{ "description": "OCICluster is the Schema for the ociclusters API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "OCIClusterSpec defines the desired state of OciCluster", "properties": { "availabilityDomains": { "additionalProperties": { "description": "OCIAvailabilityDomain contains information about an Availability Domain (AD).", "properties": { "faultDomains": { "description": "FaultDomains a list of fault domain (FD) names. Example: [\"FAULT-DOMAIN-1\"]", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name is the AD's full name. Example: Uocm:PHX-AD-1", "type": "string" } }, "type": "object", "additionalProperties": false }, "description": "AvailabilityDomains encapsulates the clusters Availability Domain (AD) information in a map where the map key is the AD name and the struct is details about the AD.", "type": "object" }, "clientOverrides": { "description": "ClientOverrides allows the default client SDK URLs to be changed.", "nullable": true, "properties": { "certOverride": { "description": "CertOverride is a secret that contains information about a cert override used by all the OCI SDK clients. The secret must contain data with a `cert`property.", "nullable": true, "properties": { "name": { "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "computeClientUrl": { "description": "ComputeClientUrl allows the default compute SDK client URL to be changed.", "nullable": true, "type": "string" }, "computeManagementClientUrl": { "description": "ComputeManagementClientUrl allows the default compute management SDK client URL to be changed.", "nullable": true, "type": "string" }, "containerEngineClientUrl": { "description": "ContainerEngineClientUrl allows the default container engine SDK client URL to be changed.", "nullable": true, "type": "string" }, "identityClientUrl": { "description": "IdentityClientUrl allows the default identity SDK client URL to be changed.", "nullable": true, "type": "string" }, "loadBalancerClientUrl": { "description": "LoadBalancerClientUrl allows the default load balancer SDK client URL to be changed.", "nullable": true, "type": "string" }, "networkLoadBalancerClientUrl": { "description": "NetworkLoadBalancerClientUrl allows the default NLB SDK client URL to be changed.", "nullable": true, "type": "string" }, "vCNClientUrl": { "description": "VCNClientUrl allows the default vcn SDK client URL to be changed.", "nullable": true, "type": "string" }, "workrequestClientUrl": { "description": "WorkrequestClientUrl allows the default work request SDK client URL to be changed.", "nullable": true, "type": "string" } }, "type": "object", "additionalProperties": false }, "compartmentId": { "description": "Compartment to create the cluster network.", "type": "string" }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "definedTags": { "additionalProperties": { "additionalProperties": { "type": "string" }, "type": "object" }, "description": "Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`", "type": "object" }, "freeformTags": { "additionalProperties": { "type": "string" }, "description": "Free-form tags for this resource.", "type": "object" }, "identityRef": { "description": "IdentityRef is a reference to an identity(principal) to be used when reconciling this cluster", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "fieldPath": { "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "networkSpec": { "description": "NetworkSpec encapsulates all things related to OCI network.", "properties": { "apiServerLoadBalancer": { "description": "API Server LB configuration.", "properties": { "loadBalancerId": { "description": "ID of Load Balancer.", "type": "string" }, "loadBalancerType": { "description": "Type of Load Balancer: NLB (default) or LBaaS.", "type": "string" }, "name": { "description": "LoadBalancer Name.", "type": "string" }, "nlbSpec": { "description": "The NLB Spec", "properties": { "backendSetDetails": { "description": "BackendSetDetails specifies the configuration of a network load balancer backend set.", "properties": { "healthChecker": { "description": "If enabled existing connections will be forwarded to an alternative healthy backend as soon as current backend becomes unhealthy.", "properties": { "urlPath": { "description": "The path against which to run the health check. Example: `/healthcheck` Default value is `/healthz`", "type": "string" } }, "type": "object", "additionalProperties": false }, "isFailOpen": { "description": "If enabled, the network load balancer will continue to distribute traffic in the configured distribution in the event all backends are unhealthy. The value is false by default.", "type": "boolean" }, "isInstantFailoverEnabled": { "description": "If enabled existing connections will be forwarded to an alternative healthy backend as soon as current backend becomes unhealthy.", "type": "boolean" }, "isPreserveSource": { "description": "If this parameter is enabled, then the network load balancer preserves the source IP of the packet when it is forwarded to backends. Backends see the original source IP. If the isPreserveSourceDestination parameter is enabled for the network load balancer resource, then this parameter cannot be disabled. The value is false by default.