API Reference

Packages:

twingate.com/v1beta

twingate.com/v1beta

Resource Types:

TwingateConnector
TwingateGroup
TwingateResourceAccess
TwingateResource

TwingateConnector

^{^{↩ Parent}}

TwingateConnector represents a Connector in Twingate.

Name	Type	Description	Required
apiVersion	string	twingate.com/v1beta	true
kind	string	TwingateConnector	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	TwingateConnectorSpec defines the desired state of TwingateConnector Validations: (!has(oldSelf.id) \|\| self.id == oldSelf.id): id is immutable once set (has(self.image) && !has(self.imagePolicy)) \|\| (!has(self.image) && has(self.imagePolicy)) \|\| (!has(self.image) && !has(self.imagePolicy)): Can define either `image` or `imagePolicy`, not both.	false
status	object		false

TwingateConnector.spec

^{^{↩ Parent}}

TwingateConnectorSpec defines the desired state of TwingateConnector

Name	Type	Description	Required
containerExtra	object	Extra container configuration for the Connector Pod.	false
hasStatusNotificationsEnabled	boolean	Enable status notifications for the Connector. Default: true	false
id	string		false
image	object	Image defines the image to use for the Connector.	false
imagePolicy	object	ImagePolicy defines the image to use for the Connector and a schedule to keep it up to date. Validations: self.provider != "google" \|\| (self.provider == "google" && !has(self.repository)): Google provider requires specifying repository.	false
logAnalytics	boolean	Enable real-time connection logs. Default: true	false
logLevel	integer	Log level for the Connector (-1 to 7: -1 for no logs, 0 - least verbose, 7 - most verbose, default: 3). Default: 3 Minimum: -1 Maximum: 7	false
name	string	Name of the Connector (optional, if not specified Twingate will give a random name)	false
podAnnotations	object	Extra annotations to add to the Connector Pod.	false
podExtra	object	Extra pod configuration for the Connector Pod.	false
podLabels	object	Extra labels to add to the Connector Pod.	false
sidecarContainers	[]object	SidecarContainers allows injecting additional containers to the Connector Pod.	false

TwingateConnector.spec.image

^{^{↩ Parent}}

Image defines the image to use for the Connector.

Name	Type	Description	Required
repository	string	Repository to use for the Connector. Default: twingate/connector	false
tag	string	Tag to use for the Connector. Default: 1	false

TwingateConnector.spec.imagePolicy

^{^{↩ Parent}}

ImagePolicy defines the image to use for the Connector and a schedule to keep it up to date.

Name	Type	Description	Required
provider	enum	Provider determines how the operator looks for a new connector version. * dockerhub: Check Twingate's official DockerHub repository (`twingate/connector`) for new tags. * google: Check Google Container Registry specified by the `repository` value for new tags. Enum: dockerhub, google	true
allowPrerelease	boolean	Allow pre-release versions. Default: false	false
repository	string	Repository to use for pod's image. Default: twingate/connector	false
schedule	string	Cron schedule to check for new versions.	false
version	string	Semver version specifier (ex: '^1.0.0'). Uses NPM spec: https://github.com/npm/node-semver#ranges	false

TwingateGroup

^{^{↩ Parent}}

TwingateGroup represents a Group in Twingate.

Name	Type	Description	Required
apiVersion	string	twingate.com/v1beta	true
kind	string	TwingateGroup	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	TwingateGroupSpec defines the desired state of TwingateGroup	false
status	object		false

TwingateGroup.spec

^{^{↩ Parent}}

TwingateGroupSpec defines the desired state of TwingateGroup

Name	Type	Description	Required
name	string	Name of the group.	true
id	string		false

TwingateResourceAccess

^{^{↩ Parent}}

TwingateResourceAccess represents a resource access policy in Twingate. It allows to configure an access between a Resource and a Principal which is either a Group or a ServiceAccount.

Name	Type	Description	Required
apiVersion	string	twingate.com/v1beta	true
kind	string	TwingateResourceAccess	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	TwingateResourceAccessSpec defines the desired state of TwingateResourceAccess	false
status	object		false

TwingateResourceAccess.spec

^{^{↩ Parent}}

TwingateResourceAccessSpec defines the desired state of TwingateResourceAccess

Name	Type	Description	Required
groupRef	object	groupRef specifies the TwingateGroup kubernetes object reference to provide access to. Validations: self == oldSelf: groupRef is immutable.	false
principalExternalRef	object	principalExternalRef allows referencing a Principal (Group/ServiceAccount) by name.	false
principalId	string	principalId is the ID of the principal (Group/ServiceAccount) to provide access to the resource. Validations: self == oldSelf: principalId is immutable	false
resourceRef	object	resourceRef specifies the TwingateResource reference to provide access to. Validations: self == oldSelf: resourceRef is immutable.	false
securityPolicyId	string		false

TwingateResourceAccess.spec.groupRef

^{^{↩ Parent}}

groupRef specifies the TwingateGroup kubernetes object reference to provide access to.

