| Property | Value |
|---|---|
| Google Cloud Service Name | Compute Engine |
| Google Cloud Service Documentation | /compute/docs/ |
| Google Cloud REST Resource Name | v1.instancetemplates |
| Google Cloud REST Resource Documentation | /compute/docs/reference/rest/v1/instanceTemplates |
| Config Connector Resource Short Names | gcpcomputeinstancetemplate gcpcomputeinstancetemplates computeinstancetemplate |
| Config Connector Service Name | compute.googleapis.com |
| Config Connector Resource Fully Qualified Name | computeinstancetemplates.compute.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/project-id |
|
Spec
Schema
advancedMachineFeatures:
enableNestedVirtualization: boolean
threadsPerCore: integer
canIpForward: boolean
confidentialInstanceConfig:
enableConfidentialCompute: boolean
description: string
disk:
- autoDelete: boolean
boot: boolean
deviceName: string
diskEncryptionKey:
kmsKeyRef:
external: string
name: string
namespace: string
diskName: string
diskSizeGb: integer
diskType: string
interface: string
labels:
string: string
mode: string
resourcePolicies:
- external: string
name: string
namespace: string
sourceDiskRef:
external: string
name: string
namespace: string
sourceImageRef:
external: string
name: string
namespace: string
type: string
enableDisplay: boolean
guestAccelerator:
- count: integer
type: string
instanceDescription: string
machineType: string
metadata:
- key: string
value: string
metadataStartupScript: string
minCpuPlatform: string
namePrefix: string
networkInterface:
- accessConfig:
- natIpRef:
external: string
name: string
namespace: string
networkTier: string
publicPtrDomainName: string
aliasIpRange:
- ipCidrRange: string
subnetworkRangeName: string
ipv6AccessConfig:
- externalIpv6: string
externalIpv6PrefixLength: string
networkTier: string
publicPtrDomainName: string
ipv6AccessType: string
name: string
networkIp: string
networkRef:
external: string
name: string
namespace: string
nicType: string
queueCount: integer
stackType: string
subnetworkProject: string
subnetworkRef:
external: string
name: string
namespace: string
networkPerformanceConfig:
totalEgressBandwidthTier: string
region: string
reservationAffinity:
specificReservation:
key: string
values:
- string
type: string
resourceID: string
scheduling:
automaticRestart: boolean
minNodeCpus: integer
nodeAffinities:
- value: {}
onHostMaintenance: string
preemptible: boolean
serviceAccount:
scopes:
- string
serviceAccountRef:
external: string
name: string
namespace: string
shieldedInstanceConfig:
enableIntegrityMonitoring: boolean
enableSecureBoot: boolean
enableVtpm: boolean
tags:
- string
| Fields | |
|---|---|
|
Optional |
Immutable. Controls for advanced machine-related behavior features. |
|
Optional |
Immutable. Whether to enable nested virtualization or not. |
|
Optional |
Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. |
|
Optional |
Immutable. Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. |
|
Optional |
Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create. |
|
Required* |
Immutable. Defines whether the instance should have confidential compute enabled. |
|
Optional |
Immutable. A brief description of this resource. |
|
Required |
Immutable. Disks to attach to instances created from this template. This can be specified multiple times for multiple disks. |
|
Required |
|
|
Optional |
Immutable. Whether or not the disk should be auto-deleted. This defaults to true. |
|
Optional |
Immutable. Indicates that this is a boot disk. |
|
Optional |
Immutable. A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk. |
|
Optional |
Immutable. Encrypts or decrypts a disk using a customer-supplied encryption key. |
|
Required* |
|
|
Optional |
The selfLink of a KMSCryptoKey. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Name of the disk. When not provided, this defaults to the name of the instance. |
|
Optional |
Immutable. The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be exactly 375GB. |
|
Optional |
Immutable. The Google Compute Engine disk type. Can be either "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". |
|
Optional |
Immutable. Specifies the disk interface to use for attaching this disk. |
|
Optional |
Immutable. A set of key/value label pairs to assign to disks,. |
|
Optional |
Immutable. The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode. |
|
Optional |
|
|
Optional |
|
|
Optional |
The selfLink of a ComputeResourcePolicy. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
The name of a ComputeDisk. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
The selfLink of a ComputeImage. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The type of Google Compute Engine disk, can be either "SCRATCH" or "PERSISTENT". |
|
Optional |
Immutable. Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true in order to update this field. |
|
Optional |
Immutable. List of the type and count of accelerator cards attached to the instance. |
|
Optional |
|
|
Required* |
Immutable. The number of the guest accelerator cards exposed to this instance. |
|
Required* |
Immutable. The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. |
|
Optional |
Immutable. A description of the instance. |
|
Required |
Immutable. The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM. |
|
Optional |
|
|
Optional |
|
|
Required* |
|
|
Required* |
|
|
Optional |
Immutable. An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously. |
|
Optional |
Immutable. Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake. |
|
Optional |
Immutable. Creates a unique name beginning with the specified prefix. Conflicts with name. |
|
Optional |
Immutable. Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. |
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
The address of a ComputeAddress. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The networking tier used for configuring this instance template. This field can take the following values: PREMIUM or STANDARD. If this field is not specified, it is assumed to be PREMIUM. |