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "skipNetworkManagement": { "description": "SkipNetworkManagement defines if the networking spec(VCN related) specified by the user needs to be reconciled(actioned-upon) or used as it is. APIServerLB will still be reconciled.", "type": "boolean" }, "vcn": { "description": "VCN configuration.", "properties": { "cidr": { "description": "VCN CIDR. Deprecated, please use NetworkDetails.cidrs", "type": "string" }, "cidrs": { "description": "VCN CIDRs.", "items": { "type": "string" }, "type": "array" }, "dnsLabel": { "description": "DnsLabel specifies a DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example, `bminstance1.subnet123.vcn1.oraclevcn.com`).", "type": "string" }, "id": { "description": "VCN OCID.", "type": "string" }, "internetGateway": { "description": "Configuration for Internet Gateway.", "properties": { "id": { "description": "ID of Internet Gateway.", "type": "string" }, "skip": { "description": "Skip specifies whether to skip creating internet gateway even if any one Subnet is public.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "name": { "description": "VCN Name.", "type": "string" }, "natGateway": { "description": "Configuration for NAT Gateway.", "properties": { "id": { "description": "ID of Nat Gateway.", "type": "string" }, "skip": { "description": "Skip specifies whether to skip creating NAT gateway even if any one Subnet is private.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "networkSecurityGroup": { "description": "Configuration for NSG management.", "properties": { "list": { "description": "NetworkSecurityGroup is the configuration for the Network Security Groups required in the VCN.", "items": { "description": "NSG defines configuration for a Network Security Group. https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/networksecuritygroups.htm", "properties": { "egressRules": { "description": "EgressRules on the NSG.", "items": { "description": "EgressSecurityRuleForNSG is EgressSecurityRule for NSG.", "properties": { "egressRule": { "description": "EgressSecurityRule A rule for allowing outbound IP packets.", "properties": { "description": { "description": "An optional description of your choice for the rule.", "type": "string" }, "destination": { "description": "Conceptually, this is the range of IP addresses that a packet originating from the instance can go to. Allowed values: * IP address range in CIDR notation. For example: `192.168.1.0/24` or `2001:0db8:0123:45::/56` Note that IPv6 addressing is currently supported only in certain regions. See IPv6 Addresses (https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). * The `cidrBlock` value for a Service, if you're setting up a security list rule for traffic destined for a particular `Service` through a service gateway. For example: `oci-phx-objectstorage`.", "type": "string" }, "destinationType": { "description": "Type of destination for the rule. The default is `CIDR_BLOCK`. Allowed values: * `CIDR_BLOCK`: If the rule's `destination` is an IP address range in CIDR notation. * `SERVICE_CIDR_BLOCK`: If the rule's `destination` is the `cidrBlock` value for a Service (the rule is for traffic destined for a particular `Service` through a service gateway). * `NETWORK_SECURITY_GROUP`: If the rule's `destination` is the OCID (https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of a NetworkSecurityGroup.", "type": "string" }, "icmpOptions": { "description": "IcmpOptions Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - ICMP Parameters (http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - ICMPv6 Parameters (https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 (\"Destination Unreachable\") code 4 (\"Fragmentation Needed and Don't Fragment was Set\"). If you need to specify multiple codes for a single type, create a separate security list rule for each.", "properties": { "code": { "description": "The ICMP code (optional).", "type": "integer" }, "type": { "description": "The ICMP type.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "isStateless": { "description": "A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.", "type": "boolean" }, "protocol": { "description": "The transport protocol. Specify either `all` or an IPv4 protocol number as defined in Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP (\"1\"), TCP (\"6\"), UDP (\"17\"), and ICMPv6 (\"58\").", "type": "string" }, "tcpOptions": { "description": "TcpOptions Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "udpOptions": { "description": "UdpOptions Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "NSG OCID.", "type": "string" }, "ingressRules": { "description": "IngressRules on the NSG.", "items": { "description": "IngressSecurityRuleForNSG is IngressSecurityRule for NSG", "properties": { "ingressRule": { "description": "IngressSecurityRule A rule for allowing inbound IP packets.", "properties": { "description": { "description": "An optional description of your choice for the rule.", "type": "string" }, "icmpOptions": { "description": "IcmpOptions Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - ICMP Parameters (http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - ICMPv6 Parameters (https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 (\"Destination Unreachable\") code 4 (\"Fragmentation Needed and Don't Fragment was Set\"). If you need to specify multiple codes for a single type, create a separate security list rule for each.", "properties": { "code": { "description": "The ICMP code (optional).", "type": "integer" }, "type": { "description": "The ICMP type.