ComputeVPNTunnel

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.vpnTunnels
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/vpnTunnels
Config Connector Resource Short Names gcpcomputevpntunnel
gcpcomputevpntunnels
computevpntunnel
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computevpntunnels.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/project-id

Spec

Schema

  description: string
  ikeVersion: integer
  localTrafficSelector:
  - string
  peerExternalGatewayInterface: integer
  peerExternalGatewayRef:
    external: string
    name: string
    namespace: string
  peerGCPGatewayRef:
    external: string
    name: string
    namespace: string
  peerIp: string
  region: string
  remoteTrafficSelector:
  - string
  resourceID: string
  routerRef:
    external: string
    name: string
    namespace: string
  sharedSecret:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  targetVPNGatewayRef:
    external: string
    name: string
    namespace: string
  vpnGatewayInterface: integer
  vpnGatewayRef:
    external: string
    name: string
    namespace: string
Fields

description

Optional

string

Immutable. An optional description of this resource.

ikeVersion

Optional

integer

Immutable. IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.

localTrafficSelector

Optional

list (string)

Immutable. Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported.

localTrafficSelector.[]

Optional

string

peerExternalGatewayInterface

Optional

integer

Immutable. The interface ID of the external VPN gateway to which this VPN tunnel is connected.

peerExternalGatewayRef

Optional

object

The peer side external VPN gateway to which this VPN tunnel is connected.

peerExternalGatewayRef.external

Optional

string

The selfLink of a ComputeExternalVPNGateway.

peerExternalGatewayRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

peerExternalGatewayRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

peerGCPGatewayRef

Optional

object

The peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same VPN gateway interface ID in the peer GCP VPN gateway.

peerGCPGatewayRef.external

Optional

string

The selfLink of a ComputeVPNGateway.

peerGCPGatewayRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

peerGCPGatewayRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

peerIp

Optional

string

Immutable. IP address of the peer VPN gateway. Only IPv4 is supported.

region

Required

string

Immutable. The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.

remoteTrafficSelector

Optional

list (string)

Immutable. Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported.

remoteTrafficSelector.[]

Optional

string

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

routerRef

Optional

object

The router to be used for dynamic routing.

routerRef.external

Optional

string

The selfLink of a ComputeRouter.

routerRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sharedSecret

Required

object

Immutable. Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

sharedSecret.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

sharedSecret.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

sharedSecret.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

sharedSecret.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

sharedSecret.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

targetVPNGatewayRef

Optional

object

The ComputeTargetVPNGateway with which this VPN tunnel is associated.

targetVPNGatewayRef.external

Optional

string

The selfLink of a ComputeTargetVPNGateway.

targetVPNGatewayRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

targetVPNGatewayRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

vpnGatewayInterface

Optional

integer

Immutable. The interface ID of the VPN gateway with which this VPN tunnel is associated.

vpnGatewayRef

Optional

object

The ComputeVPNGateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created.

vpnGatewayRef.external

Optional

string

The selfLink of a ComputeVPNGateway.

vpnGatewayRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

vpnGatewayRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema

  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  creationTimestamp: string
  detailedStatus: string
  labelFingerprint: string
  selfLink: string
  sharedSecretHash: string
  tunnelId: string
Fields
conditions

list (object)

Conditions represents the latest available observation of the resource's current state.

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

detailedStatus

string

Detailed status message for the VPN tunnel.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

selfLink

string

sharedSecretHash

string

Hash of the shared secret.

tunnelId

string

The unique identifier for the resource. This identifier is defined by the server.

Sample YAML(s)

Typical Use Case

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeVPNTunnel
  metadata:
    name: computevpntunnel-sample
    labels:
      foo: bar
  spec:
    peerIp: "15.0.0.120"
    region: us-central1
    sharedSecret:
      valueFrom:
        secretKeyRef:
          name: computevpntunnel-dep
          key: sharedSecret
    targetVPNGatewayRef:
      name: computevpntunnel-dep
    localTrafficSelector:
     - "192.168.0.0/16"
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeAddress
  metadata:
    name: computevpntunnel-dep
    labels:
      label-one: "value-one"
  spec:
    location: us-central1
    description: "a test regional address"
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computevpntunnel-dep1
  spec:
    description: "A regional forwarding rule"
    target:
      targetVPNGatewayRef:
        name: computevpntunnel-dep
    ipProtocol: "ESP"
    location: us-central1
    ipAddress:
      addressRef:
        name: computevpntunnel-dep
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computevpntunnel-dep2
  spec:
    description: "A regional forwarding rule"
    target:
      targetVPNGatewayRef:
        name: computevpntunnel-dep
    ipProtocol: "UDP"
    portRange: "500"
    location: us-central1
    ipAddress:
      addressRef:
        name: computevpntunnel-dep
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computevpntunnel-dep3
  spec:
    description: "A regional forwarding rule"
    target:
      targetVPNGatewayRef:
        name: computevpntunnel-dep
    ipProtocol: "UDP"
    portRange: "4500"
    location: us-central1
    ipAddress:
      addressRef:
        name: computevpntunnel-dep
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computevpntunnel-dep
  spec:
    routingMode: REGIONAL
    autoCreateSubnetworks: false
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetVPNGateway
  metadata:
    name: computevpntunnel-dep
  spec:
    description: a test target vpn gateway
    region: us-central1
    networkRef:
      name: computevpntunnel-dep
  ---
  apiVersion: v1
  kind: Secret
  metadata:
    name: computevpntunnel-dep
  stringData:
    sharedSecret: "a secret message"