageInfo array Packages that need to be upgraded. Each OSPackageInfo will include the name and minimal version of a package.
debianRepoImageRef string Reference to an OCI image containing one or more debian packages from a release to be served by a Debian Repo Server. The image should contain packages that clients specified upgrading to in Packages. The reference should include project name, repository name, and image tag and will be used as an argument when configuring the Debian Repo Server deployment.
inFlightConf InFlightConfig The concurrency threshold of upgrade jobs running on machines.

OSUpgradeStatus

OSUpgradeStatus provides the status of an OSUpgrade.

Appears in: - OSUpgrade

Field Description
upgradeStatus UpgradeState The UpgradeStatus shows the current upgrade status of the OSUpgrade. Currently, we only allow one OSUpgrade to be running in progress. Other OSUpgrade objects need to wait. If the status is pending, the OSUpgrade object will be processed when there exists no other in-progress OSUpgrade. Else if the status is in-progress, the OSUpgrade object is now being processed. Other OSUpgrade objects can not be processed at the same time. Will be changed to finished when all machines finish upgrading for this OSUpgrade. Else if the status is finished, the OSUpgrade object has been processed.
tasks UpgradeTask array Tasks contain a list of upgrade tasks running on machines.

ObjectStorageProtocol

ObjectStorageProtocol represents the protocol used to communicate with a BackupRepository. Only "S3" ObjectStorageProtocolType is supported in the current version.

Appears in: - BackupRepository

Field Description
type ObjectStorageProtocolType Type specifies the supplied object storage provider's protocol. Possible values are "S3". Immutable.
s3 S3Protocol Exactly one of the following MUST be specified, and it MUST matches with the 'Type' field specified. S3 specifies the S3 protocol used to communicate with the object storage system. Immutable once set.

ObjectStorageProtocolType

Underlying type: string

ObjectStorageProtocolType defines supported object storage protocols. Possible values are "S3".

Appears in: - ObjectStorageProtocol

OperationalStatus

Underlying type: string

OperationalStatus represents the state of the host.

Appears in: - BareMetalHostStatus

OverlayNetworkType

Underlying type: string

OverlayNetworkType represents the type of an overlay network.

Appears in: - SubnetClaimSpec - VRF

PortBondSpec

PortBondSpec specifies the aggregation group of NIC ports which form a logical interface for the same type of network traffic.

Appears in: - ServerHardwareSpec

Field Description
name string Identifier of the port bond. Must not overlap with physical NIC ports.
nicPortNames DataplaneNICPortName array NICPortNames specify the NIC ports connected to the vPC peer switches.
networkBondModeType BmhNetworkBondModeType NetworkBondModeType specifies the network bond mode type. This should only be set when there are >=2 MACs. See BmhNetworkBondModeType for all supported bond mode type. This field is optional.

PortChannelSpec

Appears in: - TORSwitchInternalSpec

Field Description
index SwitchPortIndexList Index of the port channel. Must be between 1 and 99.
members SwitchPortIndexList Members of the port channel. Must no be empty. Members must have the same compatibility attributes, such as link speed.

Provider

Underlying type: string

Provider defines the type of Provider used for Server.

Appears in: - ServerSpec

ProvisioningState

Underlying type: string

ProvisioningState defines the states the provisioner will report the host has having.

Appears in: - BareMetalHostStatus

Rack

Rack represents a rack. This is a namespaced object and will be put in the gpc-system namespace by default. The Rack objects will be created by the GPC bootstrap process. We will only remove the Rack object when a rack is fully decommissioned.

Appears in: - RackList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string Rack
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec RackSpec
status RackStatus

RackList

RackList represents a collection of racks.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string RackList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Rack

RackSpec

RackSpec provides the specification of a rack.

Appears in: - Rack

Field Description
displayName string DisplayName is the display name of a rack (e.g. HPE Enterprise Shock Rack). Immutable after creation.
location string Location is the location of a rack (e.g. Silicon Valley). Immutable after creation.
model string Model is the model of a rack (e.g. G2). Immutable after creation.
serialNumber string SerialNumber is the serial number of a rack (e.g. P9K43A). Immutable after creation.
size string Size is the size of a rack (e.g. 42U 800mmx1075mm). Immutable after creation.
vendor string Vendor is the name of the vendor of a rack (e.g. Dell Inc.). Immutable after creation.

RedfishSpec

RedfishSpec contains the information about BMC's Redfish interface.