Name	Type	Description	Required
name	string	Name of the TwingateGroup object.	false
namespace	string	Namespace of TwingateGroup object. Default: default	false

TwingateResourceAccess.spec.principalExternalRef

^{^{↩ Parent}}

principalExternalRef allows referencing a Principal (Group/ServiceAccount) by name.

Name	Type	Description	Required
name	string	Name of the external reference to match. (Note: name uniqueness is not enforce, if 2 entities match the same name, the first will be used) Validations: self == oldSelf: principalExternalRef.name is immutable	true
type	enum	Type of the external reference. Validations: self == oldSelf: principalExternalRef.type is immutable Enum: group, serviceAccount	true

TwingateResourceAccess.spec.resourceRef

^{^{↩ Parent}}

resourceRef specifies the TwingateResource reference to provide access to.

Name	Type	Description	Required
name	string	Name of the resource.	false
namespace	string	Namespace of the resource.	false

TwingateResource

^{^{↩ Parent}}

TwingateResource represents a resource in Twingate.

Name	Type	Description	Required
apiVersion	string	twingate.com/v1beta	true
kind	string	TwingateResource	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	TwingateResourceSpec defines the desired state of TwingateResource Validations: (self.isBrowserShortcutEnabled && !(self.address.contains('*') \|\| self.address.contains('?'))) \|\| (self.isBrowserShortcutEnabled == false): if isBrowserShortcutEnabled is set to true, then address can't be wildcard	false
status	object		false

TwingateResource.spec

^{^{↩ Parent}}

TwingateResourceSpec defines the desired state of TwingateResource

Name	Type	Description	Required
address	string	Address of the resource.	true
name	string	Name of the resource.	true
alias	string	Alias of the resource.	false
id	string		false
isBrowserShortcutEnabled	boolean	isBrowserShortcutEnabled specifies whether the resource will display a browser shortcut in the Twingate client. Default: false	false
isVisible	boolean	isVisible specifies whether the resource will display in the main resources list in the Twingate client. Default: true	false
protocols	object	protocols specifies the resource's protocol policies.	false
securityPolicyId	string		false
syncLabels	boolean	syncLabels specifies whether the resource should sync the metadata labels as resource tags in the Twingate client. Default: true	false

TwingateResource.spec.protocols

^{^{↩ Parent}}

protocols specifies the resource's protocol policies.

Name	Type	Description	Required
allowIcmp	boolean	allowIcmp specifies whether the resource will allow ICMP traffic.	false
tcp	object	tcp specifies the resource's TCP protocol policy. Validations: (self.policy == "ALLOW_ALL" && size(self.ports) == 0) \|\| (self.policy == "RESTRICTED"): Can't specify port ranges for ALLOW_ALL policy.	false
udp	object	udp specifies the resource's UDP protocol policy. Validations: (self.policy == "ALLOW_ALL" && size(self.ports) == 0) \|\| (self.policy == "RESTRICTED"): Can't specify port ranges for ALLOW_ALL policy.	false

TwingateResource.spec.protocols.tcp

^{^{↩ Parent}}

tcp specifies the resource's TCP protocol policy.

Name	Type	Description	Required
policy	enum	Enum: ALLOW_ALL, RESTRICTED	false
ports	[]object	Default: []	false

TwingateResource.spec.protocols.tcp.ports[index]

^{^{↩ Parent}}

Name	Type	Description	Required
end	integer	Minimum: 1 Maximum: 65535	false
start	integer	Minimum: 1 Maximum: 65535	false

TwingateResource.spec.protocols.udp

^{^{↩ Parent}}

udp specifies the resource's UDP protocol policy.

Name	Type	Description	Required
policy	enum	Enum: ALLOW_ALL, RESTRICTED	false
ports	[]object	Default: []	false

TwingateResource.spec.protocols.udp.ports[index]

^{^{↩ Parent}}

Name	Type	Description	Required
end	integer	Minimum: 1 Maximum: 65535	false
start	integer	Minimum: 1 Maximum: 65535	false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

API Reference

API Reference

twingate.com/v1beta

TwingateConnector

TwingateConnector.spec

TwingateConnector.spec.image

TwingateConnector.spec.imagePolicy

TwingateGroup

TwingateGroup.spec

TwingateResourceAccess

TwingateResourceAccess.spec

TwingateResourceAccess.spec.groupRef

TwingateResourceAccess.spec.principalExternalRef

TwingateResourceAccess.spec.resourceRef

TwingateResource

TwingateResource.spec

TwingateResource.spec.protocols

TwingateResource.spec.protocols.tcp

TwingateResource.spec.protocols.tcp.ports[index]

TwingateResource.spec.protocols.udp

TwingateResource.spec.protocols.udp.ports[index]

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally