GCPMachine is the Schema for the gcpmachines API.
GCPMachine is the Schema for the gcpmachines API.
object
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
GCPMachineSpec defines the desired state of GCPMachine. |
|
|
GCPMachineStatus defines the observed state of GCPMachine. |
GCPMachineSpec defines the desired state of GCPMachine.
object
instanceType
Property | Type | Description |
---|---|---|
|
|
AdditionalDisks are optional non-boot attached disks. |
|
|
AttachedDiskSpec degined GCP machine disk. |
|
|
AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine’s value takes precedence. |
|
|
AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. |
|
|
MetadataItem defines a single piece of metadata associated with an instance. |
|
|
AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. |
|
|
ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. |
|
|
Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. |
|
|
ImageFamily is the full reference to a valid image family to be used for this machine. |
|
|
InstanceType is the type of instance to create. Example: n1.standard-2 |
|
|
IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled. |
|
|
OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". |
|
|
Preemptible defines if instance is preemptible |
|
|
ProviderID is the unique identifier as specified by the cloud provider. |
|
|
PublicIP specifies whether the instance should get a public IP. Set this to true if you don’t have a NAT instances or Cloud Nat setup. |
|
|
ResourceManagerTags is an optional set of tags to apply to GCP resources managed by the GCP provider. GCP supports a maximum of 50 tags per resource. |
|
|
ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. |
|
|
RootDeviceSize is the size of the root volume in GB. Defaults to 30. |
|
|
RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard". |
|
|
RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. |
|
|
ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope} |
|
|
ShieldedInstanceConfig is the Shielded VM configuration for this machine |
|
|
Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. |
AttachedDiskSpec degined GCP machine disk.
object
Property | Type | Description |
---|---|---|
|
|
DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard". |
|
|
EncryptionKey defines the KMS key to be used to encrypt the disk. |
|
|
Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. |
EncryptionKey defines the KMS key to be used to encrypt the disk.
object
keyType
Property | Type | Description |
---|---|---|
|
|
KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or Supplied, aka Customer-Supplied EncryptionKey (CSEK). |
|
|
KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com"). |
|
|
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. |
|
|
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. |
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key |
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
|
|
RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
array
MetadataItem defines a single piece of metadata associated with an instance.
object
key
Property | Type | Description |
---|---|---|
|
|
Key is the identifier for the metadata entry. |
|
|
Value is the value of the metadata entry. |
ResourceManagerTags is an optional set of tags to apply to GCP resources managed by the GCP provider. GCP supports a maximum of 50 tags per resource.
array
ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.
object
key
parentID
value
Property | Type | Description |
---|---|---|
|
|
Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot
be empty. Tag key must begin and end with an alphanumeric character, and must contain
only uppercase, lowercase alphanumeric characters, and the following special
characters |
|
|
ParentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. |
|
|
Value is the value part of the tag. A tag value can have a maximum of 63 characters and
cannot be empty. Tag value must begin and end with an alphanumeric character, and must
contain only uppercase, lowercase alphanumeric characters, and the following special
characters |
RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk.
object
keyType
Property | Type | Description |
---|---|---|
|
|
KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or Supplied, aka Customer-Supplied EncryptionKey (CSEK). |
|
|
KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com"). |
|
|
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. |
|
|
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. |
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key |
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
|
|
RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}
object
Property | Type | Description |
---|---|---|
|
|
Email: Email address of the service account. |
|
|
Scopes: The list of scopes to be made available for this service account. |
ShieldedInstanceConfig is the Shielded VM configuration for this machine
object
Property | Type | Description |
---|---|---|
|
|
IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. |
|
|
SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. |
|
|
VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. |
GCPMachineStatus defines the observed state of GCPMachine.
object
Property | Type | Description |
---|---|---|
|
|
Addresses contains the GCP instance associated addresses. |
|
|
NodeAddress contains information for the node’s address. |
|
|
FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
|
|
FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
|
|
InstanceStatus is the status of the GCP instance for this machine. |
|
|
Ready is true when the provider resource is ready. |
The following API endpoints are available:
/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachines
GET
: list objects of kind GCPMachine
/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines
DELETE
: delete collection of GCPMachine
GET
: list objects of kind GCPMachine
POST
: create a GCPMachine
/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name}
DELETE
: delete a GCPMachine
GET
: read the specified GCPMachine
PATCH
: partially update the specified GCPMachine
PUT
: replace the specified GCPMachine
/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name}/status
GET
: read status of the specified GCPMachine
PATCH
: partially update status of the specified GCPMachine
PUT
: replace status of the specified GCPMachine
GET
list objects of kind GCPMachine
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
DELETE
delete collection of GCPMachine
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
GET
list objects of kind GCPMachine
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
POST
create a GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the GCPMachine |
DELETE
delete a GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
read the specified GCPMachine
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update the specified GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PUT
replace the specified GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the GCPMachine |
GET
read status of the specified GCPMachine
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update status of the specified GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PUT
replace status of the specified GCPMachine
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |