DNSManagedZone

Property Value
Google Cloud Service Name Cloud DNS
Google Cloud Service Documentation /dns/docs/
Google Cloud REST Resource Name v1beta2.managedZones
Google Cloud REST Resource Documentation /dns/docs/reference/v1beta2/managedZones
Config Connector Resource Short Names gcpdnsmanagedzone
gcpdnsmanagedzones
dnsmanagedzone
Config Connector Service Name dns.googleapis.com
Config Connector Resource Fully Qualified Name dnsmanagedzones.dns.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/project-id

Spec

Schema

description: string
dnsName: string
dnssecConfig:
  defaultKeySpecs:
  - algorithm: string
    keyLength: integer
    keyType: string
    kind: string
  kind: string
  nonExistence: string
  state: string
forwardingConfig:
  targetNameServers:
  - forwardingPath: string
    ipv4Address: string
peeringConfig:
  targetNetwork:
    networkRef:
      external: string
      name: string
      namespace: string
privateVisibilityConfig:
  networks:
  - networkRef:
      external: string
      name: string
      namespace: string
reverseLookup: boolean
serviceDirectoryConfig:
  namespace:
    namespaceUrl: string
visibility: string
Fields

description

Optional

string

dnsName

Required

string

The DNS name of this managed zone, for instance "example.com.".

dnssecConfig

Optional

object

DNSSEC configuration

dnssecConfig.defaultKeySpecs

Optional

list (object)

dnssecConfig.defaultKeySpecs.[]

Optional

object

dnssecConfig.defaultKeySpecs.[].algorithm

Optional

string

String mnemonic specifying the DNSSEC algorithm of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512"]

dnssecConfig.defaultKeySpecs.[].keyLength

Optional

integer

Length of the keys in bits

dnssecConfig.defaultKeySpecs.[].keyType

Optional

string

Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]

dnssecConfig.defaultKeySpecs.[].kind

Optional

string

Identifies what kind of resource this is

dnssecConfig.kind

Optional

string

Identifies what kind of resource this is

dnssecConfig.nonExistence

Optional

string

Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]

dnssecConfig.state

Optional

string

Specifies whether DNSSEC is enabled, and what mode it is in Possible values: ["off", "on", "transfer"]

forwardingConfig

Optional

object

The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to.

forwardingConfig.targetNameServers

Required*

list (object)

forwardingConfig.targetNameServers.[]

Required*

object

forwardingConfig.targetNameServers.[].forwardingPath

Optional

string

Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]

forwardingConfig.targetNameServers.[].ipv4Address

Required*

string

IPv4 address of a target name server.

peeringConfig

Optional

object

The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with.

peeringConfig.targetNetwork

Required*

object

The network with which to peer.

peeringConfig.targetNetwork.networkRef

Required*

object

VPC network to forward queries to.

peeringConfig.targetNetwork.networkRef.external

Optional

string

The selfLink of a ComputeNetwork.

peeringConfig.targetNetwork.networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

peeringConfig.targetNetwork.networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

privateVisibilityConfig

Optional

object

For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from.

privateVisibilityConfig.networks

Required*

list (object)

privateVisibilityConfig.networks.[]

Required*

object

privateVisibilityConfig.networks.[].networkRef

Required*

object

VPC network to bind to.

privateVisibilityConfig.networks.[].networkRef.external

Optional

string

The selfLink of a ComputeNetwork.

privateVisibilityConfig.networks.[].networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

privateVisibilityConfig.networks.[].networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

reverseLookup

Optional

boolean

Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under 'private_visibility_config'.

serviceDirectoryConfig

Optional

object

The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone.

serviceDirectoryConfig.namespace

Required*

object

The namespace associated with the zone.

serviceDirectoryConfig.namespace.namespaceUrl

Required*

string

The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' Ignored for 'public' visibility zones.

visibility

Optional

string

The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
nameServers:
- string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

nameServers

list (string)

nameServers.[]

string

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSManagedZone
metadata:
  labels:
    label-one: "value-one"
  name: dnsmanagedzone-sample
spec:
  description: "Example DNS zone"
  dnsName: "cnrm-dns-example.com."
  visibility: private
  privateVisibilityConfig:
    networks:
      - networkRef:
          name: dnsmanagedzone-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: dnsmanagedzone-dep
spec:
  autoCreateSubnetworks: false