GatewayConfig

stunner.l7mp.io / v1

apiVersion: stunner.l7mp.io/v1 kind: GatewayConfig metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

GatewayConfigSpec defines the desired state of GatewayConfig

authLifetime integer

AuthLifetime defines the lifetime of "longterm" authentication credentials in seconds.

format: int32

authRef object

Note that externally set credentials override any inline auth credentials (AuthType, AuthUsername, etc.): if AuthRef is nonempty then it is expected that the referenced Secret exists and *all* authentication credentials are correctly set in the referenced Secret (username/password or shared secret). Mixing of credential sources (inline/external) is not supported.

group string

Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.

pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

maxLength: 253

kind string

Kind is kind of the referent. For example "Secret".

pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$

minLength: 1

maxLength: 63

name string required

Name is the name of the referent.

minLength: 1

maxLength: 253

namespace string

Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. Support: Core

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

minLength: 1

maxLength: 63

authType string

AuthType is the type of the STUN/TURN authentication mechanism.

pattern: ^plaintext|static|longterm|ephemeral|timewindowed$

dataplane string

Dataplane defines the dataplane (stunnerd image, version, etc) for STUNner gateways using this GatewayConfig.

loadBalancerServiceAnnotations object

LoadBalancerServiceAnnotations is a list of annotations that will go into the LoadBalancer services created automatically by the operator to wrap Gateways. NOTE: removing annotations from a GatewayConfig will not result in the removal of the corresponding annotations from the LoadBalancer service, in order to prevent the accidental removal of an annotation installed there by Kubernetes or the cloud provider. If you really want to remove an annotation, do this manually or simply remove all Gateways (which will remove the corresponding LoadBalancer services), update the GatewayConfig and then recreate the Gateways, so that the newly created LoadBalancer services will contain the required annotations.

logLevel string

LogLevel specifies the default loglevel for the STUNner daemon.

password string

Password defines the `password` credential for "plaintext" authentication.

pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$

realm string

Realm defines the STUN/TURN authentication realm to be used for clients toauthenticate with STUNner. The realm must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed.

pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

sharedSecret string

SharedSecret defines the shared secret to be used for "longterm" authentication.

stunMode boolean

STUNMode toggles STUN-server mode. In this mode only STUN binding requests are handled, but no TURN allocations are allowed by the gateway. This is useful to prevent a DDoS vector when STUNner is deployed as a user-facing STUN server, where a client creates and removes empty allocations in a fast loop to overload the TURN server. When STUN-mode is enabled TURN credentials are optional and ignored even if provided, otherwise TURN credentials are mandatory. Default is false, which disables pure-STUN mode. Not supported in the free tier.

userName string

Username defines the `username` credential for "plaintext" authentication.

pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$

userQuota integer

UserQuota limits the number of allocations active at one time for a given TURN username (see RFC8656/Section 5). Overlimit allocations are rejected with a 486 (Allocation Quota Reached) error. Default is no quota. Not supported in the free tier.

No matches. Try .spec.authLifetime for an exact path