bastion.oracle.com/v1beta1
Back to API Reference
APIVersion: bastion.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages
No customer-visible package currently exposes bastion.oracle.com/v1beta1.
Resources
Bastion
Manage OCI Bastion bastion resources.
Plural: bastionsScope: NamespacedAPIVersion: bastion.oracle.com/v1beta1Sample: Sample (config/samples/bastion_v1beta1_bastion.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
BastionSpec defines the desired state of Bastion.
| Field |
Description |
Type |
Required |
Default |
Enum |
bastionType |
The type of bastion. Use standard. |
string |
Yes |
- |
- |
clientCidrBlockAllowList |
A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. |
list[string] |
No |
- |
- |
compartmentId |
The unique identifier (OCID) of the compartment where the bastion is located. |
string |
Yes |
- |
- |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No |
- |
- |
dnsProxyStatus |
The desired dns proxy status of the bastion. |
string |
No |
- |
- |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No |
- |
- |
maxSessionTtlInSeconds |
The maximum amount of time that any session on the bastion can remain active. |
integer |
No |
- |
- |
name |
The name of the bastion, which can't be changed after creation. |
string |
No |
- |
- |
phoneBookEntry |
The phonebook entry of the customer's team, which can't be changed after creation. Not applicable to standard bastions. |
string |
No |
- |
- |
securityAttributes |
Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "enforce"}}} |
map[string, map[string, string]] |
No |
- |
- |
staticJumpHostIpAddresses |
A list of IP addresses of the hosts that the bastion has access to. Not applicable to standard bastions. |
list[string] |
No |
- |
- |
targetSubnetId |
The unique identifier (OCID) of the subnet that the bastion connects to. |
string |
Yes |
- |
- |
Status
BastionStatus defines the observed state of Bastion.
| Field |
Description |
Type |
Required |
Default |
Enum |
bastionType |
The type of bastion. |
string |
No |
- |
- |
clientCidrBlockAllowList |
A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. |
list[string] |
No |
- |
- |
compartmentId |
The unique identifier (OCID) of the compartment where the bastion is located. |
string |
No |
- |
- |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No |
- |
- |
dnsProxyStatus |
The current dns proxy status of the bastion. |
string |
No |
- |
- |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No |
- |
- |
id |
The unique identifier (OCID) of the bastion, which can't be changed after creation. |
string |
No |
- |
- |
lifecycleDetails |
A message describing the current state in more detail. |
string |
No |
- |
- |
lifecycleState |
The current state of the bastion. |
string |
No |
- |
- |
maxSessionTtlInSeconds |
The maximum amount of time that any session on the bastion can remain active. |
integer |
No |
- |
- |
maxSessionsAllowed |
The maximum number of active sessions allowed on the bastion. |
integer |
No |
- |
- |
name |
The name of the bastion, which can't be changed after creation. |
string |
No |
- |
- |
phoneBookEntry |
The phonebook entry of the customer's team, which can't be changed after creation. Not applicable to standard bastions. |
string |
No |
- |
- |
privateEndpointIpAddress |
The private IP address of the created private endpoint. |
string |
No |
- |
- |
securityAttributes |
Security attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "enforce"}}} |
map[string, map[string, string]] |
No |
- |
- |
staticJumpHostIpAddresses |
A list of IP addresses of the hosts that the bastion has access to. Not applicable to standard bastions. |
list[string] |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No |
- |
- |
targetSubnetId |
The unique identifier (OCID) of the subnet that the bastion connects to. |
string |
No |
- |
- |
targetVcnId |
The unique identifier (OCID) of the virtual cloud network (VCN) that the bastion connects to. |
string |
No |
- |
- |
timeCreated |
The time the bastion was created. Format is defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2020-01-25T21:10:29.600Z |
string |
No |
- |
- |
timeUpdated |
The time the bastion was updated. Format is defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2020-01-25T21:10:29.600Z |
string |
No |
- |
- |
Status.status
Back to Bastion status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Bastion status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Bastion status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Bastion status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
Session
Manage OCI Bastion sessions.
