ComputeInstance

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.instances
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/instances
Config Connector Resource Short Names gcpcomputeinstance
gcpcomputeinstances
computeinstance
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeinstances.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions Yes
Supports IAM Audit Configs No
IAM External Reference Format

projects/{{project}}/zones/{{zone}}/instances/{{name}}

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/allow-stopping-for-update
cnrm.cloud.google.com/project-id

Spec

Schema

  attachedDisk:
  - deviceName: string
    diskEncryptionKeyRaw:
      value: string
      valueFrom:
        secretKeyRef:
          key: string
          name: string
    diskEncryptionKeySha256: string
    kmsKeyRef:
      external: string
      name: string
      namespace: string
    mode: string
    sourceDiskRef:
      external: string
      name: string
      namespace: string
  bootDisk:
    autoDelete: boolean
    deviceName: string
    diskEncryptionKeyRaw:
      value: string
      valueFrom:
        secretKeyRef:
          key: string
          name: string
    diskEncryptionKeySha256: string
    initializeParams:
      labels: {}
      size: integer
      sourceImageRef:
        external: string
        name: string
        namespace: string
      type: string
    kmsKeyRef:
      external: string
      name: string
      namespace: string
    mode: string
    sourceDiskRef:
      external: string
      name: string
      namespace: string
  canIpForward: boolean
  confidentialInstanceConfig:
    enableConfidentialCompute: boolean
  deletionProtection: boolean
  description: string
  desiredStatus: string
  enableDisplay: boolean
  guestAccelerator:
  - count: integer
    type: string
  hostname: string
  instanceTemplateRef:
    external: string
    name: string
    namespace: string
  machineType: string
  metadata:
  - key: string
    value: string
  metadataStartupScript: string
  minCpuPlatform: string
  networkInterface:
  - accessConfig:
    - natIpRef:
        external: string
        name: string
        namespace: string
      networkTier: string
      publicPtrDomainName: string
    aliasIpRange:
    - ipCidrRange: string
      subnetworkRangeName: string
    name: string
    networkIp: string
    networkRef:
      external: string
      name: string
      namespace: string
    subnetworkProject: string
    subnetworkRef:
      external: string
      name: string
      namespace: string
  resourceID: string
  resourcePolicies:
  - external: string
    name: string
    namespace: string
  scheduling:
    automaticRestart: boolean
    minNodeCpus: integer
    nodeAffinities:
    - value: {}
    onHostMaintenance: string
    preemptible: boolean
  scratchDisk:
  - interface: string
  serviceAccount:
    scopes:
    - string
    serviceAccountRef:
      external: string
      name: string
      namespace: string
  shieldedInstanceConfig:
    enableIntegrityMonitoring: boolean
    enableSecureBoot: boolean
    enableVtpm: boolean
  tags:
  - string
  zone: string
Fields

attachedDisk

Optional

list (object)

List of disks attached to the instance

attachedDisk.[]

Optional

object

attachedDisk.[].deviceName

Optional

string

Name with which the attached disk is accessible under /dev/disk/by-id/

attachedDisk.[].diskEncryptionKeyRaw

Optional

object

A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.

attachedDisk.[].diskEncryptionKeyRaw.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

attachedDisk.[].diskEncryptionKeySha256

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

attachedDisk.[].kmsKeyRef

Optional

object

attachedDisk.[].kmsKeyRef.external

Optional

string

The selfLink of a KMSCryptoKey.

attachedDisk.[].kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

attachedDisk.[].kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

attachedDisk.[].mode

Optional

string

Read/write mode for the disk. One of "READ_ONLY" or "READ_WRITE".

attachedDisk.[].sourceDiskRef

Required*

object

attachedDisk.[].sourceDiskRef.external

Optional

string

The selfLink of a ComputeDisk.

attachedDisk.[].sourceDiskRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

attachedDisk.[].sourceDiskRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk

Optional

object

Immutable. The boot disk for the instance.

bootDisk.autoDelete

Optional

boolean

Immutable. Whether the disk will be auto-deleted when the instance is deleted.

bootDisk.deviceName

Optional

string

Immutable. Name with which attached disk will be accessible under /dev/disk/by-id/

bootDisk.diskEncryptionKeyRaw

Optional

object

Immutable. A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.

bootDisk.diskEncryptionKeyRaw.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

bootDisk.diskEncryptionKeyRaw.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

bootDisk.diskEncryptionKeySha256

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

bootDisk.initializeParams

Optional

object

Immutable. Parameters with which a disk was created alongside the instance.