Appears in: - BMCSpec

Field Description
systemPath string The path to system ID in Redfish REST API. See metal3 reference: https://github.com/metal3-io/baremetal-operator/blob/master/docs/api.md#bmc

ReservationType

Underlying type: string

ReservationType identifies the expected usage of a reserved IP range

Appears in: - ReservedIPRange

ReservedIPRange

ReservedIPRange contains information of a range of reserved IPs

Appears in: - SubnetAllocationStatus - SubnetIPDetailSpec

Field Description
ipRange IPRange
type ReservationType

RoutedPortSpec

RoutedPortSpec describes a routed port (pure layer3) of a network device.

Appears in: - AggSwitchInternalSpec - HAMSUplinkSpec - ManagementAggSwitchInternalSpec - SwitchCommonSpec - SwitchStatus

Field Description
port SwitchPortInterface Port describes the routed port index.
numberedIpGroup NumberedIPGroupSpec NumberedIP provides a group of assigned IP addresses and subnets for the routed port. If nil, it should use unnumbered IP.

S3Protocol

S3Protocol specifies the configuration of a S3-compatible object bucket for backup restore components to write backups to/read backups from.

Appears in: - ObjectStorageProtocol

Field Description
bucket string The S3 bucket name in which backup artifacts will be stored. Immutable.
url string Endpoint specifies the URL of S3 server. Immutable.
signatureVersion string SignatureVesion specifies which version of the signature algorithm used to create signed URLs for downloading/uploading backup artifacts. Possible versions are "1" and "4". Default to "4" if not set which works with most S3 compatible object storage providers. Immutable once set.
region string The AWS region in which the bucket is located. Immutable once set.

Server

Server represents a physical server.

Appears in: - ServerList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string Server
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ServerSpec
status ServerStatus

ServerBMCCertificateStatus

Appears in: - ServerStatus

Field Description
state BMCCertificateState State is the BMC certificate state. It has finite states.
rotationStartTime Time RotationStartTime is the time of the previous BMC certificate rotation commencement.
nextCSR integer array NextCSR is the certificate signing request (CSR) generated by and retrieved from BMC during rotation. It is used to create a CertificateRequest object.
nextCertificateRequestRef LocalObjectReference NextCertificateRequestRef is the reference of the CertificateRequest object created during rotation. The CertificateRequest status contains a trusted BMC certificate.
ca integer array CA is the certificate authority of the BMC certificate. CA is dedicated to validate the BMC certificate during rotation. Under other BMC certificate validation scenarios, the Issuer certificate validates the BMC certificate. CA can also indicate a BMC certificate rotation is required when the Issuer certificate that signed the BMC certificate has been rotated.
nextRenewalTime Time NextRenewalTime is the time of the next BMC certificate rotation. By default it will be 2/3 of the X.509 certificate's duration. A rotation will be scheduled at NextRenewalTime.

ServerHardwareSpec

Appears in: - ServerSpec

Field Description
system DeviceSystemSpec System describes baremetal server hardware identifiers including model, vendor and serial number.
machineClassName string MachineClassName is the name of the cluster-scoped (non-namespaced) MachineClass object, which describes the hardware type (e.g. o1-standard1-64-gdc-metal) of a server.
managementNICPort NICPortSpec ManagementNICPort specifies the NIC port connected to management switch.
dataplaneNICPorts NICPortSpec DataplaneNICPorts specify the NIC ports connected to TOR switches.
portBond PortBondSpec PortBond describes the aggregation group of NIC ports connected to the vPC peer switches for dataplane traffic.

ServerList

ServerList represents a collection of physical servers.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string ServerList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Server

ServerNetworkSpec

SeverNetworkSpec specifies the server network information. It provides physical NIC port links, IP addresses and SubnetClaim defined in network types.

Appears in: - ServerSpec

Field Description
link string Name of the NIC port (or port bond).
ips IPAddressString Static IP addresses of the server's management/dataplane traffics. When not present, the IP addresses need to be assigned dynamically.
subnetClaimRef ObjectReference SubnetClaimRef represents the reference to the SubnetClaim. It is only available for dataplane network.

ServerSpec

ServerSpec provides the specification (i.e., desired state) of a physical server.

