{ "description": "LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "LoadBalancerConfigurationSpec defines the desired state of LoadBalancerConfiguration", "properties": { "customerOwnedIpv4Pool": { "description": "customerOwnedIpv4Pool [Application LoadBalancer]\nis the ID of the customer-owned address for Application Load Balancers on Outposts pool.", "type": "string" }, "disableSecurityGroup": { "description": "disableSecurityGroup provisions a load balancer with no security groups.\nAllows an NLB to be provisioned with no security groups.\n[Network Load Balancer]", "type": "boolean" }, "enableICMP": { "description": "EnableICMP [Network LoadBalancer]\nenables the creation of security group rules to the managed security group\nto allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs", "type": "boolean" }, "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { "description": "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.", "type": "string" }, "ipAddressType": { "description": "loadBalancerIPType defines what kind of load balancer to provision (ipv4, dual stack)", "enum": [ "ipv4", "dualstack", "dualstack-without-public-ipv4" ], "type": "string" }, "ipv4IPAMPoolId": { "description": "IPv4IPAMPoolId [Application LoadBalancer]\ndefines the IPAM pool ID used for IPv4 Addresses on the ALB.", "type": "string" }, "listenerConfigurations": { "description": "listenerConfigurations is an optional list of configurations for each listener on LB", "items": { "properties": { "alpnPolicy": { "default": "None", "description": "alpnPolicy an optional string that allows you to configure ALPN policies on your Load Balancer", "enum": [ "HTTP1Only", "HTTP2Only", "HTTP2Optional", "HTTP2Preferred", "None" ], "type": "string" }, "certificates": { "description": "certificates is the list of other certificates to add to the listener.", "items": { "type": "string" }, "type": "array" }, "defaultCertificate": { "description": "defaultCertificate the cert arn to be used by default.", "type": "string" }, "listenerAttributes": { "description": "listenerAttributes defines the attributes for the listener", "items": { "description": "ListenerAttribute defines listener attribute.", "properties": { "key": { "description": "The key of the attribute.", "type": "string" }, "value": { "description": "The value of the attribute.", "type": "string" } }, "required": [ "key", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "mutualAuthentication": { "description": "mutualAuthentication defines the mutual authentication configuration information.", "properties": { "advertiseTrustStoreCaNames": { "description": "Indicates whether trust store CA certificate names are advertised.", "enum": [ "on", "off" ], "type": "string" }, "ignoreClientCertificateExpiry": { "description": "Indicates whether expired client certificates are ignored.", "type": "boolean" }, "mode": { "description": "The client certificate handling method. Options are off, passthrough or verify", "enum": [ "off", "passthrough", "verify" ], "type": "string" }, "trustStore": { "description": "The Name or ARN of the trust store.", "type": "string" } }, "required": [ "mode" ], "type": "object", "x-kubernetes-validations": [ { "message": "trustStore is required when mutualAuthentication mode is 'verify'", "rule": "!(self.mode == 'verify' && !has(self.trustStore))" }, { "message": "Mutual Authentication mode 'off' or 'passthrough' does not support 'trustStore'", "rule": "!(self.mode != 'verify' && has(self.trustStore))" }, { "message": "Mutual Authentication mode 'off' or 'passthrough' does not support 'ignoreClientCertificateExpiry'", "rule": "!(self.mode != 'verify' && has(self.ignoreClientCertificateExpiry))" }, { "message": "Mutual Authentication mode 'off' or 'passthrough' does not support 'advertiseTrustStoreCaNames'", "rule": "!(self.mode != 'verify' && has(self.advertiseTrustStoreCaNames))" } ], "additionalProperties": false }, "protocolPort": { "description": "protocolPort is identifier for the listener on load balancer. It should be of the form PROTOCOL:PORT", "pattern": "^(HTTP|HTTPS|TLS|TCP|UDP|TCP_UDP)?:(6553[0-5]|655[0-2]\\d|65[0-4]\\d{2}|6[0-4]\\d{3}|[1-5]\\d{4}|[1-9]\\d{0,3})?