bootDisk.initializeParams.labels

Optional

object

Immutable. A set of key/value label pairs assigned to the disk.

bootDisk.initializeParams.size

Optional

integer

Immutable. The size of the image in gigabytes.

bootDisk.initializeParams.sourceImageRef

Optional

object

bootDisk.initializeParams.sourceImageRef.external

Optional

string

The selfLink of a ComputeImage.

bootDisk.initializeParams.sourceImageRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.initializeParams.sourceImageRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk.initializeParams.type

Optional

string

Immutable. The Google Compute Engine disk type. One of pd-standard, pd-ssd or pd-balanced.

bootDisk.kmsKeyRef

Optional

object

bootDisk.kmsKeyRef.external

Optional

string

The selfLink of a KMSCryptoKey.

bootDisk.kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk.mode

Optional

string

Immutable. Read/write mode for the disk. One of "READ_ONLY" or "READ_WRITE".

bootDisk.sourceDiskRef

Optional

object

bootDisk.sourceDiskRef.external

Optional

string

The selfLink of a ComputeDisk.

bootDisk.sourceDiskRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.sourceDiskRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

canIpForward

Optional

boolean

Immutable. Whether sending and receiving of packets with non-matching source or destination IPs is allowed.

confidentialInstanceConfig

Optional

object

Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.

confidentialInstanceConfig.enableConfidentialCompute

Required*

boolean

Defines whether the instance should have confidential compute enabled.

deletionProtection

Optional

boolean

Whether deletion protection is enabled on this instance.

description

Optional

string

Immutable. A brief description of the resource.

desiredStatus

Optional

string

Desired status of the instance. Either "RUNNING" or "TERMINATED".

enableDisplay

Optional

boolean

Whether the instance has virtual displays enabled.

guestAccelerator

Optional

list (object)

Immutable. List of the type and count of accelerator cards attached to the instance.

guestAccelerator.[]

Optional

object

guestAccelerator.[].count

Required*

integer

Immutable. The number of the guest accelerator cards exposed to this instance.

guestAccelerator.[].type

Required*

string

Immutable. The accelerator type resource exposed to this instance. E.g. nvidia-tesla-k80.

hostname

Optional

string

Immutable. A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.

instanceTemplateRef

Optional

object

instanceTemplateRef.external

Optional

string

The selfLink of a ComputeInstanceTemplate.

instanceTemplateRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

instanceTemplateRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

machineType

Optional

string

The machine type to create.

metadata

Optional

list (object)

metadata.[]

Optional

object

metadata.[].key

Required*

string

metadata.[].value

Required*

string

metadataStartupScript

Optional

string

Immutable. Metadata startup scripts made available within the instance.

minCpuPlatform

Optional

string

The minimum CPU platform specified for the VM instance.

networkInterface

Optional

list (object)

Immutable. The networks attached to the instance.

networkInterface.[]

Optional

object

networkInterface.[].accessConfig

Optional

list (object)

Access configurations, i.e. IPs via which this instance can be accessed via the Internet.

networkInterface.[].accessConfig.[]

Optional

object

networkInterface.[].accessConfig.[].natIpRef

Optional

object

networkInterface.[].accessConfig.[].natIpRef.external

Optional

string

The address of a ComputeAddress.

networkInterface.[].accessConfig.[].natIpRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].accessConfig.[].natIpRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].accessConfig.[].networkTier

Optional

string

The networking tier used for configuring this instance. One of PREMIUM or STANDARD.

networkInterface.[].accessConfig.[].publicPtrDomainName

Optional

string

The DNS domain name for the public PTR record.

networkInterface.[].aliasIpRange

Optional

list (object)

An array of alias IP ranges for this network interface.

networkInterface.[].aliasIpRange.[]

Optional

object

networkInterface.[].aliasIpRange.[].ipCidrRange

Required*

string

The IP CIDR range represented by this alias IP range.

networkInterface.[].aliasIpRange.[].subnetworkRangeName

Optional

string

The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.

networkInterface.[].name

Optional

string

The name of the interface

networkInterface.[].networkIp

Optional

string

The private IP address assigned to the instance.

networkInterface.[].networkRef

Optional

object

networkInterface.[].networkRef.external

Optional

string

The selfLink of a ComputeNetwork.

networkInterface.[].networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].subnetworkProject

Optional

string

The project in which the subnetwork belongs.

networkInterface.[].subnetworkRef

Optional

object

networkInterface.[].subnetworkRef.external

Optional

string

The selfLink of a ComputeSubnetwork.