Appears in: - Server

Field Description
serverHardware ServerHardwareSpec ServerHardware describes baremetal server hardware specification. Can be omitted in environments without actual hardware.
managementNetwork ServerNetworkSpec ManagementNetwork describes the management network of the server.
dataplaneNetwork ServerNetworkSpec DataNetwork describes the dataplane network of the server. Must not be empty.
bmc BMCSpec BMC specifies the BMC information of the server.
image MachineImageSpec Image specifies the OS image for the server.
fleetRef LocalObjectReference FleetRef holds the reference of Fleet assigned in the root admin cluster. Once a server is assigned to a fleet, it should not be allowed to assign to a different fleet until it has been decommissioned from the owner fleet. Here we assume Fleet and Server belong to the same namespace(i.e., gpc-system).
nodePoolClaimRef UniversalObjectReference NodePoolClaimRef holds the reference of the NodePoolClaim which claims this server machine. The claim may be requested from the root or fleet admin clusters. Note Server objects will be created inside the root admin cluster, so this referenced node pool claim object might be a remote one in a different cluster. The combined fleet and claim references can uniquely identify the referred node pool claim object in the entire GPC system. This caters to the GPC multi-tenancy architecture that the root cluster manages infrastructure resources.
reimageRequired boolean ReimageRequired indicates this server machine needs to be reimaged. It is generally required when the machine gets decommissioned from a cluster and returned to the fleet pool. The reimaging process will deprovision the server first and provision again with the required OS image. The disk data will be cleared and the machine will be ready to reuse.
rootDevice string RootDevice describes the Linux device name to install the OS under. If not specified, will assume '/dev/sda'
provider Provider Provider describes the type of Provider used for Server. If not specified, default to 'metal3'.
encryptDisk boolean EncryptDisk indicates whether the server should be configured for disk encryption with the in-rack HSM cluster.

ServerStatus

ServerStatus provides the status of a physical server.

Appears in: - Server

Field Description
bareMetalHost LocalObjectReference BareMetalHost holds the reference to the metal3 BareMetalHost object that is created for the server. The metal3 BareMetalHost object will have the owner reference set to the Server object for garbage collection purpose.
networkConditions Condition array NetworkConditions contain the latest observations of the condition of all switches within the server's fleet. If switches reconciliation is partially failed, the conditions will be marked as failed. An example condition is ReadyCondition type with reason "SpecsConflict".
provisionReady boolean Indicates whether the server is provisioned successfully and ready to use.
conditions Condition array ProvisionConditions contains the latest observations of the provision state.
timeSyncStatus ServerTimeSyncStatus Time sync status of the server.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.
bareMetalHostStatus BareMetalHostStatus Status of the baremetal host managed by the Server.
bmcCertificateStatus ServerBMCCertificateStatus Status of the BMC certificate. If it is nil, a controller will update it to the default.

ServerTimeSyncStatus

ServerTimeSyncStatus contains the time sync status of a server's different time sync clients.

Appears in: - ServerStatus

Field Description
os TimeSyncClientStatus Status of the time sync client running on the server's OS.
bmc TimeSyncClientStatus Status of the BMC's time sync client.

SubnetAllocationStatus

Appears in: - SubnetClaimStatus

Field Description
cidrBlock IPSubnetString Allocated CIDR block for the subnet. CIDR block represents all the IP address in a prefix-based network (e.g. 192.168.10.32/27)
gateway IPAddressString Default gateway IP address for the subnet, which is the first ip in the CIDR block.
reservedIpRanges ReservedIPRange The reserved static IP ranges for switches. The gateway IP is also included.
availableIPRanges IPRange IP Ranges which are still available for allocation

SubnetClaim

SubnetClaim represents a request and allocated result of a subnet.

Appears in: - SubnetClaimList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SubnetClaim
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SubnetClaimSpec
status SubnetClaimStatus

SubnetClaimList

SubnetClaimList represents the collection of SubnetClaim.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SubnetClaimList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SubnetClaim

SubnetClaimSpec

SubnetClaimSpec provides the specification (i.e., desired state) of a subnet.

Appears in: - SubnetClaim

Field Description
category NetworkCategory Category of the subnet, which will be specified in two dimensions: internal or external, overlay or underlay. The route of an external subnet will be advertised to customer's network. This field is immutable.
overlayNetwork OverlayNetworkType OverlayNetwork provides the overlay network that the SubnetClaim belongs to.
cidrClaimName string The name of the CIDRClaim which contains CIDR information of this SubnetClaim. The CIDRClaim should be at the same namespace as the SubnetClaim. Is not used now.
ipv4Spec SubnetIPDetailSpec
ipv6Spec SubnetIPDetailSpec The CIDR and IP requirements for the IPv6 Subnet. Required when the IPFamily is IPv6 or DualStack

SubnetClaimStatus

SubnetClaimStatus represents the allocated result of a subnet claim.

Appears in: - SubnetClaim

Field Description
conditions Condition array Conditions contains information about the state of the SubnetClaim. Condition types: - Ready: Indicates that the SubnetClaim is ready for use
vlanID VLANID The allocated VLAN for the appropriate subnet
ipv4SubnetStatus SubnetAllocationStatus The allocated IPv4 subnet information. Required when the IPFamily is IPv4 or DualStack.
ipv6SubnetStatus SubnetAllocationStatus The allocated IPv6 subnet information. Required when the IPFamily is IPv6 or DualStack.

