You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: 'APIVersion defines the versioned schema of this representation
45
-
of an object. Servers should convert recognized schemas to the latest
46
-
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
43
+
description: |-
44
+
APIVersion defines the versioned schema of this representation of an object.
45
+
Servers should convert recognized schemas to the latest internal value, and
46
+
may reject unrecognized values.
47
+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
47
48
type: string
48
49
kind:
49
-
description: 'Kind is a string value representing the REST resource this
50
-
object represents. Servers may infer this from the endpoint the client
51
-
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
50
+
description: |-
51
+
Kind is a string value representing the REST resource this object represents.
52
+
Servers may infer this from the endpoint the client submits requests to.
53
+
Cannot be updated.
54
+
In CamelCase.
55
+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
52
56
type: string
53
57
metadata:
54
58
type: object
55
59
spec:
56
60
description: Spec contains the firewall deployment specification.
57
61
properties:
58
62
replicas:
59
-
description: Replicas is the amount of firewall replicas targeted
60
-
to be running. Defaults to 1.
63
+
description: |-
64
+
Replicas is the amount of firewall replicas targeted to be running.
65
+
Defaults to 1.
61
66
type: integer
62
67
selector:
63
68
additionalProperties:
64
69
type: string
65
-
description: Selector is a label query over firewalls that should
66
-
match the replicas count. If selector is empty, it is defaulted
67
-
to the labels present on the firewall template. Label keys and values
68
-
that must match in order to be controlled by this replication controller,
69
-
if empty defaulted to labels on firewall template.
70
+
description: |-
71
+
Selector is a label query over firewalls that should match the replicas count.
72
+
If selector is empty, it is defaulted to the labels present on the firewall template.
73
+
Label keys and values that must match in order to be controlled by this replication
74
+
controller, if empty defaulted to labels on firewall template.
70
75
type: object
71
76
strategy:
72
-
description: Strategy describes the strategy how firewalls are updated
73
-
in case the update requires a physical recreation of the firewalls.
77
+
description: |-
78
+
Strategy describes the strategy how firewalls are updated in case the update requires a physical recreation of the firewalls.
74
79
Defaults to RollingUpdate strategy.
75
80
type: string
76
81
template:
@@ -100,11 +105,10 @@ spec:
100
105
description: Spec contains the firewall specification.
101
106
properties:
102
107
allowedNetworks:
103
-
description: AllowedNetworks defines dedicated networks for
104
-
which the firewall allows in- and outgoing traffic. The
105
-
firewall-controller only enforces this setting in combination
106
-
with NetworkAccessType set to forbidden. The node network
107
-
is always allowed.
108
+
description: |-
109
+
AllowedNetworks defines dedicated networks for which the firewall allows in- and outgoing traffic.
110
+
The firewall-controller only enforces this setting in combination with NetworkAccessType set to forbidden.
111
+
The node network is always allowed.
108
112
properties:
109
113
egress:
110
114
description: Egress defines a list of cidrs which are
@@ -161,15 +165,14 @@ spec:
161
165
type: object
162
166
type: array
163
167
image:
164
-
description: Image is the os image of the firewall. An update
165
-
on this field requires the recreation of the physical firewall
166
-
and can therefore lead to traffic interruption for the cluster.
168
+
description: |-
169
+
Image is the os image of the firewall.
170
+
An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
167
171
type: string
168
172
internalPrefixes:
169
-
description: InternalPrefixes specify prefixes which are considered
170
-
local to the partition or all regions. This is used for
171
-
the traffic counters. Traffic to/from these prefixes is
172
-
counted as internal traffic.
173
+
description: |-
174
+
InternalPrefixes specify prefixes which are considered local to the partition or all regions. This is used for the traffic counters.
175
+
Traffic to/from these prefixes is counted as internal traffic.
173
176
items:
174
177
type: string
175
178
type: array
@@ -186,12 +189,10 @@ spec:
186
189
accepted connections in the droptailer log.
187
190
type: boolean
188
191
networks:
189
-
description: Networks are the networks to which this firewall
190
-
is connected. An update on this field requires the recreation
191
-
of the physical firewall and can therefore lead to traffic
192
-
interruption for the cluster. Detailed information about
193
-
the networks are fetched continuously during runtime and
194
-
stored in the status.firewallNetworks.
192
+
description: |-
193
+
Networks are the networks to which this firewall is connected.
194
+
An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
195
+
Detailed information about the networks are fetched continuously during runtime and stored in the status.firewallNetworks.