networkInterface.[].subnetworkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].subnetworkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

resourcePolicies

Optional

list (object)

resourcePolicies.[]

Optional

object

resourcePolicies.[].external

Optional

string

The selfLink of a ComputeResourcePolicy.

resourcePolicies.[].name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

resourcePolicies.[].namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

scheduling

Optional

object

The scheduling strategy being used by the instance.

scheduling.automaticRestart

Optional

boolean

Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).

scheduling.minNodeCpus

Optional

integer

scheduling.nodeAffinities

Optional

list (object)

scheduling.nodeAffinities.[]

Optional

object

scheduling.nodeAffinities.[].value

Optional

object

scheduling.onHostMaintenance

Optional

string

Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,

scheduling.preemptible

Optional

boolean

Immutable. Whether the instance is preemptible.

scratchDisk

Optional

list (object)

Immutable. The scratch disks attached to the instance.

scratchDisk.[]

Optional

object

scratchDisk.[].interface

Required*

string

The disk interface used for attaching this disk. One of SCSI or NVME.

serviceAccount

Optional

object

The service account to attach to the instance.

serviceAccount.scopes

Required*

list (string)

A list of service scopes.

serviceAccount.scopes.[]

Required*

string

serviceAccount.serviceAccountRef

Optional

object

serviceAccount.serviceAccountRef.external

Optional

string

The email of an IAMServiceAccount.

serviceAccount.serviceAccountRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

serviceAccount.serviceAccountRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

shieldedInstanceConfig

Optional

object

The shielded vm config being used by the instance.

shieldedInstanceConfig.enableIntegrityMonitoring

Optional

boolean

Whether integrity monitoring is enabled for the instance.

shieldedInstanceConfig.enableSecureBoot

Optional

boolean

Whether secure boot is enabled for the instance.

shieldedInstanceConfig.enableVtpm

Optional

boolean

Whether the instance uses vTPM.

tags

Optional

list (string)

The list of tags attached to the instance.

tags.[]

Optional

string

zone

Optional

string

Immutable. The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.

* Field is required when parent field is specified

Status

Schema

  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  cpuPlatform: string
  currentStatus: string
  instanceId: string
  labelFingerprint: string
  metadataFingerprint: string
  selfLink: string
  tagsFingerprint: string
Fields
conditions

list (object)

Conditions represents the latest available observation of the resource's current state.

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

cpuPlatform

string

The CPU platform used by this instance.

currentStatus

string

Current status of the instance.

instanceId

string

The server-assigned unique identifier of this instance.

labelFingerprint

string

The unique fingerprint of the labels.

metadataFingerprint

string

The unique fingerprint of the metadata.

selfLink

string

The URI of the created resource.

tagsFingerprint

string

The unique fingerprint of the tags.

Sample YAML(s)

Cloud Machine Instance

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeInstance
  metadata:
    annotations:
      cnrm.cloud.google.com/allow-stopping-for-update: "true"
    name: computeinstance-sample-cloudmachine
    labels:
      created-from: "image"
      network-type: "subnetwork"
  spec:
    machineType: n1-standard-1
    zone: us-west1-a
    bootDisk:
      initializeParams:
        size: 24
        type: pd-ssd
        sourceImageRef:
          external: debian-cloud/debian-9
    networkInterface:
      - subnetworkRef:
          name: computeinstance-dep-cloudmachine
        aliasIpRange:
          - ipCidrRange: /24
            subnetworkRangeName: cloudrange
    attachedDisk:
      - sourceDiskRef:
          name: computeinstance-dep1-cloudmachine
        mode: READ_ONLY
        deviceName: proxycontroldisk
        diskEncryptionKeyRaw:
          valueFrom:
            secretKeyRef:
              name: computeinstance-dep-cloudmachine
              key: diskEncryptionKey
      - sourceDiskRef:
          name: computeinstance-dep2-cloudmachine
        mode: READ_WRITE
        deviceName: persistentdisk
    minCpuPlatform: "Intel Skylake"
    serviceAccount:
      serviceAccountRef:
        name: inst-dep-cloudmachine
      scopes:
      - compute-rw
      - logging-write
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeDisk
  metadata:
    name: computeinstance-dep1-cloudmachine
  spec:
    description: a sample encrypted, blank disk
    physicalBlockSizeBytes: 4096
    size: 1
    type: pd-ssd
    location: us-west1-a
    diskEncryptionKey:
      rawKey:
        valueFrom:
          secretKeyRef:
            name: computeinstance-dep-cloudmachine
            key: diskEncryptionKey
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeDisk
  metadata:
    name: computeinstance-dep2-cloudmachine
  spec:
    size: 1
    type: pd-ssd
    location: us-west1-a
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computeinstance-dep-cloudmachine
  spec:
    routingMode: REGIONAL
    autoCreateSubnetworks: false
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeSubnetwork
  metadata:
    name: computeinstance-dep-cloudmachine
  spec:
    networkRef:
      name: computeinstance-dep-cloudmachine
    ipCidrRange: 10.2.0.0/16
    region: us-west1
    secondaryIpRange:
      - rangeName: cloudrange
        ipCidrRange: 10.3.16.0/20
  ---
  apiVersion: iam.cnrm.cloud.google.com/v1beta1
  kind: IAMServiceAccount
  metadata:
    name: inst-dep-cloudmachine
  ---
  apiVersion: v1
  kind: Secret
  metadata:
    name: computeinstance-dep-cloudmachine
  stringData:
    diskEncryptionKey: "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="