SubnetIPDetailSpec

SubnetIPDetailSpec contains the details about subnet's IP related specs.

Appears in: - SubnetClaimSpec

Field Description
staticReservedIpRanges ReservedIPRange array Optional. The specific reserved ip ranges that user requests. If the requested reserved ip ranges are not inside the StaticCIDRBlock, the reconciliation will fail.

SubnetSpec

SubnetSpec describes the layer-3 properties of a network.

Appears in: - L2NetworkSpecList

Field Description
subnet IPSubnetString Subnet describes the CIDR block of the network segment.
gateway IPAddressString Gateway specifies the gateway IP of the network segment. In case of a p2p subnet, this field contains the other peer's IP address.

SwitchACL

SwitchACL represents a list of rules that defines network access to switches.

Appears in: - SwitchACLList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SwitchACL
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SwitchACLSpec
status SwitchACLStatus

SwitchACLActionType

Underlying type: string

SwitchACLActionType represents the action to be taken when the rule is exercised.

Appears in: - SwitchACLRule

SwitchACLConnOptionType

Underlying type: string

SwitchACLConnOptionType represents the connection option types to be applied for a SwitchACL rule

Appears in: - SwitchACLRule

SwitchACLDirectionType

Underlying type: string

SwitchACLDirectionType represents the direction in which the SwitchACL is applied

Appears in: - SwitchACLSpec

SwitchACLHost

SwitchACLHost represents a host to be used in an SwitchACL rule. Only one of the fields should be defined. An error will be thrown if less than or more than one field is defined.

Appears in: - SwitchACLRule

Field Description
hostType HostType HostType describes the host as a predefined host type
hostRef ObjectReference HostRef describes host by name
hostAddr IPAddressString HostAddr describes the host as an IP address string

SwitchACLList

SwitchACLList represents a list of SwitchACLs.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SwitchACLList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SwitchACL

SwitchACLPortType

Underlying type: integer

SwitchACLPortType represents the port number to be used in a SwitchACL rule.

Appears in: - SwitchACLRule

SwitchACLProtoType

Underlying type: string

SwitchACLProtoType represents the proto type for the SwitchACL rule

Appears in: - SwitchACLRule

SwitchACLRule

SwitchACLRule represents a rule in the SwitchACL

Appears in: - SwitchACLSpec

Field Description
comment string Comment describes the SwitchACL rule.
action SwitchACLActionType Action describes the action to be taken if the rule is exercised.
proto SwitchACLProtoType Proto describes the protocol for which this rule applies
src SwitchACLHost Src describes the source of the traffic
srcPort SwitchACLPortType SrcPort describes the source port for the traffic.
dst SwitchACLHost Dst describes the destination of the traffic.
dstPort SwitchACLPortType DstPort describes the destination port for the traffic.
connOption SwitchACLConnOptionType ConnOption describes the connection option
log boolean Log describes whether whether to log when the rule is exercised.
verbatim string Verbatim describes the text enclosed within quotes that should be rendered into the final rule without interpretation or modification.

SwitchACLSpec

SwitchACLSpec represents the Specification of rules along with their associated switches in an SwitchACL object.

Appears in: - SwitchACL

Field Description
switchAclType SwitchACLType SwitchACLType describes how the SwitchACL should be applied
switchRefs ObjectReference SwitchRefs describes the list of switches to which the SwitchACL should be applied
direction SwitchACLDirectionType Direction describes the direction in which the SwitchACL must be applied
rules SwitchACLRule array Rules describes the list of SwitchACL rules. The order of the list establishes the priority order of the rules(first rule being highest). All rules will automatically be assigned sequence numbers which will be separated by 10. This allows for rules to be added in between manually if required.

SwitchACLStatus

SwitchACLStatus respresents the status of an SwitchACL after reconciliation.

Appears in: - SwitchACL

Field Description
hostTypeToAddressStatus HostTypeToAddressStatus array HostTypeToAddressStatus describes the list of addresses mapped for each HostType
generatedConfig string GeneratedConfig describes the Generated SwitchACL config

SwitchACLType

Underlying type: string

SwitchACLType represents the use case for which the SwitchACL is applied to.

Appears in: - SwitchACLSpec

SwitchCredentials

SwitchCredentials contains the admin, read-only, and breakglass credentials of a switch.

Appears in: - AggSwitchSpec - ManagementAggSwitchSpec - ManagementSwitchSpec - TORSwitchSpec

Field Description
admin SecretReference The secret resource corresponding to the admin account.
readOnly SecretReference The secret resource corresponding to the read-only account.
breakglass SecretReference The secret resource corresponding to the breakglass account.

