{ "properties": { "apiVersion": { "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "kind": { "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "cloudLoggingConfig": { "description": "Cloud logging configuration.", "properties": { "enableLogging": { "description": "If set, enable query logging for this ManagedZone. False by default, making logging opt-in.", "type": "boolean" } }, "required": [ "enableLogging" ], "type": "object", "additionalProperties": false }, "description": { "description": "A textual description field. Defaults to 'Managed by Config Connector'.", "type": "string" }, "dnsName": { "description": "Immutable. The DNS name of this managed zone, for instance \"example.com.\".", "type": "string" }, "dnssecConfig": { "description": "DNSSEC configuration.", "properties": { "defaultKeySpecs": { "description": "Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.", "items": { "properties": { "algorithm": { "description": "String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"].", "type": "string" }, "keyLength": { "description": "Length of the keys in bits.", "type": "integer" }, "keyType": { "description": "Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"].", "type": "string" }, "kind": { "description": "Identifies what kind of resource this is.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "kind": { "description": "Identifies what kind of resource this is.", "type": "string" }, "nonExistence": { "description": "Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"].", "type": "string" }, "state": { "description": "Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"].", "type": "string" } }, "type": "object", "additionalProperties": false }, "forwardingConfig": { "description": "The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.", "properties": { "targetNameServers": { "description": "List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.", "items": { "properties": { "forwardingPath": { "description": "Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"].", "type": "string" }, "ipv4Address": { "description": "IPv4 address of a target name server.", "type": "string" } }, "required": [ "ipv4Address" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "targetNameServers" ], "type": "object", "additionalProperties": false }, "peeringConfig": { "description": "The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.", "properties": { "targetNetwork": { "description": "The network with which to peer.", "properties": { "networkRef": { "description": "VPC network to forward queries to.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "networkRef" ], "type": "object", "additionalProperties": false } }, "required": [ "targetNetwork" ], "type": "object", "additionalProperties": false }, "privateVisibilityConfig": { "description": "For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.", "properties": { "gkeClusters": { "description": "The list of Google Kubernetes Engine clusters that can see this zone.", "items": { "properties": { "gkeClusterNameRef": { "description": "The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: The `selfLink` field of a `ContainerCluster` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "gkeClusterNameRef" ], "type": "object", "additionalProperties": false }, "type": "array" }, "networks": { "items": { "properties": { "networkRef": { "description": "VPC network to bind to.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "networkRef" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "resourceID": { "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", "type": "string" }, "reverseLookup": { "description": "Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse\nlookup queries using automatically configured records for VPC resources. This only applies\nto networks listed under 'private_visibility_config'.", "type": "boolean" }, "serviceDirectoryConfig": { "description": "Immutable. The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone.", "properties": { "namespace": { "description": "The namespace associated with the zone.", "properties": { "namespaceUrl": { "description": "The fully qualified or partial URL of the service directory namespace that should be\nassociated with the zone. This should be formatted like\n'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}'\nor simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}'\nIgnored for 'public' visibility zones.", "type": "string" } }, "required": [ "namespaceUrl" ], "type": "object", "additionalProperties": false } }, "required": [ "namespace" ], "type": "object", "additionalProperties": false }, "visibility": { "description": "Immutable. The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"].", "type": "string" } }, "required": [ "dnsName" ], "type": "object", "additionalProperties": false }, "status": { "properties": { "conditions": { "description": "Conditions represent the latest available observation of the resource's current state.", "items": { "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "type": "string" }, "message": { "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status is the status of the condition. Can be True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the condition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "creationTime": { "description": "The time that this resource was created on the server.\nThis is in RFC3339 text format.", "type": "string" }, "managedZoneId": { "description": "Unique identifier for the resource; defined by the server.", "type": "integer" }, "nameServers": { "description": "Delegate your managed_zone to these virtual name servers;\ndefined by the server.", "items": { "type": "string" }, "type": "array" }, "observedGeneration": { "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }