ComputeSnapshot


Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.snapshots
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/snapshots
Config Connector Resource Short Names gcpcomputesnapshot
gcpcomputesnapshots
computesnapshot
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesnapshots.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions No
Supports IAM Audit Configs No
IAM External Reference Format

projects/{{project}}/global/snapshots/{{name}}

Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/project-id
cnrm.cloud.google.com/state-into-spec

Spec

Schema

chainName: string
description: string
resourceID: string
snapshotEncryptionKey:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  kmsKeyServiceAccountRef:
    external: string
    name: string
    namespace: string
  rawKey:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  sha256: string
sourceDiskEncryptionKey:
  kmsKeyServiceAccountRef:
    external: string
    name: string
    namespace: string
  rawKey:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
sourceDiskRef:
  external: string
  name: string
  namespace: string
storageLocations:
- string
zone: string
Fields

chainName

Optional

string

Immutable. Creates the new snapshot in the snapshot chain labeled with the specified name. The chain name must be 1-63 characters long and comply with RFC1035. This is an uncommon option only for advanced service owners who needs to create separate snapshot chains, for example, for chargeback tracking. When you describe your snapshot resource, this field is visible only if it has a non-empty value.

description

Optional

string

Immutable. An optional description of this resource.

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

snapshotEncryptionKey

Optional

object

Immutable. Encrypts the snapshot using a customer-supplied encryption key. After you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the snapshot later. For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request. Customer-supplied encryption keys do not protect access to metadata of the snapshot. If you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later.

snapshotEncryptionKey.kmsKeyRef

Optional

object

The encryption key that is stored in Google Cloud KMS.

snapshotEncryptionKey.kmsKeyRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

snapshotEncryptionKey.kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

snapshotEncryptionKey.kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

snapshotEncryptionKey.kmsKeyServiceAccountRef

Optional

object

The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used.

snapshotEncryptionKey.kmsKeyServiceAccountRef.external

Optional

string

Allowed value: The `email` field of an `IAMServiceAccount` resource.

snapshotEncryptionKey.kmsKeyServiceAccountRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

snapshotEncryptionKey.kmsKeyServiceAccountRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

snapshotEncryptionKey.rawKey

Optional

object

Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

snapshotEncryptionKey.rawKey.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

snapshotEncryptionKey.rawKey.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

snapshotEncryptionKey.sha256

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

sourceDiskEncryptionKey

Optional

object

Immutable. The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.

sourceDiskEncryptionKey.kmsKeyServiceAccountRef

Optional

object

The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used.

sourceDiskEncryptionKey.kmsKeyServiceAccountRef.external

Optional

string

Allowed value: The `email` field of an `IAMServiceAccount` resource.

sourceDiskEncryptionKey.kmsKeyServiceAccountRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceDiskEncryptionKey.kmsKeyServiceAccountRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceDiskEncryptionKey.rawKey

Optional

object

Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

sourceDiskEncryptionKey.rawKey.value

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

sourceDiskEncryptionKey.rawKey.valueFrom

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef.key

Required*

string

Key that identifies the value to be extracted.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef.name

Required*

string

Name of the Secret to extract a value from.

sourceDiskRef

Required

object

A reference to the disk used to create this snapshot.

sourceDiskRef.external

Optional

string

Allowed value: The `name` field of a `ComputeDisk` resource.

sourceDiskRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceDiskRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

storageLocations

Optional

list (string)

Immutable. Cloud Storage bucket storage location of the snapshot (regional or multi-regional).

storageLocations[]

Optional

string

zone

Optional

string

Immutable. A reference to the zone where the disk is hosted.

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
diskSizeGb: integer
labelFingerprint: string
licenses:
- string
observedGeneration: integer
selfLink: string
snapshotId: integer
storageBytes: integer
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

diskSizeGb

integer

Size of the snapshot, specified in GB.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

licenses

list (string)

A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image). snapshotEncryptionKey nested object Encrypts the snapshot using a customer-supplied encryption key.

licenses[]

string

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

selfLink

string

snapshotId

integer

The unique identifier for the resource.

storageBytes

integer

A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSnapshot
metadata:
  name: computesnapshot-sample
  labels:
    label-one: "value-one"
spec:
  description: "ComputeSnapshot Sample"
  zone: us-west1-c
  sourceDiskRef:
    name: computesnapshot-dep
  snapshotEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: snapshotEncryptionKey
  sourceDiskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: sourceDiskEncryptionKey
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computesnapshot-dep
spec:
  location: us-west1-c
  diskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: sourceDiskEncryptionKey
---
apiVersion: v1
kind: Secret
metadata:
  name: computesnapshot-dep
stringData:
  snapshotEncryptionKey: a2NjIGlzIGF3ZXNvbWUgeW91IHNob3VsZCB0cnkgaXQ=
  sourceDiskEncryptionKey: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=