Plural: sessionsScope: NamespacedAPIVersion: bastion.oracle.com/v1beta1Sample: Sample (config/samples/bastion_v1beta1_session.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
SessionSpec defines the desired state of Session.
| Field |
Description |
Type |
Required |
Default |
Enum |
bastionId |
The unique identifier (OCID) of the bastion on which to create this session. |
string |
Yes |
- |
- |
displayName |
The name of the session. |
string |
No |
- |
- |
keyDetails |
SessionKeyDetails defines nested fields for Session.KeyDetails. |
object |
Yes |
- |
- |
keyType |
The type of the key used to connect to the session. PUB is a standard public key in OpenSSH format. |
string |
No |
- |
- |
sessionTtlInSeconds |
The amount of time the session can remain active. |
integer |
No |
- |
- |
targetResourceDetails |
SessionTargetResourceDetails defines nested fields for Session.TargetResourceDetails. |
object |
Yes |
- |
- |
Spec.keyDetails
Back to Session spec
SessionKeyDetails defines nested fields for Session.KeyDetails.
| Field |
Description |
Type |
Required |
Default |
Enum |
publicKeyContent |
The public key in OpenSSH format of the SSH key pair for the session. When you connect to the session, you must provide the private key of the same SSH key pair. |
string |
Yes |
- |
- |
Spec.targetResourceDetails
Back to Session spec
SessionTargetResourceDetails defines nested fields for Session.TargetResourceDetails.
| Field |
Description |
Type |
Required |
Default |
Enum |
jsonData |
- |
string |
No |
- |
- |
sessionType |
- |
string |
No |
- |
- |
targetResourceFqdn |
The Fully Qualified Domain Name of the target resource that the session connects to. |
string |
No |
- |
- |
targetResourceId |
The unique identifier (OCID) of the target resource (a Compute instance, for example) that the session connects to. |
string |
No |
- |
- |
targetResourceOperatingSystemUserName |
The name of the user on the target resource operating system that the session uses for the connection. |
string |
No |
- |
- |
targetResourcePort |
The port number to connect to on the target resource. |
integer |
No |
- |
- |
targetResourcePrivateIpAddress |
The private IP address of the target resource that the session connects to. |
string |
No |
- |
- |
Status
SessionStatus defines the observed state of Session.
| Field |
Description |
Type |
Required |
Default |
Enum |
bastionId |
The unique identifier (OCID) of the bastion that is hosting this session. |
string |
No |
- |
- |
bastionName |
The name of the bastion that is hosting this session. |
string |
No |
- |
- |
bastionPublicHostKeyInfo |
The public key of the bastion host. You can use this to verify that you're connecting to the correct bastion. |
string |
No |
- |
- |
bastionUserName |
The username that the session uses to connect to the target resource. |
string |
No |
- |
- |
displayName |
The name of the session. |
string |
No |
- |
- |
id |
The unique identifier (OCID) of the session, which can't be changed after creation. |
string |
No |
- |
- |
keyDetails |
SessionKeyDetails defines nested fields for Session.KeyDetails. |
object |
No |
- |
- |
keyType |
The type of the key used to connect to the session. PUB is a standard public key in OpenSSH format. |
string |
No |
- |
- |
lifecycleDetails |
A message describing the current session state in more detail. |
string |
No |
- |
- |
lifecycleState |
The current state of the session. |
string |
No |
- |
- |
sessionTtlInSeconds |
The amount of time the session can remain active. |
integer |
No |
- |
- |
sshMetadata |
The connection message for the session. |
map[string, string] |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
targetResourceDetails |
SessionTargetResourceDetails defines nested fields for Session.TargetResourceDetails. |
object |
No |
- |
- |
timeCreated |
The time the session was created. Format is defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2020-01-25T21:10:29.600Z |
string |
No |
- |
- |
timeUpdated |
The time the session was updated. Format is defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2020-01-25T21:10:29.600Z |
string |
No |
- |
- |
Status.keyDetails
Back to Session status
SessionKeyDetails defines nested fields for Session.KeyDetails.
| Field |
Description |
Type |
Required |
Default |
Enum |
publicKeyContent |
The public key in OpenSSH format of the SSH key pair for the session. When you connect to the session, you must provide the private key of the same SSH key pair. |
string |
Yes |
- |
- |
Status.status
Back to Session status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Session status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Session status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Session status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
Status.targetResourceDetails
Back to Session status
SessionTargetResourceDetails defines nested fields for Session.TargetResourceDetails.
| Field |
Description |
Type |
Required |
Default |
Enum |
jsonData |
- |
string |
No |
- |
- |
sessionType |
- |
string |
No |
- |
- |
targetResourceFqdn |
The Fully Qualified Domain Name of the target resource that the session connects to. |
string |
No |
- |
- |
targetResourceId |
The unique identifier (OCID) of the target resource (a Compute instance, for example) that the session connects to. |
string |
No |
- |
- |
targetResourceOperatingSystemUserName |
The name of the user on the target resource operating system that the session uses for the connection. |
string |
No |
- |
- |
targetResourcePort |
The port number to connect to on the target resource. |
integer |
No |
- |
- |
targetResourcePrivateIpAddress |
The private IP address of the target resource that the session connects to. |
string |
No |
- |
- |