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "isStateless": { "description": "A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if ingress traffic allows TCP destination port 80, there should be an egress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.", "type": "boolean" }, "protocol": { "description": "The transport protocol. Specify either `all` or an IPv4 protocol number as defined in Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP (\"1\"), TCP (\"6\"), UDP (\"17\"), and ICMPv6 (\"58\").", "type": "string" }, "source": { "description": "Conceptually, this is the range of IP addresses that a packet coming into the instance can come from. Allowed values: * IP address range in CIDR notation. For example: `192.168.1.0/24` or `2001:0db8:0123:45::/56`. IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses (https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). * The `cidrBlock` value for a Service, if you're setting up a security list rule for traffic coming from a particular `Service` through a service gateway. For example: `oci-phx-objectstorage`.", "type": "string" }, "sourceType": { "description": "Type of source for the rule. The default is `CIDR_BLOCK`. * `CIDR_BLOCK`: If the rule's `source` is an IP address range in CIDR notation. * `SERVICE_CIDR_BLOCK`: If the rule's `source` is the `cidrBlock` value for a Service (the rule is for traffic coming from a particular `Service` through a service gateway). * `NETWORK_SECURITY_GROUP`: If the rule's `destination` is the OCID (https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of a NetworkSecurityGroup.", "type": "string" }, "tcpOptions": { "description": "TcpOptions Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "udpOptions": { "description": "UdpOptions Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "description": "NSG Name.", "type": "string" }, "role": { "description": "Role defines the NSG role (eg. control-plane, control-plane-endpoint, service-lb, worker).", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "skip": { "description": "Skip specifies whether to skip creating network security groups.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "routeTable": { "description": "Configuration for Route table.", "properties": { "privateRouteTableId": { "description": "ID of Private Route Table.", "type": "string" }, "publicRouteTableId": { "description": "ID of Public Route Table.", "type": "string" }, "skip": { "description": "Skip specifies whether to skip creating Route table.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "serviceGateway": { "description": "Configuration for Service Gateway.", "properties": { "id": { "description": "ID of Service Gateway.", "type": "string" }, "skip": { "description": "Skip specifies whether to skip creating Service gateway.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "subnets": { "description": "Subnets is the configuration for subnets required in the VCN.", "items": { "description": "Subnet defines the configuration for a network's subnet https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingVCNs_topic-Overview_of_VCNs_and_Subnets.htm#Overview", "properties": { "cidr": { "description": "Subnet CIDR.", "type": "string" }, "dnsLabel": { "description": "DnsLabel DNS label for the subnet, used in conjunction with the VNIC's hostname and VCN's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example, `bminstance1.subnet123.vcn1.oraclevcn.com`).", "type": "string" }, "id": { "description": "Subnet OCID.", "type": "string" }, "name": { "description": "Subnet Name.", "type": "string" }, "role": { "description": "Role defines the subnet role (eg. control-plane, control-plane-endpoint, service-lb, worker).", "type": "string" }, "securityList": { "description": "The security list associated with Subnet.", "properties": { "egressRules": { "description": "EgressRules on the SecurityList.", "items": { "description": "EgressSecurityRule A rule for allowing outbound IP packets.", "properties": { "description": { "description": "An optional description of your choice for the rule.", "type": "string" }, "destination": { "description": "Conceptually, this is the range of IP addresses that a packet originating from the instance can go to. Allowed values: * IP address range in CIDR notation. For example: `192.168.1.0/24` or `2001:0db8:0123:45::/56` Note