$", "type": "string" }, "quicEnabled": { "description": "quicEnabled enables QUIC protocol support for UDP listeners. When enabled, UDP listeners will be upgraded to QUIC protocol.", "type": "boolean" }, "sslPolicy": { "description": "sslPolicy is the security policy that defines which protocols and ciphers are supported for secure listeners [HTTPS or TLS listener].", "type": "string" }, "targetGroupStickiness": { "description": "targetGroupStickiness [Network LoadBalancer] enables sticky routing for requests when using a listener configured with weighted target groups.", "type": "boolean" } }, "required": [ "protocolPort" ], "type": "object", "additionalProperties": false }, "type": "array" }, "loadBalancerAttributes": { "description": "LoadBalancerAttributes defines the attribute of LB", "items": { "description": "LoadBalancerAttribute defines LB attribute.", "properties": { "key": { "description": "The key of the attribute.", "type": "string" }, "value": { "description": "The value of the attribute.", "type": "string" } }, "required": [ "key", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "loadBalancerName": { "description": "loadBalancerName defines the name of the LB to provision. If unspecified, it will be automatically generated.", "maxLength": 32, "minLength": 1, "type": "string" }, "loadBalancerSubnets": { "description": "loadBalancerSubnets is an optional list of subnet configurations to be used in the LB\nThis value takes precedence over loadBalancerSubnetsSelector if both are selected.", "items": { "description": "SubnetConfiguration defines the subnet settings for a Load Balancer.", "properties": { "eipAllocation": { "description": "eipAllocation [Network LoadBalancer] the EIP name for this subnet.", "type": "string" }, "identifier": { "description": "identifier [Application LoadBalancer / Network LoadBalancer] name or id for the subnet", "type": "string" }, "ipv6Allocation": { "description": "IPv6Allocation [Network LoadBalancer] the ipv6 address to assign to this subnet.", "type": "string" }, "privateIPv4Allocation": { "description": "privateIPv4Allocation [Network LoadBalancer] the private ipv4 address to assign to this subnet.", "type": "string" }, "sourceNatIPv6Prefix": { "description": "SourceNatIPv6Prefix [Network LoadBalancer] The IPv6 prefix to use for source NAT. Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or auto_assigned to use an IPv6 prefix selected at random from the subnet CIDR block.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "loadBalancerSubnetsSelector": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each\ntag specified in the map key contains one of the values in the corresponding\nvalue list.", "type": "object" }, "manageBackendSecurityGroupRules": { "description": "ManageBackendSecurityGroupRules [Application / Network LoadBalancer]\nspecifies whether you want the controller to configure security group rules on Node/Pod for traffic access\nwhen you specify securityGroups", "type": "boolean" }, "mergingMode": { "description": "mergingMode defines the merge behavior when both the Gateway and GatewayClass have a defined LoadBalancerConfiguration.\nThis field is only honored for the configuration attached to the GatewayClass.", "enum": [ "prefer-gateway", "prefer-gateway-class" ], "type": "string" }, "minimumLoadBalancerCapacity": { "description": "MinimumLoadBalancerCapacity define the capacity reservation for LoadBalancers", "properties": { "capacityUnits": { "description": "The Capacity Units Value.", "format": "int32", "type": "integer" } }, "required": [ "capacityUnits" ], "type": "object", "additionalProperties": false }, "scheme": { "description": "scheme defines the type of LB to provision. If unspecified, it will be automatically inferred.", "enum": [ "internal", "internet-facing" ], "type": "string" }, "securityGroupPrefixes": { "description": "securityGroupPrefixes an optional list of prefixes that are allowed to access the LB.", "items": { "type": "string" }, "type": "array" }, "securityGroups": { "description": "securityGroups an optional list of security group ids or names to apply to the LB", "items": { "type": "string" }, "type": "array" }, "shieldConfiguration": { "description": "ShieldAdvanced define the AWS Shield settings for a Gateway [Application Load Balancer]", "properties": { "enabled": { "description": "Enabled whether Shield Advanced should be configured with the Gateway", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "sourceRanges": { "description": "sourceRanges an optional list of CIDRs that are allowed to access the LB.", "items": { "type": "string" }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags the AWS Tags on all related resources to the gateway.", "type": "object" }, "wafV2": { "description": "WAFv2 define the AWS WAFv2 settings for a Gateway [Application Load Balancer]", "properties": { "webACL": { "description": "ACL The WebACL to configure with the Gateway", "type": "string" } }, "required": [ "webACL" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "status": { "description": "LoadBalancerConfigurationStatus defines the observed state of TargetGroupBinding", "properties": { "observedGatewayClassConfigurationGeneration": { "description": "The generation of the Gateway Configuration attached to the GatewayClass object.", "format": "int64", "type": "integer" }, "observedGatewayConfigurationGeneration": { "description": "The generation of the Gateway Configuration attached to the Gateway object.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object" }