Instance From Template

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeInstance
  metadata:
    annotations:
      cnrm.cloud.google.com/allow-stopping-for-update: "false"
    name: computeinstance-sample-fromtemplate
    labels:
      created-from: "template"
      override-type: "largermachine"
  spec:
    machineType: n1-standard-2
    instanceTemplateRef:
      name: computeinstance-dep-fromtemplate
    zone: us-west1-c
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeDisk
  metadata:
    name: computeinstance-dep-fromtemplate
  spec:
    physicalBlockSizeBytes: 4096
    size: 1
    type: pd-ssd
    location: us-west1-c
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeInstanceTemplate
  metadata:
    name: computeinstance-dep-fromtemplate
  spec:
    machineType: n1-standard-1
    region: us-west1
    disk:
      - sourceDiskRef:
          name: computeinstance-dep-fromtemplate
        boot: true
    networkInterface:
      - networkRef:
          name: computeinstance-dep-fromtemplate
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computeinstance-dep-fromtemplate
  spec:
    routingMode: REGIONAL
    autoCreateSubnetworks: true

Network Worker Instance

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeInstance
  metadata:
    annotations:
      cnrm.cloud.google.com/allow-stopping-for-update: "false"
    name: computeinstance-sample-networkworker
    labels:
      created-from: "disk"
      network-type: "global"
  spec:
    machineType: n1-standard-1
    zone: us-west1-b
    bootDisk:
      sourceDiskRef:
        name: computeinstance-dep-networkworker
      autoDelete: false
      deviceName: proxycontroldisk
      mode: READ_ONLY
      diskEncryptionKeyRaw:
        valueFrom:
          secretKeyRef:
            name: computeinstance-dep-networkworker
            key: diskEncryptionKey
    networkInterface:
      - networkRef:
          name: computeinstance-dep-networkworker
        subnetworkRef:
          name: computeinstance-dep-networkworker
        networkIp: "10.2.0.4"
        accessConfig:
          - natIpRef:
              name: computeinstance-dep-networkworker
    guestAccelerator:
      - type: nvidia-tesla-t4
        count: 1
    scratchDisk:
      - interface: SCSI
      - interface: NVME
    scheduling:
      preemptible: true
      automaticRestart: false
      onHostMaintenance: TERMINATE
    canIpForward: true
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeAddress
  metadata:
    name: computeinstance-dep-networkworker
  spec:
    description: a sample external address
    location: us-west1
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeDisk
  metadata:
    name: computeinstance-dep-networkworker
  spec:
    description: a sample encrypted, blank disk
    physicalBlockSizeBytes: 4096
    size: 1
    type: pd-ssd
    location: us-west1-b
    diskEncryptionKey:
      rawKey:
        valueFrom:
          secretKeyRef:
            name: computeinstance-dep-networkworker
            key: diskEncryptionKey
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computeinstance-dep-networkworker
  spec:
    routingMode: REGIONAL
    autoCreateSubnetworks: false
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeSubnetwork
  metadata:
    name: computeinstance-dep-networkworker
  spec:
    ipCidrRange: 10.2.0.0/16
    region: us-west1
    description: a sample subnetwork
    privateIpGoogleAccess: false
    networkRef:
      name: computeinstance-dep-networkworker
    logConfig:
      aggregationInterval: INTERVAL_10_MIN
      flowSampling: 0.5
      metadata: INCLUDE_ALL_METADATA
  ---
  apiVersion: v1
  kind: Secret
  metadata:
    name: computeinstance-dep-networkworker
  stringData:
    diskEncryptionKey: "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="