that IPv6 addressing is currently supported only in certain regions. See IPv6 Addresses (https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). * The `cidrBlock` value for a Service, if you're setting up a security list rule for traffic destined for a particular `Service` through a service gateway. For example: `oci-phx-objectstorage`.", "type": "string" }, "destinationType": { "description": "Type of destination for the rule. The default is `CIDR_BLOCK`. Allowed values: * `CIDR_BLOCK`: If the rule's `destination` is an IP address range in CIDR notation. * `SERVICE_CIDR_BLOCK`: If the rule's `destination` is the `cidrBlock` value for a Service (the rule is for traffic destined for a particular `Service` through a service gateway). * `NETWORK_SECURITY_GROUP`: If the rule's `destination` is the OCID (https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of a NetworkSecurityGroup.", "type": "string" }, "icmpOptions": { "description": "IcmpOptions Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - ICMP Parameters (http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - ICMPv6 Parameters (https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 (\"Destination Unreachable\") code 4 (\"Fragmentation Needed and Don't Fragment was Set\"). If you need to specify multiple codes for a single type, create a separate security list rule for each.", "properties": { "code": { "description": "The ICMP code (optional).", "type": "integer" }, "type": { "description": "The ICMP type.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "isStateless": { "description": "A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.", "type": "boolean" }, "protocol": { "description": "The transport protocol. Specify either `all` or an IPv4 protocol number as defined in Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP (\"1\"), TCP (\"6\"), UDP (\"17\"), and ICMPv6 (\"58\").", "type": "string" }, "tcpOptions": { "description": "TcpOptions Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "udpOptions": { "description": "UdpOptions Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "ID of the SecurityList.", "type": "string" }, "ingressRules": { "description": "IngressRules on the SecurityList.", "items": { "description": "IngressSecurityRule A rule for allowing inbound IP packets.", "properties": { "description": { "description": "An optional description of your choice for the rule.", "type": "string" }, "icmpOptions": { "description": "IcmpOptions Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - ICMP Parameters (http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - ICMPv6 Parameters (https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 (\"Destination Unreachable\") code 4 (\"Fragmentation Needed and Don't Fragment was Set\"). If you need to specify multiple codes for a single type, create a separate security list rule for each.", "properties": { "code": { "description": "The ICMP code (optional).", "type": "integer" }, "type": { "description": "The ICMP type.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "isStateless": { "description": "A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if ingress traffic allows TCP destination port 80, there should be an egress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.", "type": "boolean" }, "protocol": { "description": "The transport protocol. Specify either `all` or an IPv4 protocol number as defined in Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP (\"1\"), TCP (\"6\"), UDP (\"17\"), and ICMPv6 (\"58\").", "type": "string" }, "source": { "description": "Conceptually, this is the range of IP addresses that a packet coming into the instance can come from. Allowed values: * IP address range in CIDR notation. For example: `192.168.1.0/24` or `2001:0db8:0123:45::/56`. IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses (https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). * The `cidrBlock` value for a Service, if you're setting up a security list rule for traffic coming from a particular `Service` through a service gateway. For example: `oci-phx-objectstorage`.", "type": "string" }, "sourceType": { "description": "Type of source for the rule. The default is `CIDR_BLOCK`. * `CIDR_BLOCK`: If the rule's `source` is an IP address range in CIDR notation. * `SERVICE_CIDR_BLOCK`: If the rule's `source` is the `cidrBlock` value for a Service (the rule is for traffic coming from a particular `Service` through a service gateway). * `NETWORK_SECURITY_GROUP`: If the rule's `destination` is the OCID (https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of a NetworkSecurityGroup.", "type": "string" }, "tcpOptions": { "description": "TcpOptions Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "udpOptions": { "description": "UdpOptions Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.", "properties": { "destinationPortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourcePortRange": { "description": "PortRange The representation of PortRange.", "properties": { "max": { "description": "The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.", "type": "integer" }, "min": { "description": "The minimum port number, which must not be greater than the maximum port number.