SwitchPort

SwitchPort represents the properties of a switch port.

Appears in: - SwitchStatus

Field Description
index SwitchPortIndexList Ports of different types may have the same index.
speed integer Speed of the switch port in Mbps. 0 means the speed information is unavailable.

SwitchPortIndexList

Underlying type: integer

SwitchPortIndexList represents a list of switch port indices.

Appears in: - CiscoNxOSSwitchPairingConnection - HairpinPortSpec - L2NetworkSpecList - PortChannelSpec - SwitchPort - SwitchPortIndexRange - SwitchPortIndexSet

SwitchPortIndexList

Underlying type: integer

SwitchPortIndexList represents a list of switch port indices.

Appears in: - CiscoNxOSSwitchPairingConnection - HairpinPortSpec - L2NetworkSpecList - PortChannelSpec - SwitchPort - SwitchPortIndexRange - SwitchPortIndexSet

SwitchPortIndexRange

SwitchPortIndexRange represents a range of switch ports.

Appears in: - SwitchPortIndexSet

Field Description
lower SwitchPortIndexList Inclusive lower bound port index.
upper SwitchPortIndexList Exclusive upper bound port index.

SwitchPortIndexSet

SwitchPortIndexSet represents a set of switch port indices.

Appears in: - L2NetworkSpecList

Field Description
ranges SwitchPortIndexRange array
list SwitchPortIndexList

SwitchPortInterface

SwitchPortInterface represents a physical port based on its subset identifiers

Appears in: - FirewallHairpinLinkSpec - HairpinLink - InterconnectLinkSpec - RoutedPortSpec

Field Description
slot integer SlotID represents the identifier of a connected switch slot. If no value is provided, defaults to 1
port integer The index of a switch port in the provided chassis and slot IDs
subInterface integer The sub-interface of the switch port. This field is mutually exclusive with SplitInterface and only first 12 bits are used. If no value is provided, defaults to 0
splitInterface integer The sub-interface of the switch port. This field is mutually exclusive with SubInterface and only first 12 bits are used. If no value is provided, defaults to 0

SwitchStaticConfig

SwitchStaticConfig represents the static configurations on a single switch.

Appears in: - SwitchStaticConfigList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SwitchStaticConfig
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SwitchStaticConfigSpec
status SwitchStaticConfigStatus

SwitchStaticConfigList

SwitchStaticConfigList represents a collections of switch static config.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string SwitchStaticConfigList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items SwitchStaticConfig

SwitchStaticConfigSpec

SwitchStaticConfigSpec provides the specification of the static config of a switch.

Appears in: - SwitchStaticConfig

Field Description
config string Contents of the static config.

SwitchStatus

SwitchStatus provides the status applicable to all switch types.

Appears in: - AggSwitchStatus - ManagementAggSwitchStatus - ManagementSwitchStatus - TORSwitchStatus

Field Description
modelNumber string Model number of the switch, e.g. N9K-C93108TC-FX.
osVersion string OS version of the switch, e.g. NXOS 9.3(3).
lastUpdateTimestamp Time Timestamp of the last running configuration update.
managementPorts SwitchPort array Management ports on the switch.
frontPorts SwitchPort array Front ports on the switch.
uplinks RoutedPortSpec Uplinks of the switch.
alerts Alerts Alerts contain a list of detected system alerts. An alert will be added when it is firing, and removed when it is cleared.

TORSwitch

TORSwitch represents a TOR switch in the data network.

Appears in: - TORSwitchList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string TORSwitch
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec TORSwitchSpec
status TORSwitchStatus

TORSwitchList

TORSwitchList represent a collection of TOR switches.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string TORSwitchList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items TORSwitch

TORSwitchSpec

TORSwitchSpec provides the specification of a TOR switch.

Appears in: - TORSwitch

Field Description
hardware DeviceSystemSpec
managementIP IPAddressString ManagementIP describes the IP address assigned for the management port of a TOR switch. It has to be accessible before the rest of the specification get configured.
switchCredentials SwitchCredentials SwitchCredentials holds references to the Secret objects that contain the admin, read-only, and breakglass credentials of the switch.

TORSwitchStatus

Appears in: - TORSwitch

Field Description
conditions Condition array Conditions contains information about the state of the TOR switch. Condition types: - Ready: Indicates that the TOR switch is ready for use
switchStatus SwitchStatus

TimeSyncClientStatus

TimeSyncClientStatus describes a time sync client's status.

