ComputeVPNTunnel
| Property | Value |
|---|---|
| Google Cloud Service Name | Compute Engine |
| Google Cloud Service Documentation | /compute/docs/ |
| Google Cloud REST Resource Name | v1.vpnTunnels |
| Google Cloud REST Resource Documentation | /compute/docs/reference/rest/v1/vpnTunnels |
| Config Connector Resource Short Names | gcpcomputevpntunnel gcpcomputevpntunnels computevpntunnel |
| Config Connector Service Name | compute.googleapis.com |
| Config Connector Resource Fully Qualified Name | computevpntunnels.compute.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/project-id |
|
Spec
Schema
description: string
ikeVersion: integer
localTrafficSelector:
- string
peerExternalGatewayInterface: integer
peerExternalGatewayRef:
external: string
name: string
namespace: string
peerGCPGatewayRef:
external: string
name: string
namespace: string
peerIp: string
region: string
remoteTrafficSelector:
- string
resourceID: string
routerRef:
external: string
name: string
namespace: string
sharedSecret:
value: string
valueFrom:
secretKeyRef:
key: string
name: string
targetVPNGatewayRef:
external: string
name: string
namespace: string
vpnGatewayInterface: integer
vpnGatewayRef:
external: string
name: string
namespace: string
| Fields | |
|---|---|
|
Optional |
Immutable. An optional description of this resource. |
|
Optional |
Immutable. IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. |
|
Optional |
Immutable. Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported. |
|
Optional |
|
|
Optional |
Immutable. The interface ID of the external VPN gateway to which this VPN tunnel is connected. |
|
Optional |
The peer side external VPN gateway to which this VPN tunnel is connected. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same VPN gateway interface ID in the peer GCP VPN gateway. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. IP address of the peer VPN gateway. Only IPv4 is supported. |
|
Required |
Immutable. The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'. |
|
Optional |
Immutable. Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example '192.168.0.0/16'. The ranges should be disjoint. Only IPv4 is supported. |
|
Optional |
|
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
The router to be used for dynamic routing. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeRouter` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Immutable. Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. |
|
Optional |
Value of the field. Cannot be used if 'valueFrom' is specified. |
|
Optional |
Source for the field's value. Cannot be used if 'value' is specified. |
|
Optional |
Reference to a value with the given key in the given Secret in the resource's namespace. |
|
Required* |
Key that identifies the value to be extracted. |
|
Required* |
Name of the Secret to extract a value from. |
|
Optional |
The ComputeTargetVPNGateway with which this VPN tunnel is associated. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The interface ID of the VPN gateway with which this VPN tunnel is associated. |
|
Optional |
The ComputeVPNGateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
creationTimestamp: string
detailedStatus: string
labelFingerprint: string
observedGeneration: integer
selfLink: string
sharedSecretHash: string
tunnelId: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
creationTimestamp |
Creation timestamp in RFC3339 text format. |
detailedStatus |
Detailed status message for the VPN tunnel. |
labelFingerprint |
The fingerprint used for optimistic locking of this resource. Used internally during updates. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
selfLink |
|
sharedSecretHash |
Hash of the shared secret. |
tunnelId |
The unique identifier for the resource. This identifier is defined by the server. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeVPNTunnel
metadata:
name: computevpntunnel-sample
labels:
foo: bar
spec:
peerIp: "15.0.0.120"
region: us-central1
sharedSecret:
valueFrom:
secretKeyRef:
name: computevpntunnel-dep
key: sharedSecret
targetVPNGatewayRef:
name: computevpntunnel-dep
localTrafficSelector:
- "192.168.0.0/16"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: computevpntunnel-dep
labels:
label-one: "value-one"
spec:
location: us-central1
description: "a test regional address"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computevpntunnel-dep1
spec:
description: "A regional forwarding rule"
target:
targetVPNGatewayRef:
name: computevpntunnel-dep
ipProtocol: "ESP"
location: us-central1
ipAddress:
addressRef:
name: computevpntunnel-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computevpntunnel-dep2
spec:
description: "A regional forwarding rule"
target:
targetVPNGatewayRef:
name: computevpntunnel-dep
ipProtocol: "UDP"
portRange: "500"
location: us-central1
ipAddress:
addressRef:
name: computevpntunnel-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computevpntunnel-dep3
spec:
description: "A regional forwarding rule"
target:
targetVPNGatewayRef:
name: computevpntunnel-dep
ipProtocol: "UDP"
portRange: "4500"
location: us-central1
ipAddress:
addressRef:
name: computevpntunnel-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: computevpntunnel-dep
spec:
routingMode: REGIONAL
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetVPNGateway
metadata:
name: computevpntunnel-dep
spec:
description: a test target vpn gateway
region: us-central1
networkRef:
name: computevpntunnel-dep
---
apiVersion: v1
kind: Secret
metadata:
name: computevpntunnel-dep
stringData:
sharedSecret: "a secret message"