VirtualNetworkGateway is the Schema for the VirtualNetworkGateways API. Manages a virtual network gateway to establish secure, cross-premises connectivity.
Type
CRD
Group
network.azure.upbound.io
Version
v1beta1
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetworkGateway
VirtualNetworkGatewaySpec defines the desired state of VirtualNetworkGateway
No description provided.
A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
A list of address blocks reserved for this virtual network in CIDR notation as defined below.
One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
Reference to a PublicIP in network to populate publicIpAddressId.
Policies for referencing.
Selector for a PublicIP in network to populate publicIpAddressId.
Policies for selection.
Reference to a Subnet to populate subnetId.
Policies for referencing.
Selector for a Subnet to populate subnetId.
Policies for selection.
Reference to a ResourceGroup in azure to populate resourceGroupName.
Policies for referencing.
Selector for a ResourceGroup in azure to populate resourceGroupName.
Policies for selection.
A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
One or more revoked_certificate blocks which are defined below.
One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.
List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
A list of address blocks reserved for this virtual network in CIDR notation as defined below.
One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
One or more revoked_certificate blocks which are defined below.
One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.
List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
VirtualNetworkGatewayStatus defines the observed state of VirtualNetworkGateway.
No description provided.
A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
A list of address blocks reserved for this virtual network in CIDR notation as defined below.
One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
One or more revoked_certificate blocks which are defined below.
One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.
List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
Conditions of the resource.
example
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetworkGateway
metadata:
annotations:
meta.upbound.io/example-id: network/v1beta1/virtualnetworkgateway
upjet.upbound.io/manual-intervention: This resource needs a valid public key.
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
activeActive: false
enableBgp: false
ipConfiguration:
- name: vnetGatewayConfig
privateIpAddressAllocation: Dynamic
publicIpAddressIdSelector:
matchLabels:
testing.upbound.io/example-name: example
subnetIdSelector:
matchLabels:
testing.upbound.io/example-name: example
location: West Europe
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example
sku: Basic
type: Vpn
vpnClientConfiguration:
- addressSpace:
- 10.2.0.0/24
revokedCertificate:
- name: Verizon-Global-Root-CA
thumbprint: null
rootCertificate:
- name: DigiCert-Federated-ID-Root-CA
publicCertData: null
vpnType: RouteBased
example
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetworkGateway
metadata:
annotations:
meta.upbound.io/example-id: network/v1beta1/virtualnetworkgatewayconnection
upjet.upbound.io/manual-intervention: The resource is dependency of root resource.
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
activeActive: false
enableBgp: false
ipConfiguration:
- privateIpAddressAllocation: Dynamic
publicIpAddressIdSelector:
matchLabels:
testing.upbound.io/example-name: example
subnetIdSelector:
matchLabels:
testing.upbound.io/example-name: example
location: West US
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example
sku: Basic
type: Vpn
vpnType: RouteBased
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.