195
196
items:
196
197
type: string
197
198
type: array
@@ -232,24 +233,21 @@ spec:
232
233
type: object
233
234
type: array
234
235
size:
235
-
description: Size is the machine size of the firewall. An
236
-
update on this field requires the recreation of the physical
237
-
firewall and can therefore lead to traffic interruption
238
-
for the cluster.
236
+
description: |-
237
+
Size is the machine size of the firewall.
238
+
An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
239
239
type: string
240
240
sshPublicKeys:
241
-
description: SSHPublicKeys are public keys which are added
242
-
to the firewall's authorized keys file on creation. It gets
243
-
defaulted to the public key of ssh secret as provided by
244
-
the controller flags.
241
+
description: |-
242
+
SSHPublicKeys are public keys which are added to the firewall's authorized keys file on creation.
243
+
It gets defaulted to the public key of ssh secret as provided by the controller flags.
245
244
items:
246
245
type: string
247
246
type: array
248
247
userdata:
249
-
description: Userdata contains the userdata used for the creation
250
-
of the firewall. It gets defaulted to a userdata matching
251
-
for the firewall-controller with connection to Gardener
252
-
shoot and seed.
248
+
description: |-
249
+
Userdata contains the userdata used for the creation of the firewall.
250
+
It gets defaulted to a userdata matching for the firewall-controller with connection to Gardener shoot and seed.
description: FirewallMonitor is typically deployed into the shoot cluster
40
-
in comparison to the other resources of this controller which are deployed
41
-
into the seed cluster's shoot namespace.
38
+
description: |-
39
+
FirewallMonitor is typically deployed into the shoot cluster in comparison to the other resources of this controller
40
+
which are deployed into the seed cluster's shoot namespace.
42
41
properties:
43
42
apiVersion:
44
-
description: 'APIVersion defines the versioned schema of this representation
45
-
of an object. Servers should convert recognized schemas to the latest
46
-
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
43
+
description: |-
44
+
APIVersion defines the versioned schema of this representation of an object.
45
+
Servers should convert recognized schemas to the latest internal value, and
46
+
may reject unrecognized values.
47
+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
47
48
type: string
48
49
conditions:
49
50
description: Conditions contain the latest available observations of a
@@ -89,19 +90,18 @@ spec:
89
90
controllerVersion:
90
91
type: string
91
92
distance:
92
-
description: FirewallDistance defines the as-path length of firewalls,
93
-
influencing how strong they attract network traffic for routing
94
-
traffic in and out of the cluster. This is of particular interest
95
-
during rolling firewall updates, i.e. when there is more than a
96
-
single firewall running in front of the cluster. During a rolling
97
-
update, new firewalls start with a longer distance such that traffic
98
-
is only attracted by the existing firewalls ("firewall staging").
99
-
When the new firewall has connected successfully to the firewall
100
-
monitor, the deployment controller throws away the old firewalls
101
-
and the new firewall takes over the routing. The deployment controller
102
-
will then shorten the distance of the new firewall. This approach
103
-
reduces service interruption of the external user traffic of the
104
-
cluster (for firewall-controller versions that support this feature).
93
+
description: |-
94
+
FirewallDistance defines the as-path length of firewalls, influencing how strong they attract
95
+
network traffic for routing traffic in and out of the cluster.
96
+
This is of particular interest during rolling firewall updates, i.e. when there is
97
+
more than a single firewall running in front of the cluster.
98
+
During a rolling update, new firewalls start with a longer distance such that
99
+
traffic is only attracted by the existing firewalls ("firewall staging").
100
+
When the new firewall has connected successfully to the firewall monitor, the deployment
101
+
controller throws away the old firewalls and the new firewall takes over the routing.
102
+
The deployment controller will then shorten the distance of the new firewall.
103
+
This approach reduces service interruption of the external user traffic of the cluster
104
+
(for firewall-controller versions that support this feature).
105
105
type: integer
106
106
distanceSupported:
107
107
type: boolean
@@ -209,9 +209,12 @@ spec:
209
209
description: Image is the os image of the firewall.
210
210
type: string
211
211
kind:
212
-
description: 'Kind is a string value representing the REST resource this
213
-
object represents. Servers may infer this from the endpoint the client
214
-
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
212
+
description: |-
213
+
Kind is a string value representing the REST resource this object represents.
214
+
Servers may infer this from the endpoint the client submits requests to.
215
+
Cannot be updated.
216
+
In CamelCase.
217
+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
215
218
type: string
216
219
logAcceptedConnections:
217
220
description: LogAcceptedConnections if set to true, also log accepted
0 commit comments