Appears in: - ServerTimeSyncStatus

Field Description
serverAddresses HostAddress array Addresses of time sync servers that the client syncs time with.
conditions Condition array Latest observations of the client's time sync.

TransferApplianceRequest

TransferApplianceRequest represents a request for transfer appliance.

Appears in: - TransferApplianceRequestList

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string TransferApplianceRequest
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec TransferApplianceRequestSpec
status TransferApplianceRequestStatus

TransferApplianceRequestList

TransferApplianceRequestList represents a collection of TransferApplianceRequests.

Field Description
apiVersion string system.private.gdc.goog/v1alpha1
kind string TransferApplianceRequestList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items TransferApplianceRequest

TransferApplianceRequestSpec

TransferApplianceRequestSpec provides the specification of a transfer appliance request.

Appears in: - TransferApplianceRequest

Field Description
contact string Contact is the email address of the contact.
amountInTB integer AmountInTB is the amount of data to move in TB.
domain string Domain is the business domain name.
fromLocation string FromLocation is the current local of data to move from.
account string Account is the Google account that requests the transfer appliance.
username string Username is the name of the user who initiates the request.
projectID string ProjectID is the user's project ID.
projectNumber string ProjectNumber is the user's project number.

TransferApplianceRequestState

Underlying type: string

Appears in: - TransferApplianceRequestStatus

TransferApplianceRequestStatus

TransferApplianceRequestStatus represents the current status of the transfer appliance request.

Appears in: - TransferApplianceRequest

Field Description
state TransferApplianceRequestState
reason string

UpgradeState

Underlying type: string

The upgrade status of an OSUpgrade object or of a upgrade task running on a machine.

Appears in: - OSUpgradeStatus - UpgradeTask

UpgradeTask

UpgradeTask includes the upgrade task information of an OSArtifactSnapshot.

Appears in: - OSUpgradeStatus

Field Description
snapshotRef LocalObjectReference Reference to the OSArtifactSnapshot.
taskStatus UpgradeState TaskStatus shows the status of the upgrade task on the OSArtifactSnapshot.
jobRef LocalObjectReference Reference to the job running the upgrade.

VLANID

Underlying type: integer

VLANID represents the id of a particular VLAN.

Appears in: - FirewallHairpinLinkSpec - HairpinBGPSession - InterconnectSessionSpec - StaticNetworkConfig - SubnetClaimStatus

upgrade.private.gdc.goog/v1alpha1

ClusterUpgradeStatus

ClusterUpgradeStatus contains the observed upgrade status for the components within a cluster, e.g. the server OS and firmware upgrades for cluster nodes, the Anthos bare metal cluster upgrade etc.

Appears in: - OrganizationUpgradeStatus

Field Description
anthosBareMetal UpgradeStepStatus AnthosBareMetal represents the observed Anthos bare metal cluster upgrade status.
addOn UpgradeStepStatus AddOn represents the observed AddOn upgrade status.

IDPSApplianceReference

IDPSApplianceReference references a FirewallNode resource.

Appears in: - IDPSSignatureUpdateSpec

Field Description
namespace string Namespace is the namespace of the FirewallNode. Required
name string Name is the name of the FirewallNode. Required

IDPSSignatureUpdate

IDPSSignatureUpdate specifies an upgrade for IDPS signatures on a PANW appliance. At most one IDPSSignatureUpdate should running per PANW appliance.

Appears in: - IDPSSignatureUpdateList

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string IDPSSignatureUpdate
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec IDPSSignatureUpdateSpec
status IDPSSignatureUpdateStatus

IDPSSignatureUpdateList

IDPSSignatureUpdateList represents a collection of IDPSSignatureUpdates.

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string IDPSSignatureUpdateList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items IDPSSignatureUpdate

IDPSSignatureUpdateSpec

IDPSSignatureUpdateSpec defines the desired state of an IDPSSignatureUpdate.

Appears in: - IDPSSignatureUpdate

Field Description
idpsAppliance IDPSApplianceReference
antivirusVersion string
appAndThreatVersion string

IDPSSignatureUpdateStatus

IDPSSignatureUpdateStatus defines the observed state of an IDPSSignatureUpdate.

Appears in: - IDPSSignatureUpdate

Field Description
currentAntivirusVersion string
currentAppAndThreatVersion string
currentJob LocalObjectReference
updateState UpdateState

InFlightConfig

InFlightConfig provides the specification of the concurrent NodeUpgrade.

Appears in: - NodeUpgradeSpec

Field Description
MaxConcurrentNodes integer This threshold will limit the maximum number of nodes running the upgrade concurrently.

NodeUpgrade

NodeUpgrade represents the configurations of upgrade required on a list of nodes.