|
Optional |
The DNS domain name for the public PTR record.The DNS domain name for the public PTR record. |
|
Optional |
Immutable. An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. |
|
Optional |
|
|
Required* |
Immutable. The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error. |
|
Optional |
Immutable. The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used. |
|
Optional |
An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. |
|
Optional |
|
|
Optional |
The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically. |
|
Optional |
The prefix length of the external IPv6 range. |
|
Required* |
The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6. |
|
Optional |
The domain name to be used when creating DNSv6 records for the external IPv6 ranges. |
|
Optional |
One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. |
|
Optional |
The name of the network_interface. |
|
Optional |
Immutable. The private IP address to assign to the instance. If empty, the address will be automatically assigned. |
|
Optional |
|
|
Optional |
The selfLink of a ComputeNetwork. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET. |
|
Optional |
Immutable. The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. |
|
Optional |
The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. |
|
Optional |
Immutable. The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. |
|
Optional |
|
|
Optional |
The selfLink of a ComputeSubnetwork. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration. |
|
Required* |
Immutable. The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT. |
|
Optional |
Immutable. An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given. |
|
Optional |
Immutable. Specifies the reservations that this instance can consume from. |
|
Optional |
Immutable. Specifies the label selector for the reservation to use. |
|
Required* |
Immutable. Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value. |
|
Required* |
Immutable. Corresponds to the label values of a reservation resource. |
|
Required* |
|
|
Required* |
Immutable. The type of reservation from which this instance can consume resources. |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
Immutable. The scheduling strategy to use. |
|
Optional |
Immutable. Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. |
|
Optional |
Minimum number of cpus for the instance. |
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
Immutable. Defines the maintenance behavior for this instance. |
|
Optional |
Immutable. Allows instance to be preempted. This defaults to false. |
|
Optional |
Immutable. Service account to attach to the instance. |
|
Required* |
Immutable. A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope. |
|
Required* |
|
|
Optional |
|
|
Optional |
The email of an IAMServiceAccount. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support. |
|
Optional |
Immutable. Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true. |
|
Optional |
Immutable. Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false. |
|
Optional |
Immutable. Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true. |
|
Optional |
Immutable. Tags to attach to the instance. |
|
Optional |
|
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
metadataFingerprint: string
observedGeneration: integer
selfLink: string
tagsFingerprint: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
metadataFingerprint |
The unique fingerprint of the metadata. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
selfLink |
The URI of the created resource. |
tagsFingerprint |
The unique fingerprint of the tags. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceTemplate
metadata:
name: instancetemplate-sample
labels:
env: "dev"
spec:
description: a sample instance template
tags:
- foo
- bar
instanceDescription: a sample instance created from the sample instance template
machineType: n1-standard-1
region: us-west1
disk:
- sourceDiskRef:
name: instancetemplate-dep
autoDelete: false
boot: true
- sourceImageRef:
name: instancetemplate-dep
autoDelete: true
boot: false
diskName: sample-attached-disk
deviceName: attachment
interface: SCSI
diskType: pd-ssd
diskSizeGb: 10
type: PERSISTENT
networkInterface:
- networkRef:
name: instancetemplate-dep
subnetworkRef:
name: instancetemplate-dep
networkIp: "10.2.0.1"
aliasIpRange:
- ipCidrRange: /16
subnetworkRangeName: sub-range
canIpForward: false
scheduling:
automaticRestart: true
onHostMaintenance: "MIGRATE"
preemptible: false
metadataStartupScript: "echo hi > /test.txt"
serviceAccount:
serviceAccountRef:
name: instancetemplate-dep
scopes:
- userinfo-email
- compute-ro
- storage-ro
guestAccelerator:
- type: nvidia-tesla-k80
count: 1
minCpuPlatform: "Intel Skylake"
shieldedInstanceConfig:
enableSecureBoot: false
enableVtpm: true
enableIntegrityMonitoring: true
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
name: instancetemplate-dep
spec:
description: a sample encrypted, blank disk
physicalBlockSizeBytes: 4096
size: 1
type: pd-ssd
location: us-west1-c
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeImage
metadata:
name: instancetemplate-dep
spec:
description: A sample image created from an empty disk resource
diskRef:
name: instancetemplate-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: instancetemplate-dep
spec:
routingMode: REGIONAL
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: instancetemplate-dep
spec:
ipCidrRange: 10.2.0.0/16
region: us-west1
description: a sample subnetwork
privateIpGoogleAccess: false
networkRef:
name: instancetemplate-dep
logConfig:
aggregationInterval: INTERVAL_10_MIN
flowSampling: 0.5
metadata: INCLUDE_ALL_METADATA
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
name: instancetemplate-dep
spec:
displayName: a sample Service Account