{
  "description": "GatewayConfig is the Schema for the gatewayconfigs API",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": "string"
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": "string"
    },
    "metadata": {
      "type": "object"
    },
    "spec": {
      "description": "GatewayConfigSpec defines the desired state of GatewayConfig",
      "properties": {
        "authLifetime": {
          "description": "AuthLifetime defines the lifetime of \"longterm\" authentication credentials in seconds.",
          "format": "int32",
          "type": "integer"
        },
        "authRef": {
          "description": "Note that externally set credentials override any inline auth credentials (AuthType,\nAuthUsername, etc.): if AuthRef is nonempty then it is expected that the referenced\nSecret exists and *all* authentication credentials are correctly set in the referenced\nSecret (username/password or shared secret). Mixing of credential sources\n(inline/external) is not supported.",
          "properties": {
            "group": {
              "default": "",
              "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.",
              "maxLength": 253,
              "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
              "type": "string"
            },
            "kind": {
              "default": "Secret",
              "description": "Kind is kind of the referent. For example \"Secret\".",
              "maxLength": 63,
              "minLength": 1,
              "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
              "type": "string"
            },
            "name": {
              "description": "Name is the name of the referent.",
              "maxLength": 253,
              "minLength": 1,
              "type": "string"
            },
            "namespace": {
              "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core",
              "maxLength": 63,
              "minLength": 1,
              "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
              "type": "string"
            }
          },
          "required": [
            "name"
          ],
          "type": "object",
          "additionalProperties": false
        },
        "authType": {
          "default": "plaintext",
          "description": "AuthType is the type of the STUN/TURN authentication mechanism.",
          "pattern": "^plaintext|static|longterm|ephemeral|timewindowed$",
          "type": "string"
        },
        "dataplane": {
          "default": "default",
          "description": "Dataplane defines the TURN server to set up for the STUNner Gateways using this\nGatewayConfig. Can be used to select the stunnerd image repo and version or deploy into\nthe host-network namespace.",
          "type": "string"
        },
        "healthCheckEndpoint": {
          "description": "HealthCheckEndpoint is the URI of the form `http://address:port` exposed for external\nHTTP health-checking. A liveness probe responder will be exposed on path `/live` and\nreadiness probe on path `/ready`. The scheme (`http://`) is mandatory, default is to\nenable health-checking at \"http://0.0.0.0:8086\".",
          "type": "string"
        },
        "loadBalancerServiceAnnotations": {
          "additionalProperties": {
            "type": "string"
          },
          "description": "LoadBalancerServiceAnnotations is a list of annotations that will go into the\nLoadBalancer services created automatically by the operator to wrap Gateways.\n\nNOTE: removing annotations from a GatewayConfig will not result in the removal of the\ncorresponding annotations from the LoadBalancer service, in order to prevent the\naccidental removal of an annotation installed there by Kubernetes or the cloud\nprovider. If you really want to remove an annotation, do this manually or simply remove\nall Gateways (which will remove the corresponding LoadBalancer services), update the\nGatewayConfig and then recreate the Gateways, so that the newly created LoadBalancer\nservices will contain the required annotations.",
          "type": "object"
        },
        "logLevel": {
          "description": "LogLevel specifies the default loglevel for the STUNner daemon.",
          "type": "string"
        },
        "maxPort": {
          "description": "MaxRelayPort is the smallest relay port assigned for STUNner relay connections.",
          "format": "int32",
          "type": "integer"
        },
        "metricsEndpoint": {
          "description": "MetricsEndpoint is the URI in the form `http://address:port/path` exposed for metric\nscraping (Prometheus). The scheme (`http://`) is mandatory. Default is to expose no\nmetric endpoint.",
          "type": "string"
        },
        "minPort": {
          "description": "MinRelayPort is the smallest relay port assigned for STUNner relay connections.",
          "format": "int32",
          "type": "integer"
        },
        "password": {
          "description": "Password defines the `password` credential for \"plaintext\" authentication.",
          "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$",
          "type": "string"
        },
        "realm": {
          "default": "stunner.l7mp.io",
          "description": "Realm defines the STUN/TURN authentication realm to be used for clients toauthenticate\nwith STUNner.\n\nThe realm must consist of lower case alphanumeric characters or '-', and must start and\nend with an alphanumeric character. No other punctuation is allowed.",
          "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
          "type": "string"
        },
        "sharedSecret": {
          "description": "SharedSecret defines the shared secret to be used for \"longterm\" authentication.",
          "type": "string"
        },
        "stunnerConfig": {
          "default": "stunnerd-config",
          "description": "StunnerConfig specifies the name of the ConfigMap into which the operator renders the\nstunnerd configfile.",
          "maxLength": 64,
          "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
          "type": "string"
        },
        "userName": {
          "description": "Username defines the `username` credential for \"plaintext\" authentication.",
          "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$",
          "type": "string"
        }
      },
      "type": "object",
      "additionalProperties": false
    }
  },
  "type": "object"
}