Appears in: - NodeUpgradeList

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string NodeUpgrade
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec NodeUpgradeSpec
status NodeUpgradeStatus

NodeUpgradeList

NodeUpgradeList represents a collection of NodeUpgrade.

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string NodeUpgradeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items NodeUpgrade

NodeUpgradeSpec

NodeUpgradeSpec provides the specification (i.e., desired state) of NodeUpgrade.

Appears in: - NodeUpgrade

Field Description
nodeType MachineType NodeType is the type of node to upgrade.
nodePoolClaimRef UniversalObjectReference NodePoolClaimRef holds the reference of the NodePoolClaim which claims the nodes. The claim may be requested from the root or org admin clusters. All nodes referenced by the NodePoolClaim will be upgraded with the specification of the NodeUpgrade object.
software SoftwareSpec The specification for upgrading node software.
firmware FirmwareSpec The specification for upgrading node firmware.
inFlightConf InFlightConfig The inflight configurations including concurrency control of node upgrade jobs.

NodeUpgradeStatus

NodeUpgradeStatus provides the status of a NodeUpgrade.

Appears in: - NodeUpgrade

Field Description
upgradeStatus UpgradeState The UpgradeStatus shows the current upgrade status of the NodeUpgrade. If the status is pending, the NodeUpgrade object will be processed. If the status is in-progress, the NodeUpgrade object is being processed. If the status is finished, the NodeUpgrade object has been processed and all nodes finish upgrade.
tasks NodeUpgradeTask array Tasks contain a list of tasks for upgrade on each node.

NodeUpgradeTask

NodeUpgradeTask includes the task information of a NodeUpgrade.

Appears in: - NodeUpgradeStatus

Field Description
name string Name of one node upgrade task.
taskStatus UpgradeState TaskStatus shows the status of the upgrade task on the node.

OSImageInfo

OSImageInfo provides the specification of the OS image to be upgraded to.

Appears in: - SoftwareSpec

Field Description
name string Name provides the name of OS image.
version string Version provides the version of OS image.

OrganizationUpgrade

OrganizationUpgrade represents the configuration of an organization upgrade, such as the current and the target versions as well as the desired time window to apply the upgrades.

Appears in: - OrganizationUpgradeList

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string OrganizationUpgrade
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec OrganizationUpgradeSpec
status OrganizationUpgradeStatus

OrganizationUpgradeList

OrganizationUpgradeList represents a collection of OrganizationUpgrades.

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string OrganizationUpgradeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items OrganizationUpgrade

OrganizationUpgradeSpec

OrganizationUpgradeSpec provides the specification (i.e., desired state) of an OrganizationUpgrade.

Appears in: - OrganizationUpgrade

Field Description
organizationRef LocalObjectReference OrganizationRef contains a reference to the Organization object, to which the upgrade applies.
currentVersion string CurrentVersion has the current version of the organization. The field is immutable.
targetVersion string TargetVersion has the target version of the update. The field is immutable.
timeWindow TimeWindow TimeWindow contains the desired time window to apply the upgrade. The upgrade is deemed expired once it goes past the end time.
skipPreflightCheck boolean SkipPreflightCheck provides an option for infrastructure operators to decide if they want to skip all the preflight checks for the organization upgrade.

OrganizationUpgradeStatus

OrganizationUpgradeStatus provides the observed status of an OrganizationUpgrade.

Appears in: - OrganizationUpgrade

Field Description
conditions Condition Conditions represents the observations of the current upgrade state. Known condition types: Succeeded, AddOnManager, AddOnTemplateConfig.
startTime Time StartTime represents the observed time that the current upgrade starts to make changes, i.e. after the preflight check has successfully finished.
preflightCheck UpgradeStepStatus PreflightCheck represents the observation of the current preflight check state. Optional. The Conditions field provides the current conditions of preflight checks. Known condition types: Succeeded. The StartTime field provides the start time of the current preflight check. It will be updated if any of the conditions are met: - the preflight check addon is about to be deployed. - the preflight check jobs are about to be started or restarted.
adminCluster ClusterUpgradeStatus AdminCluster contains the observed upgrade status for the admin cluster components.
systemCluster ClusterUpgradeStatus SystemCluster contains the observed upgrade status for the system cluster components.

SoftwareSpec

SoftwareSpec provides the specification for software requiring upgrades on nodes.

Appears in: - NodeUpgradeSpec

Field Description
osImage OSImageInfo OSImage represents the information of the os image to be upgraded to.

StorageUpgradeMode

Underlying type: string

Appears in: - StorageUpgradeRequestSpec

StorageUpgradeRequest

StorageUpgradeRequest specifies an upgrade request that targets the storage appliance OS version. For now, it only supports NetApp ONTAP and StorageGrid.

