DNSManagedZone
Property | Value |
---|---|
Google Cloud Service Name | Cloud DNS |
Google Cloud Service Documentation | /dns/docs/ |
Google Cloud REST Resource Name | v1beta2.managedZones |
Google Cloud REST Resource Documentation | /dns/docs/reference/v1beta2/managedZones |
Config Connector Resource Short Names | gcpdnsmanagedzone gcpdnsmanagedzones dnsmanagedzone |
Config Connector Service Name | dns.googleapis.com |
Config Connector Resource Fully Qualified Name | dnsmanagedzones.dns.cnrm.cloud.google.com |
Can Be Referenced by IAMPolicy/IAMPolicyMember | Yes |
Supports IAM Conditions | No |
Supports IAM Audit Configs | No |
IAM External Reference Format |
projects/{{project}}/managedZones/{{name}} |
Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
Fields | |
---|---|
cnrm.cloud.google.com/force-destroy |
|
cnrm.cloud.google.com/project-id |
Spec
Schema
cloudLoggingConfig:
enableLogging: boolean
description: string
dnsName: string
dnssecConfig:
defaultKeySpecs:
- algorithm: string
keyLength: integer
keyType: string
kind: string
kind: string
nonExistence: string
state: string
forwardingConfig:
targetNameServers:
- forwardingPath: string
ipv4Address: string
peeringConfig:
targetNetwork:
networkRef:
external: string
name: string
namespace: string
privateVisibilityConfig:
gkeClusters:
- gkeClusterNameRef:
external: string
name: string
namespace: string
networks:
- networkRef:
external: string
name: string
namespace: string
resourceID: string
reverseLookup: boolean
serviceDirectoryConfig:
namespace:
namespaceUrl: string
visibility: string
Fields | |
---|---|
Optional |
Cloud logging configuration. |
Required* |
If set, enable query logging for this ManagedZone. False by default, making logging opt-in. |
Optional |
A textual description field. Defaults to 'Managed by Config Connector'. |
Required |
Immutable. The DNS name of this managed zone, for instance "example.com.". |
Optional |
DNSSEC configuration. |
Optional |
Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is 'off'. |
Optional |
|
Optional |
String mnemonic specifying the DNSSEC algorithm of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512"]. |
Optional |
Length of the keys in bits. |
Optional |
Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. |
Optional |
Identifies what kind of resource this is. |
Optional |
Identifies what kind of resource this is. |
Optional |
Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. |
Optional |
Specifies whether DNSSEC is enabled, and what mode it is in Possible values: ["off", "on", "transfer"]. |
Optional |
The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. |
Required* |
List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. |
Required* |
|
Optional |
Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. |
Required* |
IPv4 address of a target name server. |
Optional |
The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. |
Required* |
The network with which to peer. |
Required* |
VPC network to forward queries to. |
Optional |
Allowed value: The `selfLink` field of a `ComputeNetwork` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified. |
Optional |
The list of Google Kubernetes Engine clusters that can see this zone. |
Optional |
|
Required* |
The resource name of the cluster to bind this ManagedZone to. This should be specified in the format like 'projects/*/locations/*/clusters/*'. |
Optional |
Allowed value: The `selfLink` field of a `ContainerCluster` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
|
Optional |
|
Required* |
VPC network to bind to. |
Optional |
Allowed value: The `selfLink` field of a `ComputeNetwork` resource. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
Optional |
Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under 'private_visibility_config'. |
Optional |
Immutable. The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. |
Required* |
The namespace associated with the zone. |
Required* |
The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' Ignored for 'public' visibility zones. |
Optional |
Immutable. The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
creationTime: string
managedZoneId: integer
nameServers:
- string
observedGeneration: integer
Fields | |
---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
creationTime |
The time that this resource was created on the server. This is in RFC3339 text format. |
managedZoneId |
Unique identifier for the resource; defined by the server. |
nameServers |
Delegate your managed_zone to these virtual name servers; defined by the server. |
nameServers[] |
|
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSManagedZone
metadata:
labels:
label-one: "value-one"
name: dnsmanagedzone-sample
spec:
description: "Example DNS zone"
dnsName: "cnrm-dns-example.com."
visibility: private
privateVisibilityConfig:
networks:
- networkRef:
name: dnsmanagedzone-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: dnsmanagedzone-dep
spec:
autoCreateSubnetworks: false