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "description": "SecurityList Name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": { "description": "Type defines the subnet type (e.g. public, private).", "type": "string" } }, "required": [ "name", "role" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "type": "object", "additionalProperties": false }, "vcnPeering": { "description": "VCNPeering configuration.", "properties": { "drg": { "description": "DRG configuration refers to the DRG which has to be created if required. If management cluster and workload cluster shares the same DRG, this fields is not required to be specified.", "properties": { "id": { "description": "ID is the OCID for the created DRG.", "type": "string" }, "manage": { "description": "Manage defines whether the DRG has to be managed(including create). If set to false(the default) the ID has to be specified by the user to a valid DRG ID to which the VCN has to be attached.", "type": "boolean" }, "name": { "description": "Name is the name of the created DRG.", "type": "string" }, "vcnAttachmentId": { "description": "VcnAttachmentId is the ID of the VCN attachment of the DRG. The workload cluster VCN can be attached to either the management cluster VCN if they are sharing the same DRG or to the workload cluster DRG.", "type": "string" } }, "type": "object", "additionalProperties": false }, "peerRouteRules": { "description": "PeerRouteRules defines the routing rules which will be added to the private route tables of the workload cluster VCN. The routes defined here will be directed to DRG.", "items": { "description": "PeerRouteRule defines a Route Rule to be routed via a DRG.", "properties": { "vcnCIDRRange": { "description": "VCNCIDRRange is the CIDR Range of peer VCN to which the workload cluster VCN will be peered. The CIDR range is required to add the route rule in the workload cluster VCN, the route rule will forward any traffic to the CIDR to the DRG.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remotePeeringConnections": { "description": "RemotePeeringConnections defines the RPC connections which be established with the workload cluster DRG.", "items": { "description": "RemotePeeringConnection is used to peer VCNs residing in different regions(typically). Remote VCN Peering is explained here - https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/remoteVCNpeering.htm", "properties": { "managePeerRPC": { "description": "ManagePeerRPC will define if the Peer VCN needs to be managed. If set to true a Remote Peering Connection will be created in the Peer DRG and the connection will be created between local and peer RPC.", "type": "boolean" }, "name": { "description": "A unique name identifying the RPC, please note this is to identify the RPC from other RPC elements, and will not be used in any OCI API call.", "type": "string" }, "peerDRGId": { "description": "PeerDRGId defines the DRG ID of the peer.", "type": "string" }, "peerRPCConnectionId": { "description": "PeerRPCConnectionId defines the RPC ID of peer. If ManagePeerRPC is set to true this will be created by Cluster API Provider for OCI, otherwise this has be defined by the user.", "type": "string" }, "peerRegionName": { "description": "PeerRegionName defined the region name of Peer VCN.", "type": "string" }, "rpcConnectionId": { "description": "RPCConnectionId is the connection ID of the connection between peer and local RPC.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "ociResourceIdentifier": { "description": "The unique ID which will be used to tag all the resources created by this Cluster. The tag will be used to identify resources belonging to this cluster. this will be auto-generated and should not be set by the user.", "type": "string" }, "region": { "description": "Region the cluster operates in. It must be one of available regions in Region Identifier format. See https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "OCIClusterStatus defines the observed state of OCICluster", "properties": { "conditions": { "description": "NetworkSpec encapsulates all things related to OCI network.", "items": { "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, "required": [ "lastTransitionTime", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "failureDomains": { "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.", "properties": { "attributes": { "additionalProperties": { "type": "string" }, "description": "Attributes is a free form map of attributes an infrastructure provider might use or require.", "type": "object" }, "controlPlane": { "description": "ControlPlane determines if this failure domain is suitable for use by control plane machines.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "FailureDomains is a slice of FailureDomains.", "type": "object" }, "ready": { "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object" }