GCPMachineTemplate is the Schema for the gcpmachinetemplates API.
GCPMachineTemplate is the Schema for the gcpmachinetemplates API.
object
Property | Type | Description |
---|---|---|
|
|
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
|
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
|
GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. |
GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate.
object
template
Property | Type | Description |
---|---|---|
|
|
GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. |
GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template.
object
spec
Property | Type | Description |
---|---|---|
|
|
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
|
|
Spec is the specification of the desired behavior of the machine. |
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
object
Property | Type | Description |
---|---|---|
|
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
|
|
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels |
Spec is the specification of the desired behavior of the machine.
object
instanceType
Property | Type | Description |
---|---|---|
|
|
AdditionalDisks are optional non-boot attached disks. |
|
|
AttachedDiskSpec degined GCP machine disk. |
|
|
AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine’s value takes precedence. |
|
|
AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. |
|
|
MetadataItem defines a single piece of metadata associated with an instance. |
|
|
AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. |
|
|
ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. |
|
|
Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. |
|
|
ImageFamily is the full reference to a valid image family to be used for this machine. |
|
|
InstanceType is the type of instance to create. Example: n1.standard-2 |
|
|
IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled. |
|
|
OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". |
|
|
Preemptible defines if instance is preemptible |
|
|
ProviderID is the unique identifier as specified by the cloud provider. |
|
|
PublicIP specifies whether the instance should get a public IP. Set this to true if you don’t have a NAT instances or Cloud Nat setup. |
|
|
ResourceManagerTags is an optional set of tags to apply to GCP resources managed by the GCP provider. GCP supports a maximum of 50 tags per resource. |
|
|
ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. |
|
|
RootDeviceSize is the size of the root volume in GB. Defaults to 30. |
|
|
RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard". |
|
|
RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. |
|
|
ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope} |
|
|
ShieldedInstanceConfig is the Shielded VM configuration for this machine |
|
|
Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. |
AdditionalDisks are optional non-boot attached disks.
array
AttachedDiskSpec degined GCP machine disk.
object
Property | Type | Description |
---|---|---|
|
|
DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard". |
|
|
EncryptionKey defines the KMS key to be used to encrypt the disk. |
|
|
Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. |
EncryptionKey defines the KMS key to be used to encrypt the disk.
object
keyType
Property | Type | Description |
---|---|---|
|
|
KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or Supplied, aka Customer-Supplied EncryptionKey (CSEK). |
|
|
KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com"). |
|
|
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. |
|
|
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. |
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key |
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
|
|
RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
array
MetadataItem defines a single piece of metadata associated with an instance.
object
key
Property | Type | Description |
---|---|---|
|
|
Key is the identifier for the metadata entry. |
|
|
Value is the value of the metadata entry. |
ResourceManagerTags is an optional set of tags to apply to GCP resources managed by the GCP provider. GCP supports a maximum of 50 tags per resource.
array
ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.
object
key
parentID
value
Property | Type | Description |
---|---|---|
|
|
Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot
be empty. Tag key must begin and end with an alphanumeric character, and must contain
only uppercase, lowercase alphanumeric characters, and the following special
characters |
|
|
ParentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. |
|
|
Value is the value part of the tag. A tag value can have a maximum of 63 characters and
cannot be empty. Tag value must begin and end with an alphanumeric character, and must
contain only uppercase, lowercase alphanumeric characters, and the following special
characters |
RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk.
object
keyType
Property | Type | Description |
---|---|---|
|
|
KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or Supplied, aka Customer-Supplied EncryptionKey (CSEK). |
|
|
KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com"). |
|
|
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. |
|
|
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. |
ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key |
SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.
object
Property | Type | Description |
---|---|---|
|
|
RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
|
|
RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}
object
Property | Type | Description |
---|---|---|
|
|
Email: Email address of the service account. |
|
|
Scopes: The list of scopes to be made available for this service account. |
ShieldedInstanceConfig is the Shielded VM configuration for this machine
object
Property | Type | Description |
---|---|---|
|
|
IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. |
|
|
SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. |
|
|
VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. |
The following API endpoints are available:
/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachinetemplates
GET
: list objects of kind GCPMachineTemplate
/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates
DELETE
: delete collection of GCPMachineTemplate
GET
: list objects of kind GCPMachineTemplate
POST
: create a GCPMachineTemplate
/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates/{name}
DELETE
: delete a GCPMachineTemplate
GET
: read the specified GCPMachineTemplate
PATCH
: partially update the specified GCPMachineTemplate
PUT
: replace the specified GCPMachineTemplate
GET
list objects of kind GCPMachineTemplate
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
DELETE
delete collection of GCPMachineTemplate
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
GET
list objects of kind GCPMachineTemplate
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
POST
create a GCPMachineTemplate
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
Parameter | Type | Description |
---|---|---|
|
|
name of the GCPMachineTemplate |
DELETE
delete a GCPMachineTemplate
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized |
Empty |
GET
read the specified GCPMachineTemplate
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PATCH
partially update the specified GCPMachineTemplate
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized |
Empty |
PUT
replace the specified GCPMachineTemplate
Parameter | Type | Description |
---|---|---|
|
|
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized |
Empty |