Appears in: - StorageUpgradeRequestList

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string StorageUpgradeRequest
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageUpgradeRequestSpec
status StorageUpgradeRequestStatus

StorageUpgradeRequestList

StorageUpgradeRequestList represents a collection of StorageUpgradeRequests.

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string StorageUpgradeRequestList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items StorageUpgradeRequest

StorageUpgradeRequestSpec

Appears in: - StorageUpgradeRequest

Field Description
storageUpgradeMode StorageUpgradeMode StorageUpgradeMode defines the type of the upgrade. Available types are: Manual, Automated - "Manual" is an upgrade mode where the StorageUpgradeController only checks the Storage system version and upgrade completeness but does not execute any actual pre-flight checks or upgrade commands. It is intended for an external person/controller to do the system upgrade instead. It could be done manually by IO or automatically by a different controller. - "Automated" is an upgrade mode where the StorageUpgradeController orchestrates the entire upgrade process.
storageSystemRef ObjectReference StorageSystemRef specifies the storage system that will be upgraded. Available targets are: StorageCluster, ObjectStorageSite. Available API Types: If the storage system is ONTAP: - Group: ontap.netapp.storage.private.gdc.goog - Kind: StorageCluster If the storage system is StorageGrid: - Group: storagegrid.netapp.storage.private.gdc.goog - Kind: ObjectStorageSite
imageURL string ImageURL specifies the endpoint that points to the OS image object that the storage system can download from. This field is optional. If not set, the storage system will try to automatically discover the storage image from the Artifact Registry. - ONTAP: HTTPS - StorageGrid: TODO
targetVersion string TargetVersion specifies the desired version that the storage system should upgrade to.

StorageUpgradeRequestStatus

StorageUpgradeRequestStatus defines the status of current StorageUpgradeRequest.

Appears in: - StorageUpgradeRequest

Field Description
conditions Condition Conditions are fields contain the current condition for upgrade status It will contain the following condition types: - AllComplete - Qualified - ImageFetchComplete - PreflightCheckComplete - UpgradeStarted - UpgradeComplete - PostflightCheckComplete Only when all other conditions are completed will the "AllComplete" status be set to true.

UpdateState

Underlying type: string

The update status of an IDPSSignatureUpdate object.

Appears in: - IDPSSignatureUpdateStatus

UpgradeState

Underlying type: string

The upgrade status of a NodeUpgrade object or of a upgrade task running on a node.

Appears in: - NodeUpgradeStatus - NodeUpgradeTask

UpgradeStepStatus

UpgradeStepStatus represents the current status of a upgrade step.

Appears in: - ClusterUpgradeStatus - OrganizationUpgradeStatus - UserClusterUpgradeStatus

Field Description
conditions Condition Conditions represents the observed status of the upgrade step.
startTime Time StartTime represents the start time of the upgrade step.

UserClusterUpgrade

UserClusterUpgrade represents the configuration of a user cluster upgrade, such as the current and the target versions.

Appears in: - UserClusterUpgradeList

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string UserClusterUpgrade
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec UserClusterUpgradeSpec
status UserClusterUpgradeStatus

UserClusterUpgradeList

UserClusterUpgradeList represents a collection of UserClusterUpgrades.

Field Description
apiVersion string upgrade.private.gdc.goog/v1alpha1
kind string UserClusterUpgradeList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items UserClusterUpgrade

UserClusterUpgradeSpec

UserClusterUpgradeSpec provides the specification (i.e., desired state) of a UserClusterUpgrade.

Appears in: - UserClusterUpgrade

Field Description
clusterRef LocalObjectReference ClusterRef contains a reference to the ABM Cluster object, to which the upgrade applies.
currentVersion string CurrentVersion has the current version of the user cluster. The field is immutable.
targetVersion string TargetVersion has the target version of the upgrade. The field is immutable.

UserClusterUpgradeStatus

UserClusterUpgradeStatus provides the observed status of a UserClusterUpgrade and the components within the UserCluster, e.g. the node upgrades, the Anthos bare metal cluster upgrade etc.

Appears in: - UserClusterUpgrade

Field Description
conditions Condition Conditions represents the observations of the current upgrade state. Known condition types: Succeeded.
startTime Time StartTime represents the observed start time for the current upgrade.
nodeUpgrade UpgradeStepStatus NodeUpgrade represents the observed nodes upgrade status.
anthosBareMetal UpgradeStepStatus AnthosBareMetal represents the observed Anthos bare metal cluster upgrade status.
addOn UpgradeStepStatus AddOn represents the observed AddOn upgrade status.